Pages
- Homepage
- About
- Blog
- Customer Stories
- Customers
- Expel MDR pricing
- For Our Customers
- Notices
- Open source disclosure
- Privacy Policy
- Problems we solve
- Replace my MSSP – LP
- Sitemap
- SOC as a Service – LP
- Thank you page
- What We Do
- What you can buy
- Working with Us
- Cloud
- Data Safety
Posts by category
- Category: Customer Experience
- Category: Expel insider
- Introducing Expel Workbench™ for Amazon Web Services (AWS)
- Introducing Expel for phishing
- Introducing 24x7 monitoring and response for Google Cloud Platform
- Good news in unusual times
- Judgment, relationships and gratitude
- Why Expel doesn’t do R&D
- ‘Twas the Night Before RSAC
- Security for the other 99 percent
- What our customers have taught us
- Ready. Set. Go. Welcome to Expel.
- The security people’s guide to Expel’s exe blog
- Category: Internal Security
- Category: Security operations
- Attack trend alert: REvil ransomware
- Behind the scenes: Building Azure integrations for ASC alerts
- Got workloads in Microsoft Azure? Read this
- Plotting booby traps like in Home Alone: Our approach to detection writing
- Improving the phishing triage process: Keeping our analysts (and our customers) sane
- The SolarWinds Orion breach: 6 ideas on what to do next and why
- How to investigate like an Expel analyst: The Expel Workbench managed alert process
- Evilginx-ing into the cloud: How we detected a red team attack in AWS
- The CISO in 2020 (and beyond): A chat with Bruce Potter
- Introducing a mind map for AWS investigations
- Performance metrics, part 2: Keeping things under control
- Why don’t you integrate with [foo]?
- Performance metrics, part 1: Measuring SOC efficiency
- Is Windows Defender for Endpoint any good? Here’s our two cents
- The myth of co-managed SIEMs
- Terraforming a better engineering experience with Atlantis
- Behind the scenes in the Expel SOC: Alert-to-fix in AWS
- Spotting suspicious logins at scale: (Alert) pathways to success
- Obfuscation, reflective injection and domain fronting; oh my!
- Finding evil in AWS: A key pair to remember
- Thinking about Zoom and risk
- Election security: Why to care and what to do about it
- Month-to-month pricing in uncertain times
- 7 habits of highly effective (remote) SOCs
- NIST CSF: A new interactive tool to track your progress
- Creating data-driven detections with DataDog and JupyterHub
- Exabeam: an incident investigator’s cheat code
- How to get started with the NIST Privacy Framework
- Why the cloud is probably more secure than your on-prem environment
- Where does Amazon Detective fit in your AWS security landscape?
- Using JupyterHub for threat hunting? Then you should know these 8 tricks.
- Making sense of Amazon GuardDuty alerts
- Better web shell detections with Signal Sciences WAF
- MFA is not a silver bullet to secure your cloud email
- Applying the NIST CSF to U.S. election security
- Following the CloudTrail: Generating strong AWS security signals with Sumo Logic
- Five things law firms can do now to improve their security for tomorrow
- Our journey to JupyterHub and beyond
- 3 must-dos when you’re starting a threat hunting program
- Here’s what you need to know about business email compromise (BEC)
- How to make your org more resilient to common Mac OS attacks
- The top five pitfalls to avoid when implementing SOAR
- How to find anomalous process relationships in threat hunting
- This is how you should be thinking about cloud security
- How to choose the right security tech for threat hunting
- Don’t blow it — 5 ways to make the most of the chance to revamp your security posture
- NIST’s new framework: Riding the wave of re-imagining privacy
- Four habits of highly effective security teams
- How to get your security tool chest in order when you’re growing like crazy
- Does your MSSP or MDR provider know how to manage your signals?
