Welcome to the exe blog. A new
space for aha's and executable tips and tricks.
Featured Post
Great eXpeltations 2022: Cybersecurity trends and predictions
Introducing Great eXpeltations 2022: Cybersecurity trends and predictions — an annual report from our security operations center (SOC) on top threats, how to handle them, and what to expect this year.
Expel Quarterly Threat Report: Cybersecurity data, trends, and recs from Q1 2022
Top takeaways from our first quarterly report, filled with patterns and trends we identified from Q1 2022. Our goal? Help translate the events we detect into a security strategy for your organization.
Meet us at Moscone… Expel makes its #RSAC debut!
For the first time, Expel is headed to RSA Conference as an exhibitor! Stop by our booth to meet the crew, snag some swag, meet Josie and Ruxie, and let us show you that security can be delightful.
How to quantify security ROI… for real
Measuring cybersecurity ROI can feel like trying to nail Jello to a tree — frustrating and unproductive. Take some of the guesswork out of the equation with our new interactive ROI calculator.
Let’s talk compensation: Why Expel made the move to pay transparency
Expel recently made the decision to move toward pay transparency — but what does that mean, exactly? Learn what it means to us, how we arrived at the decision, and what we’ve learned along the way.
The dinner that started it all with Expel’s new CISO
Get to know our new CISO, Greg Notch! Fresh off 15 years with the NHL, learn about the problems he saw in the infosec industry and what drew him to Expel in the first place — in his own words.
Incident report: From CLI to console, chasing an attacker in AWS
Our SOC detected and stopped unauthorized access in one of our customer’s AWS environments. Here’s how we spotted it, the steps we took to understand what they did, lessons learned and key takeaways.
Attack trend alert: Email scams targeting donations to Ukraine
As more people look to donate to Ukrainian relief efforts, bad actors are taking advantage. Lookout for these phishing scams to ensure your donations are actually going to help those in need.
Top 7 recs for responding to the Lapsus$ breach claims
While the situation surrounding the reported breach of Okta by Lapsus$ is still developing, here are our top 7 recommendations you can take to protect yourself and your org.
Top Attack Vectors: February 2022
This report dives into the top attack vectors and trends among the incidents our SOC investigated in February 2022. Learn our key recommendations to protect your org from these types of attacks.
Helpful tools for technical teams to collaborate without meetings
Looking to reduce the meeting load on your technical teams while maintaining effective communication and collaboration? Learn the tools and tips that our CTO uses to improve his team’s “meeting mojo.”
Evaluating MDR providers? Ask these questions about their onboarding process
Looking for an MDR provider? Make sure you understand their onboarding process. Here are the questions you should ask when you’re evaluating MDRs. Bonus: learn how we do onboarding here at Expel.
Top Attack Vectors: January 2022
This report dives into the top attack vectors and trends among the incidents our SOC investigated in January 2022. Learn our key recommendations to protect your org from these types of attacks.
5 pro tips for detecting in AWS
Cloud-based infrastructures can be confusing, but sometimes building a better security program starts with the basics. Try these pro tips to help focus the lens for detecting threats in AWS.
Attack trend alert: AWS-themed credential phishing technique
They’re at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users. Find out how our crew identified and triaged a phishing email.
Great eXpeltations 2022: Cybersecurity trends and predictions
Introducing Great eXpeltations 2022: Cybersecurity trends and predictions — an annual report from our security operations center (SOC) on top threats, how to handle them, and what to expect this year.
Top Attack Vectors: December 2021
This report dives into the top attack vectors and trends among the incidents our SOC investigated in December 2021. Learn our key recommendations to protect your org from these types of attacks.
Threat hunting: Build or buy?
Not sure if you should build your own hunting capability or get a hunting partner? Check out this post to discover your options and the things you should consider (yes, we break down cost for you).
ICYMI: Expel’s best [expletive] moments in 2021
Expel made some waves and unlocked achievements in 2021. Here’s a look back at our biggest moments last year, our newest resources, and a sneak peek of what’s in store for the year ahead.
What’s hunting and is it worth it?
