Pages

• Homepage
• About
  • Careers
  • Contact Us
  • Customer library
  • Release notes
  • Resource library
  • Resources
  • Resources
• Blog
• Customer Stories
  • Better.com Customer Story
  • GreenSky Customer Story
  • GreenSky Customer Story
  • GreenSky Phishing Story
  • Pharmaceutical Customer Story
  • Qlik Customer Story
  • Relativity Customer Story
  • Relativity Customer Story
  • Scale Venture Capital Customer Story
• Customers
• Expel MDR pricing
• For Our Customers
  • Customer library
  • PGP Key
  • Release Notes
  • Report Vulnerability
  • Terms of Use
  • Terms of Use
• Notices
• Open source disclosure
• Privacy Policy
• Problems we solve
  • Replace my MSSP
  • Secure the cloud fast
  • SOC as a Service
• Replace my MSSP – LP
• Sitemap
• SOC as a Service – LP
• Thank you page
• What We Do
  • Commonly Asked Questions
  • Demo
  • Pricing
  • Tech we plug into
  • Why We’re Different
• What you can buy
  • Amazon Web Services (AWS)
  • Cloud infrastructure
  • Expel MDR
  • Expel Workbench for AWS
  • Google Cloud Platform
  • Managed Phishing Service
  • Microsoft Azure
  • Microsoft O365
  • On-prem infrastructure
  • SaaS apps
• Working with Us
  • Managed detection and response (MDR)
  • Securing the Cloud
• Cloud
• Data Safety

