AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

AWS resource kit

Secure your cloud and get back to doing what you love

You’re ahead of the game

Now that you’re generating signal and have eyes on alerts – it’s time to think of ways to improve efficiency. Our EXE blog is a great place to find helpful advice and resources from our experts. Here’s a reading list to get started:

Blog

How much does it cost to build a 24x7 SOC?

Not all 24x7 SOCs are created equal. To figure out how much it costs to go 24x7, you have to first figure out what kind of SOC you’re trying to build. We outline four possible security operations centers and an estimate of your costs.

Blog

7 habits of highly effective SOCs

Wondering what it takes to build an effective SOC full of motivated, happy analysts? We’ve got some thoughts on that.

Blog

Making sense of Amazon GuardDuty alerts

If you’re running workloads on AWS, then you’d better be running GuardDuty. But what is it and how can you make sense of all the signals? Here are our pro tips.

Blog

Generate Strong Security Signals with Sumo Logic & AWS Cloudtrail

Looking to get more or better security signals out of AWS? Then you’ll wanna read our pro tips on making the most of Amazon CloudTrail.

Blog

How to build a useful (and entertaining) threat emulation exercise for AWS

Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.

Ready to dive into the details?

Here are some case studies from our SOC:

Blog

Spotting suspicious logins at scale: (Alert) pathways to success

Find out how our SOC analysts used automation to reduce the time it takes to investigate and report a suspicious login by 75%. The team outlines the process and shares a case study of it in action.

Blog

Behind the scenes in the Expel SOC: Alert-to-fix in AWS

Wonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.

Blog

Finding evil in AWS: A key pair to remember

Our analysts had to think fast when they recently encountered an incident involving compromised AWS access keys. Find out how they identified the attack and then kicked the bad guy out.

Blog

Evilginx-ing into the cloud: How we detected a red team attack in AWS

Red team sneak attack? Bring it on. Find out how we tackled a red team attack using open source offensive security tools in AWS and what you can do to protect your org from similar attacks.

Thought starters

Need some thought starters on automation or the analyst decision-making process? Check these posts out:

Blog

How to investigate like an Expel analyst: The Expel Workbench managed alert process

Ever wonder about how Expel’s analysts investigate alerts? Our SOC team created a workflow called the Expel Workbench managed alert process. Read on to find out how it works and how it can help you.

Blog

The power of orchestration: how we automated enrichments for AWS alerts

Automation is key when it comes to helping analysts focus on doing what they do best – investigating legitimate threats. Find out how we use orchestration to automate enrichments for AWS alerts.

Need some tailored advice?

We’re here to help! Let’s chat.

Back To Top