MDR | 3 min read
Getting real value from your Palo Alto investment: how Expel MDR transforms security operations

Expel MDR reduces Palo Alto alert noise by 87% with 17-minute response times. Expert 24x7 analysis maximizes your security investment ROI.

MDR | 7 min read
How to sell Expel MDR to your CFO: the complete guide

Selling MDR to a CFO is challenging. Use numbers that matter, and be prepared for questions. This guide can help you prepare your proposal.

MDR | 4 min read
The hidden costs of ‘cheaper’ security

Beware of the hidden costs of "cheaper" security, and know what you should ask and pay attention to before switching MDR providers.

MDR | 7 min read
Alert fatigue, burnout, turnover: lather, rinse, repeat

Many security orgs are trapped in a difficult cycle. Alert fatigue causes service quality degradation and fuels burnout. Rinse & repeat.

MDR | 5 min read
Insights on the MDR market from the Gartner® Security & Risk Summit

Expel attending the Gartner Security & Risk Summit. Here are the insights we gathered on the MDR market post-conference.

MDR | 2 min read
Identity: Your new financial fortress (and who’s trying to log in?)

Identity is the new perimeter in cybersecurity, and bad attackers aren't breaking in—they're logging in, and targeting FinServ.

MDR | 6 min read
Scaling detection: When 1 + 1 = 3 (grouping IPs to find bad actors across orgs)

Here's an overview of how at Expel, we group large data sets via IP information to identify bad actors working across multiple customers.

MDR | 2 min read
Simplifying Microsoft security with Expel MDR

Expel MDR seamlessly integrates with all the Microsoft security tools in your tech stack, from Microsoft Azure to Microsoft 365 and more.

MDR | 4 min read
MDR pricing decoded: what CISOs and security directors need to know

Discover the hidden costs behind MDR pricing models. Learn what CISOs need to know about managed detection and response pricing, per-endpoint costs, and avoiding 'free' feature traps to make informed MDR cost decisions.

MDR | 2 min read
Join Expel & Forrester for a discussion on threat hunting and detection

Join Expel & Forrester on May 7 at 2pm ET for a live webinar discussing threat hunting and detection strategies.

MDR | 4 min read
The great SIEM paradox: does more data equal better security?

More data doesn't equate to better security. Understand what data belongs in a SIEM (and what doesn't), and how Expel MDR can help.

MDR | 3 min read
Closing the revolving door in security: solving FinServ staffing struggles

Expel can help you maximize your FinServ security team's capabilities with our managed detection and response (MDR) and automation offerings.

MDR | 6 min read
15 criteria Expel rocked a 5/5 score in The Forrester Wave™: MDR Services, Q1 2025

Enjoy this complimentary playlist while diving into the fifteen reasons why Expel is the best option when it comes to MDR cloud providers.

MDR | 4 min read
Security data done right: A conversation on MDR, SIEM, and data storage

Catch a recap of Expel's conversation with Sumo Logic on the pitfalls of bad data storage habits, and learn how to resolve them with tips.

MDR | 3 min read
How Expel MDR protects your customers and capital

Expel MDR protects customers and capital, and is a great cybersecurity partner for financial institutions and organizations.

MDR | 10 min read
Beware QR code phishing, subscription bombing, and other Grinchy scams this holiday season

As the holidays approach, cyber Grinches are phishing for data, credentials, and more. Look out for these email scams and check your inbox this season!

MDR | 9 min read
MDR mythbusters: ten common myths, debunked

We debunk ten MDR myths to help you make sense of the increasingly complex security landscape and understand cybersecurity alphabet soup.

MDR | 4 min read
Part III: How MDR can transform your SIEM investment

This is part three of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.

MDR | 4 min read
Part II: How MDR can transform your SIEM investment

This is part two of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.

MDR | 4 min read
Part I: How MDR can transform your SIEM investment

This is part one of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.

MDR | 3 min read
AI and security: hype or hope?

Now that the dust is settling and the AI picture is getting clearer, it's time to separate fact from fiction.

MDR | 3 min read
How phishing threat actors are using AI: a real world example

Our phishing team intercepted an email that appears to contain AI-generated code. Here's what it can teach you.

MDR | 3 min read
Making sense of the seismic shifts in the SIEM world

Here's answers to pressing questions about what's happening in the world of SIEM, and what to do if you're asking yourself these questions.

MDR | 3 min read
No honor among ransomware criminals

Take steps to assess your org’s security now, so you can protect yourself from ransomware gangs like BlackCat.

MDR | 7 min read
Transparency in MDR: three use cases

Transparency influences everything we do at Expel. Here's why it's a beneficial strategy for your business.

MDR | 3 min read
Let your security maturity be your guide

Security maturity is critical in determining your SecOps strategy. Learn how an Expel customer determined it was time to add threat hunting.

MDR | 6 min read
Assessing suspicious Outlook rules: an exercise

Outlook Inbox rules are used for legitimate and malicious reasons. Use these case exercises, tips, and tricks on how to analyze them.

MDR | 4 min read
What frameworks and tools drive security maturity?

New research by the SANS Institute, commissioned by Expel, outlines the frameworks, tools, and techniques that drive security maturity.