Heard about hunting but are unclear on whether it’s something you should invest in? You’re not alone. Find out what it is and the value it brings to your org’s detection and response capabilities.
Top Attack Vectors: November 2021
This report dives into the top attack vectors and trends among the incidents our SOC investigated in November 2021. Learn our key recommendations to protect your org from these types of attacks.
The Grinchy email scams to watch out for this holiday season
As the holidays approach, cyber Grinches are targeting phishing campaigns to steal data, credentials and more. Look out for these email scams while online shopping and checking your inbox this season.
More good news in still unusual times
We’ve reached a valuation over $1 billion thanks to our Series E fundraising round, led by CapitalG. Check out what our founders have to say about this exciting news and what’s next for Expel.
Top Attack Vectors: October 2021
This report dives into the top attack vectors and trends among the incidents our SOC investigated in October 2021. Learn our key recommendations to protect your org from these types of attacks.
A new way to recruit: Our approach to building Expel’s Phishing team
In this blog post, we’ll share how we’re using the Expel Phishing team and its simple, narrow focus, to achieve two goals -- Protect managed detection and response (MDR) service continuity, and Increase diversity in cybersecurity
How Expel does remediation
Curious how Expel does remediation? Learn how our process works, what you can expect from our analysts during an investigation and what we’re adding next on our remediation roadmap.
Top Attack Vectors: September 2021
This report dives into the top attack vectors and trends among the incidents our SOC investigated in September 2021. Learn our key recommendations to protect your org from these types of attacks.
How we use VMRay to support Expel for Phishing
How does Expel tackle phishing? Smart people and great tech. Learn how VMRay helps our analysts triage and analyze potentially malicious emails submitted by our managed phishing service customers.
Top Attack Vectors: August 2021
This report dives into the top attack vectors and trends among the incidents our SOC investigated in August 2021. Learn our key recommendations to protect your org from these types of attacks.
The top phishing keywords in the last 10k+ malicious emails we investigated
Curious how attackers are prompting victims to engage with phishing campaigns? Check out the top keywords from the malicious emails our SOC investigated and our top resilience recommendations.
Swimming past 2FA, part 2: How to investigate Okta compromise
First we showed you how to spot an Okta compromise in this two-part blog series. Now we’ll walk you through our investigation and share five tips on how you can strengthen your security defense.
Top Attack Vectors: July 2021
This report dives into the top attack vectors and trends among the incidents our SOC investigated in July 2021. Learn our key recommendations to protect your org from these types of attacks.
A tough goodbye
After serving as Expel’s CISO for nearly five years, Bruce Potter is on to his next adventure. We’re grateful for everything he’s done for us – and for not leaving without writing this farewell post.
How Expel goes detection sprinting in Google Cloud
Building detections in Google Cloud Platform (GCP) but not sure where to start? Time to get strategic. Our detection and response engineers demystify the process for building detections in the cloud.
Well that escalated quickly: How a red team went from domain user to kernel memory
A red team recently swooped in and showed off some new tactics. What started as a PowerShell download cradle quickly turned into a custom rootkit download. Find out how we spotted the crafty red team.
Incident report: Spotting SocGholish WordPress injection
Our SOC stopped a ransomware attack that compromised WordPress CMS to trigger a drive-by RAT download. Find out what happened, how we caught it, and our recommendations to secure your WordPress CMS.
How should my MDR provider support my compliance goals?
Need to ensure your tech, privacy and security policies are compliant? Find out what compliance means in practice and how your MDR provider can support your compliance program, not become a liability.
Swimming past 2FA, part 1: How to spot an Okta MITM phishing attack
Crafty attackers are finding new ways to bypass multiple-factor authentication. Find out how our SOC detected an attack and get some tips on how your org can prevent credentials phishing.
Kaseya supply chain attack: What you need to know
A new ransomware attack upheaved the beginning of Fourth of July weekend. Fortunately, there are steps you can take right now to stay safe. Find out what’s happening and how Expel is looking ahead.
Come sea how we tackle phishing: Expel’s Phishing dashboard
Want a tour of Expel’s Phishing dashboard? Get a behind-the-scenes look at how one of our senior UX designers developed the Phishing dashboard for Expel’s managed phishing service customers.