Posts by category

• Category: Customer Experience
• Category: Expel insider
  • Introducing Expel Workbench™ for Amazon Web Services (AWS)
  • Introducing Expel for phishing
  • Introducing 24x7 monitoring and response for Google Cloud Platform
  • Good news in unusual times
  • Judgment, relationships and gratitude
  • Why Expel doesn’t do R&D
  • ‘Twas the Night Before RSAC
  • Security for the other 99 percent
  • What our customers have taught us
  • Ready. Set. Go. Welcome to Expel.
  • The security people’s guide to Expel’s exe blog
• Category: Internal Security
• Category: Security operations
  • Attack trend alert: REvil ransomware
  • Behind the scenes: Building Azure integrations for ASC alerts
  • Got workloads in Microsoft Azure? Read this
  • Plotting booby traps like in Home Alone: Our approach to detection writing
  • Improving the phishing triage process: Keeping our analysts (and our customers) sane
  • The SolarWinds Orion breach: 6 ideas on what to do next and why
  • How to investigate like an Expel analyst: The Expel Workbench managed alert process
  • Evilginx-ing into the cloud: How we detected a red team attack in AWS
  • The CISO in 2020 (and beyond): A chat with Bruce Potter
  • Introducing a mind map for AWS investigations
  • Performance metrics, part 2: Keeping things under control
  • Why don’t you integrate with [foo]?
  • Performance metrics, part 1: Measuring SOC efficiency
  • Is Windows Defender for Endpoint any good? Here’s our two cents
  • The myth of co-managed SIEMs
  • Terraforming a better engineering experience with Atlantis
  • Behind the scenes in the Expel SOC: Alert-to-fix in AWS
  • Spotting suspicious logins at scale: (Alert) pathways to success
  • Obfuscation, reflective injection and domain fronting; oh my!
  • Finding evil in AWS: A key pair to remember
  • Thinking about Zoom and risk
  • Election security: Why to care and what to do about it
  • Month-to-month pricing in uncertain times
  • 7 habits of highly effective (remote) SOCs
  • NIST CSF: A new interactive tool to track your progress
  • Creating data-driven detections with DataDog and JupyterHub
  • Exabeam: an incident investigator’s cheat code
  • How to get started with the NIST Privacy Framework
  • Why the cloud is probably more secure than your on-prem environment
  • Where does Amazon Detective fit in your AWS security landscape?
  • Using JupyterHub for threat hunting? Then you should know these 8 tricks.
  • Making sense of Amazon GuardDuty alerts
  • Better web shell detections with Signal Sciences WAF
  • MFA is not a silver bullet to secure your cloud email
  • Applying the NIST CSF to U.S. election security
  • Following the CloudTrail: Generating strong AWS security signals with Sumo Logic
  • Five things law firms can do now to improve their security for tomorrow
  • Our journey to JupyterHub and beyond
  • 3 must-dos when you’re starting a threat hunting program
  • Here’s what you need to know about business email compromise (BEC)
  • How to make your org more resilient to common Mac OS attacks
  • The top five pitfalls to avoid when implementing SOAR
  • How to find anomalous process relationships in threat hunting
  • This is how you should be thinking about cloud security
  • How to choose the right security tech for threat hunting
  • Don’t blow it — 5 ways to make the most of the chance to revamp your security posture
  • NIST’s new framework: Riding the wave of re-imagining privacy
  • Four habits of highly effective security teams
  • How to get your security tool chest in order when you’re growing like crazy
  • Does your MSSP or MDR provider know how to manage your signals?
  • How to build a useful (and entertaining) threat emulation exercise for AWS
  • 12 ways to tell if your managed security provider won’t suck next year
  • How to start a cybersecurity program (or restart one that lapsed)
  • Three tips for getting started with cloud application security
  • Office 365 security best practices: five things to do right now to keep attackers out
  • Reaching (all the way to) your NIST 800-171 compliance goals
  • Getting a grip on your cloud security strategy
  • A common sense approach for assessing third-party risk
  • Lessons learned from a CISO’s first 100 days
  • How to identify when you’ve lost control of your SIEM (and how to rein it back in)
  • What’s new in the NIST Cybersecurity Framework (CSF) v1.1
  • What is (cyber) threat hunting and where do you start?
  • How to get started with the NIST Cybersecurity Framework (CSF)
  • What “I Love Lucy” teaches us about SOC performance
  • How much does it cost to build a 24x7 SOC?
  • Managed detection and response (MDR): symptom or solution?
  • Decoded: new changes to NIST’s Cybersecurity Framework
  • What’s endpoint detection and response (EDR) and when should you care?
  • Warning signs that your MSSP isn’t the right fit
  • Budget planning: determining your security spend
  • How to avoid shelfware
  • Mistakes to avoid when measuring SOC performance
• Category: Tips
  • How to create (and share) good cybersecurity metrics
  • Containerizing key pipeline with zero downtime
  • Supply chain attack prevention: 3 things to do now
  • Announcing Open Source python client (pyexclient) for Expel Workbench
  • 3 steps to figuring out where a SIEM belongs in your security program
  • The power of orchestration: how we automated enrichments for AWS alerts
  • Prioritizing suspicious PowerShell activity with machine learning
  • 6 things to do before you bring in a red team
  • So you’ve got a multi-cloud strategy; here’s how to navigate four common security challenges
  • How to create and maintain Jupyter threat hunting notebooks
  • 10 tips for protecting computer security and privacy at home
  • Malware operators Zoom’ing in
  • It’s time to drive a rising tide
  • 5 tips for writing a cybersecurity policy that doesn’t suck
  • Four common infosec legal risks and how to mitigate them
  • Dear fellow CEO: do these seven things to improve your org’s security posture
  • Five tips for improving your data ingestion and auditing process
  • How public-private partnerships can support election security
  • How to find Amazon S3 bucket misconfigurations and fix them ASAP
  • Evaluating GreyNoise: what you need to know and how it can help you
  • 12 revealing questions to ask when evaluating an MSSP or MDR vendor
  • Seven ways to spot a business email compromise in Office 365
  • Why we love threat emulation exercises (and how to get started with one of your own)
  • How to get the most out of your upcoming SOC tour: making your provider uncomfortable
  • Oh Noes! A new approach to IR tabletop exercises
  • Five quick checks to prevent attackers from weaponizing your website
  • How to hunt for reconnaissance
  • Investigating Darktrace alerts for lateral movement
  • How to disrupt attackers and enable defenders using resilience
  • Heads up: WPA2 vulnerability
  • From webshell weak signals to meaningful alert in four steps
  • How to triage Windows endpoints by asking the right questions
  • A cheat sheet for managing your next security incident
• Category: TLNT
  • Could you go a week without meetings at work?
  • So you’re a manager. Congrats! Now what?
  • Five things that’ll help you determine whether you’ll like working at a company
  • 7 habits of highly effective SOCs
  • An inside look at what happened when I finally took a vacation (for realsies)
  • How to get your resume noticed at Expel (or anywhere)
  • A beginner’s guide to getting started in cybersecurity
  • Learning is fundamental
  • Recruit for team dauntless
  • Mission matters: watch your signals
  • Don’t dam upstream: ways to build a feedback loop
  • Get your security tools in order: seven tactics you should know
  • Five ways to keep your security nerds happy