MDR | 3 min read
What outcomes can you expect from security-enabled innovation?

Security ROI research shows that security investments drive innovation, which has wide-reaching ripple effects that enable business success.

MDR | 3 min read
When does an org need to up its cybersecurity game?

Every company must have an acceptable level of security to earn customer and partner trust as it grows. How do you know when you're there?

MDR | 2 min read
To build or to buy…that is the question

Should I build my own SOC or partner with an MDR provider? There’s a lot more that goes into the answer than dollars and cents alone.

MDR | 2 min read
Risk-based prioritization in vulnerability management

Risk-based, stakeholder-specific vulnerability prioritization can reduce risk and drive results. Learn more with this whitepaper.

MDR | 3 min read
Hypothesis-based threat hunting: the what, why, and how

Your threat hunting program should focus on TTPs, holes, and areas of concern around your security posture and create hunts to probe those areas.

MDR | 6 min read
Wake me up, before you log-log (…or when September ends, whichever comes first)

Logs are a necessary and useful component in any cybersecurity practice, but when and how you use them can significantly change your security outcomes.

MDR | 3 min read
Red team sneakiness: Splunking for AD certificate abuse

Recently we saw a red team operation which included attacks against Active Directory. Here’s how we solved the mystery.

MDR | 2 min read
How MDR complements your SIEM investment

MDR adapts to whatever your SIEM needs to do. Accelerate time-to-value and simplify how you view SIEM security alerts.

MDR | 4 min read
The role of artificial intelligence in threat hunting

Artificial intelligence—or, more accurately, machine learning (ML)—is a huge boost for threat hunters. Here's how.

MDR | 4 min read
Vulnerability prioritization improves security, saves time & money

Expel® Vulnerability Prioritization highlights your most critical vulnerabilities so you can fix them first to reduce risk and prioritize.

MDR | 3 min read
How phishing opens the door to business email compromise

Business email compromise shares similarities with phishing emails, but the two are distinct in some important ways. Here's what's different.

MDR | 2 min read
Threat hunting basics: understanding key principles

Threat hunting basics—continuous monitoring, intel-driven, hypothesis testing, and collaboration—help you detect and smother threats faster.

MDR | 2 min read
Risk-based prioritization is the key to your vulnerability management challenges

Instead of wasting resources on low-risk vulnerabilities, vulnerability prioritization identifies, prioritizes, and remediates based on relative risk.

MDR | 2 min read
Threat hunting complements MDR for a stronger defensive strategy

Learn how an elite MDR operation works with threat hunting to rapidly uncover critical insights and stop threats faster.

MDR | 2 min read
Vulnerability management, prioritization, and assessment: what’s the difference?

Prioritize vulnerabilities effectively. Learn how management covers the full lifecycle and why prioritization is key to reducing your risk.

MDR | 4 min read
Expel rides a Wave

Expel has been named a Leader in The Forrester Wave™: Managed Detection and Response, Q2 2023. Expel achieved the highest score in the Current Offering category at 4.6.

MDR | 3 min read
New UK cybersecurity report: top 5 findings

Expel’s new survey of UK IT decision makers reveals the primary concerns facing both security leaders and front-line workers.

MDR | 2 min read
Which flavor of MDR is right for your org?

Clear up your MDR confusion with the Gartner® Market Guide for Managed Detection and Response Services.

MDR | 3 min read
5 cybersecurity predictions for 2023

Gaze into the future of cybersecurity. Our 2023 predictions will help you prepare for the biggest trends and threats on the horizon.

MDR | 4 min read
Attacker-in-the-middle phishing: how attackers bypass MFA

A new "attacker-in-the-middle" (AitM) phishing tactic can end-run your MFA defenses. Get our analysis and learn how to protect your org.

MDR | 4 min read
Who ya gonna call (to make the most of your SIEM data)?

Import your SIEM into Expel Workbench and turn hours of development into custom rules. Find out why you might not need a SIEM at all.

MDR | 4 min read
How should my MDR provider support my compliance goals?

Find out what compliance means in practice and how your MDR provider can support your compliance program, not become a liability.

MDR | 9 min read
12 revealing questions to ask when evaluating an MSSP or MDR vendor

We’ve heard lots of interesting Qs as prospective customers evaluate which MDR provider is right for them... here are the 12 you should be asking.

MDR | 5 min read
How to avoid shelfware

Set yourself up for success by asking these four questions before you purchase new security products. (5 min read)

MDR | 7 min read
From webshell weak signals to meaningful alert in four steps

Stop wasting time on weak security signals. Learn how to combine endpoint and network events for a single, actionable alert.

MDR | 3 min read
Get your security tools in order: seven tactics you should know

Get your work right. Learn seven things to consider to bring harmony to your security toolchain and get the equipment you need to succeed.

MDR | 7 min read
How to triage Windows endpoints by asking the right questions

The three parts of the investigative mindset and how to apply them when you triage endpoint alerts. (8 min read)

MDR | 5 min read
A cheat sheet for managing your next security incident

Tactical advice on how to survive a security incident when you don’t have an incident response plan. (6 min read)