Someone in your industry got hit with ransomware. What now?
We’re noticing a trend in ransomware attacks. But that doesn’t mean it’s time to go into panic mode. Find out what you need to know and get some tips on how you can keep your org safe.
How to measure SOC quality
You can scale your SOC and improve quality. Seems impossible? Not if you know how and what to measure. The crew that helped build Expel’s SOC explain how they pulled it off – and how you can too.
Cloud attack trends: What you need to know and how to stay resilient
We shared the top attack trend spotted during the pandemic and what to keep an eye out for looking ahead. But how do you remediate and stay resilient against these attacks? Our crew shares some tips.
Performance metrics, part 3: Success stories
Our team shares some success stories in creating efficiency and reducing analyst burnout. They end this three-part series with a gift from our SOC – a downloadable resource to measure performance.
Expel Hunting: Now in the cloud
We’ve added something new to Expel Hunting: cloud hunts. Find out how our crew’s newly developed hunting techniques can help you spot visibility gaps in your cloud (and give you some peace of mind).
The top cybersecurity attack trend we saw emerge during the COVID-19 pandemic
Check out our newest infographic to learn about the top attack trend during the COVID-19 pandemic, how our SOC’s data reinforces these recent findings and how you should be looking ahead.
How does your approach to AWS security stack up?
Take our short quiz to find out how your approach to AWS security compares to similar orgs. Based on your responses, we’ll also share some resources to help you level up your AWS security game.
How to make the most of your virtual SOC tour
Expel used to give prospects an in-person tour of our SOC. Then 2020 happened. Enter Expel’s virtual SOC tour. Find out what’s included and how you can take full advantage of your time “in” our SOC.
Migrating to GKE: Preemptible nodes and making space for the Chaos Monkeys
Find out how Expel’s internal teams collaborated to migrate our core infrastructure from a legacy environment to GCP, with no downtime (while also making sure they were prepared for a little chaos).
Wow, they really like us
Expel is recognized as a leader in The Forrester Wave™: Managed Detection And Response, Q1 2021 report. And our CEO – along with the whole Expletive crew – are pretty excited about it.
5 best practices to get to production readiness with Hashicorp Vault in Kubernetes
Flying blind when it comes to running Hashicorp Vault in Kubernetes? We’ve got you covered. Accelerate your path to production without compromising on security with these tips and best practices.
How to create (and share) good cybersecurity metrics
Establishing metrics is vital. But how do you report progress and have a conversation about what you’re seeing? Are you even looking at the right things? Here are some tips on measuring cybersecurity.
Containerizing key pipeline with zero downtime
Migrating to Kubernetes as Expel’s core engineering platform with zero downtime – and without interfering with our analysts’ workflow – is a tall order. But our engineers pulled it off. Find out how.
Attack trend alert: REvil ransomware
Expel’s SOC spotted a new trend in REvil campaigns and they’re sounding the alarm. Find out what’s new about this type of attack, how our analysts spotted it and what you can do to protect your org.
Behind the scenes: Building Azure integrations for ASC alerts
Find out how Expel’s internal teams built an integration on top of Azure signal – creating a new detection strategy for ASC that provides more context around alerts and improves customer visibility.
Introducing Expel Workbench™ for Amazon Web Services (AWS)
We’re excited to announce the launch of our first SaaS product! It automates the investigation of AWS alerts and logs – allowing your team to spend less time finding and fixing security issues.
Got workloads in Microsoft Azure? Read this
Got Microsoft Azure? Running Microsoft products in your org? Then you might want to get a free copy of our all-new Azure guidebook.
Plotting booby traps like in Home Alone: Our approach to detection writing
Find out how Expel’s D&R engineers think about detection writing, and how this process helps our SOC analysts make smart decisions and gain a deeper understanding of our customers’ environments.
Supply chain attack prevention: 3 things to do now
What do you do when you can’t trust the internet? Supply chain attacks like the SolarWinds Orion breach are not new. Here are some things you can do to help prepare and guard against similar attacks.