Jobs

• Associate SOC Analyst
• Associate SOC Analyst - Night Shift
• Customer Success Engineer
• Engagement Manager
• Senior Security Analyst
• UX Intern
• Employee Experience Manager
• Senior Data Scientist
• Senior Detection and Response Engineer
• Senior Software Engineer in Test
• Software Engineer - Back End
• Account Executive

Resources

• MSSP Expel Launches Security Service for AWS
• Yanek Korff - Pay It Forward
• Expel introduces Workbench for Amazon Web Services (AWS)
• Azure guidebook: Building a detection and response strategy
• Expel Named to FORTUNE’s Best Medium Workplaces List for Two Consecutive Years
• MITRE ATT&CK in AWS: A defender’s cheat sheet & mind map kit
• Stories from the SOC: Investigating a phishing attack
• Now Tech: Managed Detection and Response Service Providers, Q4 2020
• Inside an investigation: compromised AWS access keys
• Misinformation campaigns will dominate cybersecurity headaches in 2021
• Capitol Hill riot exposes Congress's operational and cybersecurity frailties
• How Russia’s ‘Info Warrior’ Hackers Let Kremlin Play Geopolitics on the Cheap
• 81 startups that will boom in 2021, according to the startup experts: venture capitalists
• Biggest Healthcare Security Threats, Ransomware Trends into 2021
• Fighting the Good Fight: Your 30min Guide to Threat Hunting
• The biggest myths of co-managed security event management
• Rapid Threat Evolution Spurs Crucial Healthcare Cybersecurity Needs
• CapitalG leads $50 million investment in managed cybersecurity provider Expel
• Clouds Are Secure: Are You Using Them Securely?
• How to leverage security automation to identify malicious activity
• The most significant D.C.-area funding deals in the age of coronavirus
• EPISODE 277: Women in Sales Leader Denise Hayman Says These Critical Traits Will Help You Accelerate Your Sales Career
• BEC all grown up: What you need to know now
• GreenSky phishing story
• Founders Helping Founders with Dave Merkel
• Here are six things to do first before taking on a Red Team
• Top 250 MSSPs for 2020
• Market Guide for Managed Detection and Response Services
• EXE Live | How to get started with a multi-cloud strategy
• Cybersecurity Leadership: What We've Learned From COVID-19
• Microsoft MISA Security Software Group Embraces MSSPs, MDR Partners
• EXE Live | Finding contrails: How to track data access in the cloud
• Cybersecurity Company Expel Joins the Microsoft Intelligent Security Association
• Conquering GCPs IAM hierarchy: Where to get started with Service Accounts
• Meet DC Inno’s 2020 Inno on Fire
• Advantage CISO: Why Cybersecurity Should Shine in 2021
• The Monthly Rundown: Startups to Watch from Shamus the Sales Guy – May
• Following the CloudTrail: Where to get started with AWS security monitoring
• Here are the top D.C.-area funding deals and developments from May
• Top cybersecurity VCs share how COVID-19 has changed investing
• 5 CEOs on avoiding the continental drift of your brand during a crisis
• Redefining the CISO role: Why the top security job is gaining C-suite and boardroom status
• Embracing "Pricing-Market Fit" as a Cloud-Native Company -- in a COVID-19 World
• This Herndon cyber firm just raised $50M
• Better.com customer story
• Cybersecurity Company Expel Announces $50 Million in Series D Financing
• Our Best Places to Work honorees discuss Covid-19 response
• Expel lands $50M Series D as security operations increases in importance – TechCrunch
• Expel Named as One of the 2019 Best Medium Workplaces by Great Place to Work® and FORTUNE
• Zoom bolsters software security in latest move to reassure users
• 7 Habits of Highly Effective (Remote) SOCs
• Sales Transformation and Solutions During the COVID-19 Panel Discussion
• 2020 Best Tech Startups in Virginia
• America's Best Startups Employers 2020
• The 12 Best Network Detection and Response Solutions for 2020
• The Business of Cybersecurity Starts at Home
• These 3 Talent Trends for 2020 Focus on Empathy
• Cybersecurity Firm to Create 164 New Jobs in Virginia
• Managed security provider Expel Inc. will expand Herndon HQ, double workforce
• Herndon cyber firm Expel plans major expansion
• Risky Business #569
• Expel Recognized In Gartner’s Market Guide for Managed Detection and Response Services for Second Year in a Row