- How to build a useful (and entertaining) threat emulation exercise for AWS
- 12 ways to tell if your managed security provider won’t suck next year
- How to start a cybersecurity program (or restart one that lapsed)
- Three tips for getting started with cloud application security
- Office 365 security best practices: five things to do right now to keep attackers out
- Reaching (all the way to) your NIST 800-171 compliance goals
- Getting a grip on your cloud security strategy
- A common sense approach for assessing third-party risk
- Lessons learned from a CISO’s first 100 days
- How to identify when you’ve lost control of your SIEM (and how to rein it back in)
- What’s new in the NIST Cybersecurity Framework (CSF) v1.1
- What is (cyber) threat hunting and where do you start?
- How to get started with the NIST Cybersecurity Framework (CSF)
- What “I Love Lucy” teaches us about SOC performance
- How much does it cost to build a 24x7 SOC?
- Managed detection and response (MDR): symptom or solution?
- Decoded: new changes to NIST’s Cybersecurity Framework
- What’s endpoint detection and response (EDR) and when should you care?
- Warning signs that your MSSP isn’t the right fit
- Budget planning: determining your security spend
- How to avoid shelfware
- Mistakes to avoid when measuring SOC performance
- Category: Tips
- How to create (and share) good cybersecurity metrics
- Containerizing key pipeline with zero downtime
- Supply chain attack prevention: 3 things to do now
- Announcing Open Source python client (pyexclient) for Expel Workbench
- 3 steps to figuring out where a SIEM belongs in your security program
- The power of orchestration: how we automated enrichments for AWS alerts
- Prioritizing suspicious PowerShell activity with machine learning
- 6 things to do before you bring in a red team
- So you’ve got a multi-cloud strategy; here’s how to navigate four common security challenges
- How to create and maintain Jupyter threat hunting notebooks
- 10 tips for protecting computer security and privacy at home
- Malware operators Zoom’ing in
- It’s time to drive a rising tide
- 5 tips for writing a cybersecurity policy that doesn’t suck
- Four common infosec legal risks and how to mitigate them
- Dear fellow CEO: do these seven things to improve your org’s security posture
- Five tips for improving your data ingestion and auditing process
- How public-private partnerships can support election security
- How to find Amazon S3 bucket misconfigurations and fix them ASAP
- Evaluating GreyNoise: what you need to know and how it can help you
- 12 revealing questions to ask when evaluating an MSSP or MDR vendor
- Seven ways to spot a business email compromise in Office 365
- Why we love threat emulation exercises (and how to get started with one of your own)
- How to get the most out of your upcoming SOC tour: making your provider uncomfortable
- Oh Noes! A new approach to IR tabletop exercises
- Five quick checks to prevent attackers from weaponizing your website
- How to hunt for reconnaissance
- Investigating Darktrace alerts for lateral movement
- How to disrupt attackers and enable defenders using resilience
- Heads up: WPA2 vulnerability
- From webshell weak signals to meaningful alert in four steps
- How to triage Windows endpoints by asking the right questions
- A cheat sheet for managing your next security incident
- Category: TLNT
- Could you go a week without meetings at work?
- So you’re a manager. Congrats! Now what?