Improving the phishing triage process: Keeping our analysts (and our customers) sane
Here’s how Expel created a phishing triage process that keeps our analysts’ heads above water while also ensuring that a trained pair of eyes is on every email submitted by our customers.
The SolarWinds Orion breach: 6 ideas on what to do next and why
Here are some of our early observations on the SolarWinds Orion breach, plus our ideas on what to do next to detect related activity and better protect your org.
How to investigate like an Expel analyst: The Expel Workbench managed alert process
Ever wonder about how Expel’s analysts investigate alerts? Our SOC team created a workflow called the Expel Workbench managed alert process. Read on to find out how it works and how it can help you.
Could you go a week without meetings at work?
Could your company go for an entire week with no meetings? We did. Find out what happened (plus download our Meeting Mojo kit to help you make the most of the meetings you really do need to have.)
Evilginx-ing into the cloud: How we detected a red team attack in AWS
Red team sneak attack? Bring it on. Find out how we tackled a red team attack using open source offensive security tools in AWS and what you can do to protect your org from similar attacks.
The CISO in 2020 (and beyond): A chat with Bruce Potter
It’s impossible to sum up a year that felt like 1000 in a single blog post. But we did gather some topline takeaways on security trends and the evolving role of the CISO from Expel’s Bruce Potter.
Introducing a mind map for AWS investigations
We’ve been doing a lot of investigations in AWS using CloudTrail logs and have been noticing some interesting things along the way. So we created an AWS mind map for our team (and you). Check it out!
Announcing Open Source python client (pyexclient) for Expel Workbench
We’re open sourcing a python client in the Expel Workbench! This labor of love will allow our customers to take advantage of our APIs. Find out what the release of the pyexclient project includes.
Performance metrics, part 2: Keeping things under control
In this second post in our three-part series on all things metrics and SOC leadership, our team dives into details of what metrics and techniques are used to protect the SOC against volatility.
Introducing Expel for phishing
Expel just introduced a new offering: Expel for Phishing! Lost in a sea of phishing emails? Find out how our product goes beyond automated triage and helps our customers come up for air.
Why don’t you integrate with [foo]?
You’ve heard that Expel integrates with your tech. But not YOUR tech. What gives? Well, sometimes it doesn’t always make sense. Expel’s COO explains why and what this means when working with us.
Performance metrics, part 1: Measuring SOC efficiency
How do you establish metrics for SOC efficiency? This first post in a three-part series shares our team’s approach to setting SOC goals, creating a strategy and measuring success.
3 steps to figuring out where a SIEM belongs in your security program
How can a SIEM help you address your business needs? Do you even need a SIEM? Finding the right answer isn’t easy. Here are some tips to help you make a decision that works best for you.
Is Microsoft Defender for Endpoint good?
Expel recently integrated Microsoft Defender for Endpoint into our platform and we gotta say, we’re impressed! Our SOC analysts share why they love it and show us how they use it to triage alerts.
The myth of co-managed SIEMs
Think you can get a co-managed SIEM and then step away to let the magic happen? Not so fast. Our CISO shares some common myths and the realities you should consider before making a decision.
The power of orchestration: how we automated enrichments for AWS alerts
Automation is key when it comes to helping analysts focus on doing what they do best – investigating legitimate threats. Find out how we use orchestration to automate enrichments for AWS alerts.
Terraforming a better engineering experience with Atlantis
To build something useful you must first understand your users. Find out how Expel used Terraform and Atlantis to build a platform that makes self-service provisioning in cloud infrastructure easy.
Behind the scenes in the Expel SOC: Alert-to-fix in AWS
Wonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.
Prioritizing suspicious PowerShell activity with machine learning
Attackers love to look to PowerShell to enact their evil plans. Expel’s senior data scientist tells us how she used machine learning to help analysts spot malicious activity in PowerShell quickly.
So you’re a manager. Congrats! Now what?
Creating strong leaders is paramount to the health and success of a company ... but managers are rarely given the tools to lead. That’s why we built a managers program at Expel.
6 things to do before you bring in a red team
Red team engagements are essential to helping your SOC analysts stay battle ready. But before screaming, “CHARGE,” here are six things you should do to prepare for taking on a red team.