• 'Wartime' Security Mentality Revisited
• SOC Staffing Is A Golden Opportunity
• 5 Things All Smart Security Leaders Need to Do Right Now
• 3 Reasons to Do a 'Proof of Concept' With MDR Providers
• Securiosity: Where’s the next place money will flow in cybersecurity?
• Better Web Shell Detections with Signal Sciences Next-gen WAF
• The Hot 150 Cybersecurity Companies To Watch In 2020
• The Best Small and Medium-Size Places to Work Make ‘Everyone’ Feel at Home
• Qlik customer story
• GreenSky customer story
• Tech Titans 2019: Washington’s Top Tech Leaders
• Serious Hackers Wear TWO Black Hoodies
• “How extremely busy executives make time to be great parents”, with Dave Merkel
• Beyond backup: How to get more out of your backup data
• Cybersecurity Company Expel Announces $40 Million in Series C Funding
• Scale Venture Partners customer story
• Top Workplaces 2019
• The Washington Post announces the 2019 Top Workplaces in the Washington, D.C. area
• Today's MSSP Alerts: June 20, 2019
• Herndon cyber company nabs $40M led by California VC
• Expel raises $40 million to help companies manage cybersecurity
• Expel Does its Thing, But in the Cloud Now
• Three Things To Ask When A Company In Your Industry Gets Hacked
• What keeps employees happy? Here's our handy guide.
• These are the best places to work in greater Washington in 2019
• Expel recognized as 2019 Greater Washington Area Best Place to Work by Washington Business Journal
• 8 'SOC-as-a-service' offerings
• The Cybersecurity 202: Trump wants a ‘cybersecurity moonshot’ but cuts research
• Top 20 Managed Detection and Response (MDR) Security Companies List, 2019
• ISMG Interview: Beyond the Black Box of MSSPs
• Pharmaceutical customer story
• Relativity customer story
• Tech Titans 2018: Washington’s Top Tech Leaders
• Marriott's Mega-Breach: Many Concerns, But Few Answers
• Morals and Ethics in Sales and Business
• Expel announces “Have a Happy Holiday” program with 24x7 cybersecurity monitoring and response for short-staffed security teams
• Herndon cyber startup lands $20 million in venture capital
• DHS to unveil National Risk Management Center
• 5G Wireless Technology Raises Security Fears
• Expel CEO Says Government Should Share Info With Twitter and Facebook
• Expel CEO Says 'Don't Panic, Be Patient' in Response to China Hack
• How to get started with the NIST CSF
• Getting a grip on your cloud strategy
• A common sense approach for assessing third-party risk
• Oh Noes! An adventure through the cyberz and $#*!
• A beginner’s guide to getting started in cybersecurity
• Connecting network and endpoint data to find attackers
• Expel Recognized In Gartner's Market Guide for Managed Detection and Response Services
• How to build a detection and response program
• Endgame Announces Partnership With Expel To Deliver Advanced Managed Detection And Response (MDR) Services
• Investigating with Darktrace
• Expel 24x7 for Endgame | Managed Endpoint Detection Response
• Expel Named a Gartner 2018 Cool Vendor in Security Operations and Vulnerability Management
• A common sense approach for assessing third-party risk
• Independent Research Firm Includes Expel in “Now Tech: Managed Detection And Response (MDR) Services, Q2 2018” Report
• Cybersecurity company Expel announces $20 million in series B funding
• How to get started with the NIST Cyber Security Framework CSF
• Five ways to keep your security nerds happy
• How much does it cost to build a 24x7 SOC?
• Ready. Set. Go. Welcome to Expel.
• Death of the Tier 1 SOC Analyst
• Expel overview
• Warning signs that your MSSP isn’t the right fit
• Where Expel fits in your security operations
• Expel delivers antidote for failed managed security relationships
• Get your security tools in order: seven tactics you should know
• Budget planning: determining your security spend
• Mistakes to avoid when measuring SOC performance
• A cheat sheet for managing your next security incident
• It’s much easier to raise money when you’ve already sold a $1 billion company
• The haves and have-nots in cybersecurity: how your company can level the playing field
• New security startup Expel secures $7.5 million series A financing