- Five things that’ll help you determine whether you’ll like working at a company
- 7 habits of highly effective SOCs
- An inside look at what happened when I finally took a vacation (for realsies)
- How to get your resume noticed at Expel (or anywhere)
- A beginner’s guide to getting started in cybersecurity
- Learning is fundamental
- Recruit for team dauntless
- Mission matters: watch your signals
- Don’t dam upstream: ways to build a feedback loop
- Get your security tools in order: seven tactics you should know
- Five ways to keep your security nerds happy
Jobs
- Associate SOC Analyst
- Associate SOC Analyst - Night Shift
- Customer Success Engineer
- Engagement Manager
- Senior Security Analyst
- UX Intern
- Employee Experience Manager
- Senior Data Scientist
- Senior Detection and Response Engineer
- Senior Software Engineer in Test
- Software Engineer - Back End
- Account Executive
Resources
- MSSP Expel Launches Security Service for AWS
- Yanek Korff - Pay It Forward
- Expel introduces Workbench for Amazon Web Services (AWS)
- Azure guidebook: Building a detection and response strategy
- Expel Named to FORTUNE’s Best Medium Workplaces List for Two Consecutive Years
- MITRE ATT&CK in AWS: A defender’s cheat sheet & mind map kit
- Stories from the SOC: Investigating a phishing attack
- Now Tech: Managed Detection and Response Service Providers, Q4 2020
- Inside an investigation: compromised AWS access keys
- Misinformation campaigns will dominate cybersecurity headaches in 2021
- Capitol Hill riot exposes Congress's operational and cybersecurity frailties
- How Russia’s ‘Info Warrior’ Hackers Let Kremlin Play Geopolitics on the Cheap
- 81 startups that will boom in 2021, according to the startup experts: venture capitalists
- Biggest Healthcare Security Threats, Ransomware Trends into 2021
- Fighting the Good Fight: Your 30min Guide to Threat Hunting
- The biggest myths of co-managed security event management
- Rapid Threat Evolution Spurs Crucial Healthcare Cybersecurity Needs
- CapitalG leads $50 million investment in managed cybersecurity provider Expel
- Clouds Are Secure: Are You Using Them Securely?
- How to leverage security automation to identify malicious activity
- The most significant D.C.-area funding deals in the age of coronavirus
- EPISODE 277: Women in Sales Leader Denise Hayman Says These Critical Traits Will Help You Accelerate Your Sales Career
- BEC all grown up: What you need to know now
- GreenSky phishing story
- Founders Helping Founders with Dave Merkel
- Here are six things to do first before taking on a Red Team
- Top 250 MSSPs for 2020
- Market Guide for Managed Detection and Response Services
- EXE Live | How to get started with a multi-cloud strategy
- Cybersecurity Leadership: What We've Learned From COVID-19
- Microsoft MISA Security Software Group Embraces MSSPs, MDR Partners
- EXE Live | Finding contrails: How to track data access in the cloud
- Cybersecurity Company Expel Joins the Microsoft Intelligent Security Association
- Conquering GCPs IAM hierarchy: Where to get started with Service Accounts
- Meet DC Inno’s 2020 Inno on Fire
- Advantage CISO: Why Cybersecurity Should Shine in 2021
- The Monthly Rundown: Startups to Watch from Shamus the Sales Guy – May
- Following the CloudTrail: Where to get started with AWS security monitoring
- Here are the top D.C.-area funding deals and developments from May
- Top cybersecurity VCs share how COVID-19 has changed investing
- 5 CEOs on avoiding the continental drift of your brand during a crisis
- Redefining the CISO role: Why the top security job is gaining C-suite and boardroom status
- Embracing "Pricing-Market Fit" as a Cloud-Native Company -- in a COVID-19 World
- This Herndon cyber firm just raised $50M
- Better.com customer story
- Cybersecurity Company Expel Announces $50 Million in Series D Financing
- Our Best Places to Work honorees discuss Covid-19 response
- Expel lands $50M Series D as security operations increases in importance – TechCrunch
- Expel Named as One of the 2019 Best Medium Workplaces by Great Place to Work® and FORTUNE
- Zoom bolsters software security in latest move to reassure users
- 7 Habits of Highly Effective (Remote) SOCs
- Sales Transformation and Solutions During the COVID-19 Panel Discussion
- 2020 Best Tech Startups in Virginia
- America's Best Startups Employers 2020
- The 12 Best Network Detection and Response Solutions for 2020
- The Business of Cybersecurity Starts at Home
- These 3 Talent Trends for 2020 Focus on Empathy
- Cybersecurity Firm to Create 164 New Jobs in Virginia
- Managed security provider Expel Inc. will expand Herndon HQ, double workforce
- Herndon cyber firm Expel plans major expansion
- Risky Business #569
- Expel Recognized In Gartner’s Market Guide for Managed Detection and Response Services for Second Year in a Row
- 'Wartime' Security Mentality Revisited
- SOC Staffing Is A Golden Opportunity
- 5 Things All Smart Security Leaders Need to Do Right Now
- 3 Reasons to Do a 'Proof of Concept' With MDR Providers
- Securiosity: Where’s the next place money will flow in cybersecurity?