So you’ve got a multi-cloud strategy; here’s how to navigate four common security challenges
Switching to a multi-cloud solution? Easy! Just kidding. Expel’s senior detection & response engineer shares some things you need to think about when going multi-cloud – and how to stay sane.
Introducing 24x7 monitoring and response for Google Cloud Platform
Running a Google Cloud Platform (GCP) workload or thinking about integrating it into your security portfolio? Expel can help! We’ve officially launched our GCP 24x7 monitoring and response services.
How to create and maintain Jupyter threat hunting notebooks
We got a lot of questions about configuring Jupyter notebooks after presenting at Infosec Jupyterthon 2020. See our response along with some tips for incorporating this tech into infosec processes.
Spotting suspicious logins at scale: (Alert) pathways to success
Find out how our SOC analysts used automation to reduce the time it takes to investigate and report a suspicious login by 75%. The team outlines the process and shares a case study of it in action.
Obfuscation, reflective injection and domain fronting; oh my!
During a recent red team engagement, the CrowdStrike EDR Platform alerted our SOC team on the execution of a suspicious VBScript file. This is what they learned from untangling the malware code.
Good news in unusual times
We’re thrilled and humbled to be taking on a new round of funding, this time led by CapitalG.
Managed Detection & Response for AWS
Our analysts had to think fast when they recently encountered an incident involving compromised AWS access keys. Find out how they identified the attack and then kicked the bad guy out.
10 tips for protecting computer security and privacy at home
Many of us recently became remote workers. Now, more than ever, it’s important for us to understand how to keep our at home networks safe. Here are 10 tips to stay secure at home.
Thinking about Zoom and risk
For many of us, Zoom is the app that’s keeping us connected. But recent news about security concerns has a lot of us wondering if it’s too risky. So... is it? Our CISO shares his thoughts.
Malware operators Zoom’ing in
Over the weekend, Expel’s analysts discovered a new way attackers are using Zoom to compromise users’ security. Here’s what they learned and what you can do to avoid getting duped.
Election security: Why to care and what to do about it
Whether you work in security or are an informed voter (or both!), the security of our election ecosystem is everybody’s business. Here are the challenges our system faces and what we can do about them.
Month-to-month pricing in uncertain times
When we founded Expel nearly four years ago, we set out to provide our customers with greater peace of mind about security – whether they’re operating “business as usual” or facing more challenging circumstances.
7 habits of highly effective (remote) SOCs
Security ops is a team sport … but how do you “play” together when your company’s working 100% remotely? Jon’s got some advice.
NIST CSF: A new interactive tool to track your progress
There’s lots to like about the NIST CSF. Here are our practical tips for how to use it, plus a preview of a new NIST feature we introduced in Expel Workbench™.
Creating data-driven detections with DataDog and JupyterHub
Creating alert thresholds is critical to *not* driving your SOC analysts batty, but what’s the “right” number? Here are some tips, tricks and favorite tools we use to determine alert thresholds for customer environments.
Exabeam: an incident investigator’s cheat code
We love EDR tools too, but here are our best tips and tricks for combining EDR data with other (equally) important security signals.
How to get started with the NIST Privacy Framework
What’s this new framework and how should you use it? Our CISO’s got all the details plus a FREE downloadable self-scoring tool to help you assess where your org’s at when it comes to privacy.
Why the cloud is probably more secure than your on-prem environment
Is your data really safer in the server room next door? Probably not. Here are five reasons why the cloud offers better security than your on-prem environment.
Where does Amazon Detective fit in your AWS security landscape?
If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.
Using JupyterHub for threat hunting? Then you should know these 8 tricks.
Jupyter Notebook gave us the freedom to rethink the way we analyzed hunting data. Here are some tips and tricks you can use in your own analysis.
Five things that’ll help you determine whether you’ll like working at a company
How do you interview a company who’s interviewing you? One of our account executives, Jeremy Furniss, shares how he evaluated Expel during the hiring process.
7 habits of highly effective SOCs
Wondering what it takes to build an effective SOC full of motivated, happy analysts? We’ve got some thoughts on that.