Release notes

• Expel Workbench for AWS and Ruxie’s in MS Teams
• Ruxie, here
• Commodity Malware
• Remediation actions get checked
• NIST CSF and Alert-to-fix timelines
• BEC reporting updates
• All about alerts
• NIST CSF dashboard and other new stuff
• Investigations and alerts
• News on notifications
• Yummy pie charts
• More alert details
• Run the Assembler in AWS
• Easier investigation search
• Security checks
• New investigative features
• New ticketing options
• The best documentation goes to the Assembler
• And the winner goes to…
• Winter wonderland
• Under the weather, we’ve got you covered
• Kicking off the new year!
• Planes, trains and automobiles
• Short and sweet
• No tricks, just treats
• Email notifications -- hold the cookie monster
• Pumpkin spice edition
• Just to be clear …
• Look no further. Vendor alert information is here.
• That was quick (and we’re not talking about summer)
• Spoiler alert! The alert analysis dashboard is live.
• Unlike Aquaman, you don’t have to wait for this release!
• Red, white and vroom!
• Marco! … Polo!
• It’s a Triple Crown
• Kicking off grilling season
• The more, the merrier
• Grab some popcorn - it’s movie time!
• Professor Plum, the candlestick, in the ballroom - see who did it
• A little spring cleaning
• You’ve got mail!
• Status Update … it’s no longer complicated
• Things that make you go hmmm
• On the go? We’ve got you covered.
• I spy with my little eye... a big list of little enhancements
• Security Advisory: Meltdown and Spectre Vulnerabilities
• Introducing the Expel Workbench status page
• Workbench email notifications and new tech integrations ("You better bring it.")
• Just in time for the holidays — pie... charts!
• New to Expel? Now you get a proper welcome!
• Share the love… err work with new assignment options
• Now supporting Zscaler integration
• Investigative actions are now editable (so there’s no excuse for typos)
• New text fields for manual investigative actions provide documentation capability

Get Started

• Getting started with Expel
• Configuring Attivo via SIEM
• Configuring AWS Direct
• Configuring AWS for an IAM role
• Configuring AWS GuardDuty for an IAM role
• Configuring Azure Cloud (direct)
• Configuring Azure Log Analytics
• Configuring Azure Sentinel
• Configuring Carbon Black Defense
• Configuring Carbon Black Response
• Configuring Carbon Black ThreatHunter
• Configuring Cisco AMP for Endpoints
• Configuring Cisco Umbrella
• Configuring CloudTrail S3 notifications
• Configuring CrowdStrike Falcon
• Configuring CylancePROTECT (AV)
• Configuring DarkTrace
• Configuring Duo
• Configuring Elastic Endpoint Security
• Configuring Exabeam Advanced Analytics
• Configuring FireEye HX
• Configuring Fortinet FortiGate
• Configuring GCP
• Configuring GitHub
• Configuring Lacework
• Configuring MCAS
• Configuring Microsoft Defender ATP
• Configuring Okta (direct)
• Configuring Okta SSO Provider
• Configuring OneLogin SSO provider
• Configuring Palo Alto
• Configuring Securonix
• Configuring Splunk
• Configuring SSO provider
• Configuring Sumo Logic
• Configuring Tanium Core
• Configuring Zscaler
• Configuring your Azure SSO provider
• Deploying the Assembler in AWS
• Deploying the Assembler on Hyper-V
• Deploying the Assembler on Microsoft Azure
• Deploying the Assembler on VMWare
• Onboarding Office 365 Direct
• Provisioning the Expel Assembler

Tools

• Workbench Public API