- Better Web Shell Detections with Signal Sciences Next-gen WAF
- The Hot 150 Cybersecurity Companies To Watch In 2020
- The Best Small and Medium-Size Places to Work Make ‘Everyone’ Feel at Home
- Qlik customer story
- GreenSky customer story
- Tech Titans 2019: Washington’s Top Tech Leaders
- Serious Hackers Wear TWO Black Hoodies
- “How extremely busy executives make time to be great parents”, with Dave Merkel
- Beyond backup: How to get more out of your backup data
- Cybersecurity Company Expel Announces $40 Million in Series C Funding
- Scale Venture Partners customer story
- Top Workplaces 2019
- The Washington Post announces the 2019 Top Workplaces in the Washington, D.C. area
- Today's MSSP Alerts: June 20, 2019
- Herndon cyber company nabs $40M led by California VC
- Expel raises $40 million to help companies manage cybersecurity
- Expel Does its Thing, But in the Cloud Now
- Three Things To Ask When A Company In Your Industry Gets Hacked
- What keeps employees happy? Here's our handy guide.
- These are the best places to work in greater Washington in 2019
- Expel recognized as 2019 Greater Washington Area Best Place to Work by Washington Business Journal
- 8 'SOC-as-a-service' offerings
- The Cybersecurity 202: Trump wants a ‘cybersecurity moonshot’ but cuts research
- Top 20 Managed Detection and Response (MDR) Security Companies List, 2019
- ISMG Interview: Beyond the Black Box of MSSPs
- Pharmaceutical customer story
- Relativity customer story
- Tech Titans 2018: Washington’s Top Tech Leaders
- Marriott's Mega-Breach: Many Concerns, But Few Answers
- Morals and Ethics in Sales and Business
- Expel announces “Have a Happy Holiday” program with 24x7 cybersecurity monitoring and response for short-staffed security teams
- Herndon cyber startup lands $20 million in venture capital
- DHS to unveil National Risk Management Center
- 5G Wireless Technology Raises Security Fears
- Expel CEO Says Government Should Share Info With Twitter and Facebook
- Expel CEO Says 'Don't Panic, Be Patient' in Response to China Hack
- How to get started with the NIST CSF
- Getting a grip on your cloud strategy
- A common sense approach for assessing third-party risk
- Oh Noes! An adventure through the cyberz and $#*!
- A beginner’s guide to getting started in cybersecurity
- Connecting network and endpoint data to find attackers
- Expel Recognized In Gartner's Market Guide for Managed Detection and Response Services
- How to build a detection and response program
- Endgame Announces Partnership With Expel To Deliver Advanced Managed Detection And Response (MDR) Services
- Investigating with Darktrace
- Expel 24x7 for Endgame | Managed Endpoint Detection Response
- Expel Named a Gartner 2018 Cool Vendor in Security Operations and Vulnerability Management
- A common sense approach for assessing third-party risk
- Independent Research Firm Includes Expel in “Now Tech: Managed Detection And Response (MDR) Services, Q2 2018” Report
- Cybersecurity company Expel announces $20 million in series B funding
- How to get started with the NIST Cyber Security Framework CSF
- Five ways to keep your security nerds happy
- How much does it cost to build a 24x7 SOC?
- Ready. Set. Go. Welcome to Expel.