It’s time to drive a rising tide
There are a few cybersecurity fundamentals that keep us safe … but how do you get the people in your org to adopt them? Our COO Yanek Korff’s got some ideas.
Making sense of Amazon GuardDuty alerts
If you’re running workloads on AWS, then you’d better be running GuardDuty. But what is it and how can you make sense of all the signals? Here are our pro tips.
Better web shell detections with Signal Sciences WAF
Is Signal Sciences WAF part of your tech stack? Then you’ve got an amazing webshell detection method right at your fingertips.
MFA is not a silver bullet to secure your cloud email
Think MFA will be your web mail’s knight in shining armor when a crafty attacker strikes? Think again, and do these four things to make sure your org’s protected.
Applying the NIST CSF to U.S. election security
NIST isn’t only useful for corporations -- it’s helpful for guiding security activities around processes like our national elections. Our CISO’s got some thoughts on exactly how to apply NIST to election security.
5 tips for writing a cybersecurity policy that doesn’t suck
All good cybersecurity policies share some similar traits. Here are our pro tips for creating a solid policy for your own org.
Generate Strong Security Signals with Sumo Logic & AWS Cloudtrail
Looking to get more or better security signals out of AWS? Then you’ll wanna read our pro tips on making the most of Amazon CloudTrail.
Five things law firms can do now to improve their security for tomorrow
Relativity CSO Amanda Fennell shares the top five, easy-to-get-started things she sees forward-thinking law firms doing to improve their security.
Our journey to JupyterHub and beyond
If you use or are considering trying JupyterHub, it’s your lucky day -- we’re sharing configuration tips and tricks, how we’re using it to make technical research easier, and much more.
3 must-dos when you’re starting a threat hunting program
So you decided you want to build a threat hunting program ... but where do you start? Here are our three must-dos when you’re planning your hunt.
An inside look at what happened when I finally took a vacation (for realsies)
I returned from my vacation with more than a tan. Here are 7 not-so-obvious things I learned by stepping away and unplugging from the office.
Here’s what you need to know about business email compromise (BEC)
How often does a business email compromise actually happen? And what should you do about it? Our infographic answers those questions and more.
How to make your org more resilient to common Mac OS attacks
Got Macs in your org? Here are a few recent Mac OS attack trends and how you can become more resilient to ‘em.
The top five pitfalls to avoid when implementing SOAR
SOAR isn’t really about “orchestration and response.” It’s an engineering problem at its core. Here’s why.
How to find anomalous process relationships in threat hunting
Finding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.
This is how you should be thinking about cloud security
Your IT team isn’t racking and stacking servers like they used to, but cracking the cloud security code is easier than you think. Get our pro tips for doing just that.
Judgment, relationships and gratitude
Yep, we secured a new round of funding. Here’s a look at where we’ve been, what we’ve learned and where we’re going on this journey (and a huge “thanks” to our supporters along the way).
How to choose the right security tech for threat hunting
How do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.
Don’t blow it — 5 ways to make the most of the chance to revamp your security posture
If you’ve got a blank canvas with the opportunity to build a security program from scratch, here’s how to get started and make the most of your new program
NIST’s new framework: Riding the wave of re-imagining privacy
The NIST Privacy Framework will revolutionize how we think about privacy. Here’s how your org might use it.
How to get your resume noticed at Expel (or anywhere)
Want the hiring manager here (or anywhere) to notice you? These resume pro tips will help you stand out from the pack.
Four habits of highly effective security teams
Practice these habits consistently and you’ll have an engaged, talented and all-around awesome security team.
How to get your security tool chest in order when you’re growing like crazy
Need to expand your security tool chest? Our CISO’s got some tips to consider when thinking about what tech to keep or buy.
Four common infosec legal risks and how to mitigate them
There are four missteps we see happen often that open fast-growing companies up to unnecessary legal risks -- here’s how to course correct.
Dear fellow CEO: do these seven things to improve your org’s security posture
Need to get the security train back on the tracks? Our CEO’s got some pro tips on improving your org’s security ASAP.
Does your MSSP or MDR provider know how to manage your signals?
How well is your MSSP or MDR going to manage your fleet of security signals over time? Here’s how to figure out whether they’re up for the challenge.
