Security operations
Expel rides a Wave

Forrester recently invited Expel and a number of other cybersecurity companies to participate in research for its report, The Forrester Wave™: Managed Detection and Response, Q2 2023, and we jumped at the…

Security operations | 2 min read
Security alert: ConnectWise ScreenConnect 23.9.8 security fix

Vulnerabilities affecting ConnectWise versions 23.9.7 and prior leave self-hosted and on-premise ScreenConnect instances exposed to attackers. Here’s what happened and what can do about it now.

Security operations | 4 min read
Automated remediation: benefits and customization

Auto remediation represents substantial benefits, including cost savings and faster response times, but one size doesn’t fit all. Your solution should be customizable for your specific environment.

Security operations | 2 min read
Why is NIST adding Governance to the NIST CSF 2.0?

As the security industry waits for NIST CSF 2.0 to publish, you might be asking yourself why NIST is adding more guidance around governance. We shed some light on the question and share what we know.

Security operations | 1 min read
GKE/Gmail vulnerability: notes and tips

Security researchers have discovered a new Google Kubernetes Engine misconfiguration. Here’s what you need to know.

Security operations | 7 min read
Transparency in MDR: three use cases

Transparency is one of our core tenets. It influences how we built our products, we interact with each other, how we design our compensation systems, and how we work with our customers and prospects.

Security operations | 3 min read
2024 Annual Threat Report: findings and predictions

This year’s Annual Threat Report describes the major attack trends we saw last year and offers advice to safeguard your org. Some of our top security minds also make predictions for 2024.

Security operations | 3 min read
Let your security maturity be your guide

Security maturity plays a big role in determining how your SecOps strategy evolves. Learn how an Expel customer determined it was the right time to add threat hunting to his repertoire.

Security operations | 3 min read
New mind maps & cheat sheets: Azure & Kubernetes

Our new Kubernetes mind map/cheat sheet makes it easier for you to know which API calls are associated with different MITRE ATT&CK tactics in k8s environments.

Security operations | 6 min read
Assessing suspicious Outlook rules: an exercise

Outlook Inbox rules are used for legitimate and malicious reasons alike. Here are some actual case exercises, tips, and tricks on how to analyze them using the rule’s conditions alone.

Security operations | 5 min read
Working with your SOC/MDR during a security assessment

There are different kinds of security assessments, and what you perform should be aligned to your organization's goals.

Engineering | 6 min read
What’s it like being a female site reliability engineer?

The tech industry, and engineering positions especially, can be very difficult for women. In this interview, one of Expel’s SREs discusses her career path and lauds the support she’s found here.

Security operations | 7 min read
Attackers are expanding access through Amazon Cognito

AWS Cognito provides Identity and Access Management for AWS web applications. Improperly configured Cognito web portals can allow attackers to gain direct access to your AWS control plane.