- Death of the Tier 1 SOC Analyst
- Expel overview
- Warning signs that your MSSP isn’t the right fit
- Where Expel fits in your security operations
- Expel delivers antidote for failed managed security relationships
- Get your security tools in order: seven tactics you should know
- Budget planning: determining your security spend
- Mistakes to avoid when measuring SOC performance
- A cheat sheet for managing your next security incident
- It’s much easier to raise money when you’ve already sold a $1 billion company
- The haves and have-nots in cybersecurity: how your company can level the playing field
- New security startup Expel secures $7.5 million series A financing
Release notes
- Expel Workbench for AWS and Ruxie’s in MS Teams
- Ruxie, here
- Commodity Malware
- Remediation actions get checked
- NIST CSF and Alert-to-fix timelines
- BEC reporting updates
- All about alerts
- NIST CSF dashboard and other new stuff
- Investigations and alerts
- News on notifications
- Yummy pie charts
- More alert details
- Run the Assembler in AWS
- Easier investigation search
- Security checks
- New investigative features
- New ticketing options
- The best documentation goes to the Assembler
- And the winner goes to…
- Winter wonderland
- Under the weather, we’ve got you covered
- Kicking off the new year!
- Planes, trains and automobiles
- Short and sweet
- No tricks, just treats
- Email notifications -- hold the cookie monster
- Pumpkin spice edition
- Just to be clear …
- Look no further. Vendor alert information is here.
- That was quick (and we’re not talking about summer)
- Spoiler alert! The alert analysis dashboard is live.
- Unlike Aquaman, you don’t have to wait for this release!
- Red, white and vroom!
- Marco! … Polo!
- It’s a Triple Crown
- Kicking off grilling season
- The more, the merrier
- Grab some popcorn - it’s movie time!
- Professor Plum, the candlestick, in the ballroom - see who did it
- A little spring cleaning
- You’ve got mail!
- Status Update … it’s no longer complicated
- Things that make you go hmmm
- On the go? We’ve got you covered.
- I spy with my little eye... a big list of little enhancements
- Security Advisory: Meltdown and Spectre Vulnerabilities
- Introducing the Expel Workbench status page
- Workbench email notifications and new tech integrations ("You better bring it.")
- Just in time for the holidays — pie... charts!
- New to Expel? Now you get a proper welcome!
- Share the love… err work with new assignment options
- Now supporting Zscaler integration
- Investigative actions are now editable (so there’s no excuse for typos)
- New text fields for manual investigative actions provide documentation capability
Get Started
- Getting started with Expel
- Configuring Attivo via SIEM
- Configuring AWS Direct
- Configuring AWS for an IAM role
- Configuring AWS GuardDuty for an IAM role
- Configuring Azure Cloud (direct)
- Configuring Azure Log Analytics
- Configuring Azure Sentinel
- Configuring Carbon Black Defense
- Configuring Carbon Black Response
- Configuring Carbon Black ThreatHunter
- Configuring Cisco AMP for Endpoints
- Configuring Cisco Umbrella
- Configuring CloudTrail S3 notifications
- Configuring CrowdStrike Falcon
- Configuring CylancePROTECT (AV)
- Configuring DarkTrace
- Configuring Duo
- Configuring Elastic Endpoint Security
- Configuring Exabeam Advanced Analytics
- Configuring FireEye HX
- Configuring Fortinet FortiGate
- Configuring GCP
- Configuring GitHub
- Configuring Lacework
- Configuring MCAS
- Configuring Microsoft Defender ATP
- Configuring Okta (direct)
- Configuring Okta SSO Provider
- Configuring OneLogin SSO provider
- Configuring Palo Alto
- Configuring Securonix
- Configuring Splunk
- Configuring SSO provider
- Configuring Sumo Logic
- Configuring Tanium Core
- Configuring Zscaler
- Configuring your Azure SSO provider
- Deploying the Assembler in AWS
- Deploying the Assembler on Hyper-V
- Deploying the Assembler on Microsoft Azure
- Deploying the Assembler on VMWare
- Onboarding Office 365 Direct
- Provisioning the Expel Assembler