How to build a useful (and entertaining) threat emulation exercise for AWS
Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.
Five tips for improving your data ingestion and auditing process
You’re processing loads of data every day...but are you catching it all? Here are tips from our pros for rocking your data auditing.
12 ways to tell if your managed security provider won’t suck next year
How can you figure out if the quality of the service you’re about to sign up for will improve over time? Our COO Yanek Korff’s got some tips for making sure you choose a service that’ll last.
How public-private partnerships can support election security
Election security measures (or lack thereof) are making headlines. How can private sector orgs contribute to public sector security? Our CISO Bruce Potter’s got some ideas.
How to find Amazon S3 bucket misconfigurations and fix them ASAP
Why do Amazon S3 bucket breaches happen and how can you protect your own org from making this mistake? We’ve got all the AWS pro tips for you in our latest post.
Evaluating GreyNoise: what you need to know and how it can help you
We use technologies behind the scenes to make Expel Workbench and our analysts more efficient. GreyNoise is one of those -- here's how we use it and why you might find it useful too.
12 revealing questions to ask when evaluating an MSSP or MDR vendor
We’ve heard lots of interesting Qs as prospective customers evaluate which solution's right for them... here are the 12 you should be asking.
Seven ways to spot a business email compromise in Office 365
As attackers behind BEC attacks find ever more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.
Why we love threat emulation exercises (and how to get started with one of your own)
If your team doesn’t have lots of incident response practice under their belt (yet!), a threat emulation exercise is the perfect way to help them flex those response muscles and improve your collective skills.
How to start a cybersecurity program (or restart one that lapsed)
If you're left holding the hot potato of a legacy lackluster security program, or are suddenly forced to protect your org and its data with less, here are a few quick steps to take to get cybersecurity efforts back on track.
Three tips for getting started with cloud application security
If you're feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.
Office 365 security best practices: five things to do right now to keep attackers out
Figuring out how to protect your SaaS infrastructure like Office 365 -- especially if you’re newer to cloud -- can feel overwhelming. So here are five Office 365 security best practices to check out right now.
Reaching (all the way to) your NIST 800-171 compliance goals
Close common compliance gaps, without building a SOC, for NIST 800-171 security requirements. And a bit about how we can help.
How to get the most out of your upcoming SOC tour: making your provider uncomfortable
Seven smart ways to prepare for a tour of a security operations center (SOC) and five clues to watch out for during your visit.
Getting a grip on your cloud security strategy
Understanding how to think about cloud security differently is half the battle. We've thought a lot about it, and we’ve identified three key points that should inform your cloud strategy.
Oh Noes! A new approach to IR tabletop exercises
Oh Noes! is a role-playing game designed to help you and your organization become better prepared to respond to cybersecurity incidents.
Five quick checks to prevent attackers from weaponizing your website
Here are some of the most frequent ways attackers can use your website and your web presence to harm your company, your users and the public at large.
Why Expel doesn’t do R&D
Check out how we’re challenging ourselves to approach R&D (innovation) in a new way and not just cut and paste processes from our past just because "we’ve always done it that way."
How to hunt for reconnaissance
Use the hunting process to find attackers performing reconnaissance, through actions that aren’t things most users typically do, in your system.
A common sense approach for assessing third-party risk
Let us walk you through our third-party assessment process. We think it's lightweight but still achieves the objective - determining if a vendor can be trusted.
Lessons learned from a CISO’s first 100 days
In this guest post, Amanda Fennell, CSO at Relativity reflects on what she’s learned.
Investigating Darktrace alerts for lateral movement
Dive into a typical investigation and see how our analysts triage a Darktrace alert. Plus! We share some of our favorite Darktrace features.
A beginner’s guide to getting started in cybersecurity
Our list of five things you can do to take the first steps to an entry-level technical cybersecurity career.
How to identify when you’ve lost control of your SIEM (and how to rein it back in)
See if these four telltale warning signs get your head nodding. If so, learn how to get started on regaining control.
