AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content
X

It’s time to talk. And listen. And learn. And listen some more. Read a few words from Expel’s CEO.

X

Secure
your cloud(s)

24x7 monitoring and response for AWS, Azure and SaaS apps including O365

If any of these sound like you, chances are we can help.

truck-icon

You’re “moving to the cloud” but don’t (yet) have the tech or people to watch it

credit-icon

Developers with credit cards are building things in the cloud that you can’t see

lock-icon

You just rolled out O365 but aren’t able to implement 2FA to lock it down

person-lock-icon

You’ve built a custom app in AWS and it’s time to get serious about securing it

24x7 monitoring and response for …

Cloud infrastructure

aws
azure-logo
Google cloud platform

SaaS applications

okta-logo
duo-logo
gsuite-logo-1
one-login-logo
office365-logo

The cloud isn’t just one thing. What you need to look for depends what you’re looking at. Expel’s cloud detection strategy is tailored to the cloud apps and infrastructure we monitor.

Examples of things we monitor across cloud services
Suspicious logins
Resource sharing
Unusual admin activity
Unusual changes to virtual private clouds (VPC)
Examples of unique things we monitor for each cloud service

Suspicious or unusual activity

Suspicious commands via AWS SSM

Deleted or disabled CloudTrail or GuardDuty

AWS EC2 credential compromise

Publicly accessible S3 buckets

Suspicious AWS CloudWatch event rule creation

Unauthorized resource sharing

Use of lambda to backdoor AWS accounts

Creation of public resources

Credential dumping via runbook

Disabling or downgrading Windows Defender ATP

Suspicious RDP activity

Suspicious modification to resource hierarchy

Suspicious interactions with Service Accounts

Deleted or exported GCP MySQL logs

Publicly accessible Cloud Storage buckets

Suspicious creation of VPC firewall rules

Publicly accessible BigQuery dataset

How we ingest signal

Expel uses data from the following cloud-specific services and APIs

AWS CloudTrail

AWS EC2

Amazon GuardDuty

AWS Lambda

Amazon Macie

Amazon Redshift audit logs

AWS S3

Azure Activity Log

Azure Active Directory

Azure Log Analytics

Azure Security Center

Azure Identity Protection

Audit Logs

Compute Engine

Event Threat Detection (ETD)

Cloud Functions

Virtual Private Cloud (VPC)

BigQuery

Cloud Storage

Cloud SQL

laptop-1

What does 24x7 monitoring and response for AWS, Azure, GCP and SaaS apps include?

Expel ingests your events and log data from your AWS, Azure and SaaS apps and enriches it with context that’s specific to your environment. Then, we continuously look for indicators of attacker behavior.

When something’s suspicious, we investigate and tell you what happened and what you need to do about it (in plain English).

More on what we do >

Getting a grip on your cloud security strategy

Understanding how to think about cloud security differently is half the battle. Here are three key points that should inform your cloud strategy.

White Paper

Seven ways to spot a business email compromise in O365

It’s getting trickier to protect against BEC attacks. Here are some telltale signs you can look for that are tip-offs that something’s amiss.

Blog

Making sense of Amazon GuardDuty alerts

What is AWS GuardDuty and how can you make sense of all the signals? Here are our pro tips.

strategy

Three questions other MDR
and MSSP providers are hoping you won’t ask them

Is your detection strategy tailored to each cloud service?

Do you treat log data from cloud services differently than other logs?

How do you train your analysts to investigate incidents that originate in the cloud?

Ready to talk to a human?

When you tell us you’re ready, we won’t waste your time. Let us know what you’re looking for and we’ll have someone get in touch who can talk tech.

844.397.3524

Back To Top