What’s new in the NIST Cybersecurity Framework (CSF) v1.1
In case doing a “stare-and-compare” of the original and updated frameworks isn’t your idea of fun, I’ve highlighted three important changes here.
‘Twas the Night Before RSAC
‘Twas the night before #RSAC, when all thro’ San Fran, No attacker was stirring, not even Shodan.
The booths were all built, the swag was all there, In hopes that the hordes would -actually- care ...
Security for the other 99 percent
TL;DR: We got more money to keep doing the things we love doing. Huzzah! I will now rant a bit. Click away as you see fit.
What is (cyber) threat hunting and where do you start?
We want to demystify what hunting is and what it’s not. So here goes nothin’ ...
How to get started with the NIST Cybersecurity Framework (CSF)
We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out.
What “I Love Lucy” teaches us about SOC performance
A little nerdy (and a lot math-y) post to help you better understand your SOC's systems, so you know how changes will impact its operation. If you’re wondering what “I Love Lucy” has to do with this then read on.
How much does it cost to build a 24x7 SOC?
Not all 24x7 SOCs are created equal. To figure out how much it costs to go 24x7, you have to first figure out what kind of SOC you’re trying to build. We outline four possible security operations centers and an estimate of your costs.
How to disrupt attackers and enable defenders using resilience
So… what is resilience? We’ll cover that and also how it works in this post. We’ve even thrown in a couple examples to get you started.
What our customers have taught us
After working with customers over the last year we’ve learned a whole lot more. Did we nail it?
Managed detection and response (MDR): symptom or solution?
An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.
Decoded: new changes to NIST’s Cybersecurity Framework
NIST has polished up their Cybersecurity Framework based on thousands of organizations implementing it over the past three years. Our CISO, Bruce Potter, highlights three of the most significant (and practical) changes.
What’s endpoint detection and response (EDR) and when should you care?
We cut through the hype to explain what EDR products can do for you.
Learning is fundamental
How to make change to create a learning environment and "The Three Ways" to bring order to your SOC. Part 5 of keep your security nerds happy series.
Warning signs that your MSSP isn’t the right fit
Look out for these five indicators that it's probably time to start considering alternatives to your managed security services provider. Plus, questions to ask to avoid these traps.
Recruit for team dauntless
A sample of questions posed in a recent interview, as we searched for the next member of our security team, and how to hire the fearlessly determined.
Part 4 of keep your security nerds happy series
Budget planning: determining your security spend
Guidance and a short list of things you can do to help you answer the common question "how much should I spend on cybersecurity?"
Heads up: WPA2 vulnerability
A (very) quick overview of the reported WPA2 weakness.
How to avoid shelfware
Set yourself up for success by asking these four questions before you purchase new security products.
Mission matters: watch your signals
Here are four things you can start working on today to set the tone for security in your organization that will have a lasting impact on your team.
Part 3 of keep your security nerds happy series
Mistakes to avoid when measuring SOC performance
Discover the three most common mistakes companies make when developing their first set of operational metrics.
From webshell weak signals to meaningful alert in four steps
Walk through a practical example of how you can make a weak signal actionable by combining events from your endpoint and network security technologies into one meaningful alert.
Don’t dam upstream: ways to build a feedback loop
Review four approaches to strengthen your security operations feedback loop and ensure analysts can influence detection.
Part 2 of keep your security nerds happy series
Get your security tools in order: seven tactics you should know
Do you have the equipment and material needed to get your work right? Here are seven things to keep in mind to bring harmony to your toolchain.
Part 1 of keep your security nerds happy series
Five ways to keep your security nerds happy
Hiring and keeping good IT / security practitioners can be tough, so once you’ve got good talent you’ll need to work to keep them. Here are five ways to make them happy and keep them coming back.
How to triage Windows endpoints by asking the right questions
The three parts of the investigative mindset and how to apply them when you triage endpoint alerts.
A cheat sheet for managing your next security incident
Tactical advice on how to survive a security incident when you don’t have an incident response plan.
The security people’s guide to Expel’s exe blog
My colleagues and I at Expel are new here. You’ll be hearing quite a bit more about us in the future. So let me take just a couple minutes to introduce who we are and why you might care. Note I said who we are, not what we do.