Security operations · 2 MIN READ · YONNI SHELMERDINE · MAY 6, 2024 · TAGS: Company news / Expel Workbench / MDR / Tech tools / vulnerability prioritization
As the cybersecurity community gathers once again for RSA Conference, we can’t help but step back and consider the overall state of security and the challenges that countless organizations face every day. Don’t get me wrong—we think about this a lot. But when we all come together as an industry, it forces us to think about just how varied the challenges they’re facing actually are. Even the same “challenges” like talent shortages, the ever-evolving landscape of cloud security, and how to adopt managed detection and response (MDR) solutions mean drastically different things to different customers. In an arena like that, it’s easy to see just how difficult it is to determine what the right solution and who the right partner is.
We at Expel are addressing these challenges by unveiling new and expanded MDR offerings that give orgs more flexibility in choosing the level of Expel MDR™ services and support they need–no matter their current requirements and budgets. While our offerings have never been “one-size-fits-all,” these new offerings formalize our approach to all different types of orgs and security teams, no matter where they are in their journey towards more advanced security maturity.
Why are we taking this step? More companies view cybersecurity as a business risk, so they’re seeking expertise in threat detection and response, especially from specialized providers (like Expel) to augment their existing security strategies and teams. We feel that we’re in a unique position to provide this expertise and appeal to more companies.
And we’re not the only ones who feel this way. IDC recently named Expel a Leader in the 2024 IDC MarketScape for Worldwide Emerging Managed Detection and Response (MDR) Services. IDC recognized our commitment to delivering comprehensive security solutions, and highlighted our AI-based automated enrichment, correlation, and investigative activities.
In addition to these new offerings, we’re announcing expanded automated remediation capabilities for a variety of surfaces – ranging from endpoint to cloud. These new response actions join our existing auto-remediation capabilities and continue to decrease the amount of time organizations are at risk from an attack, reducing mean-time-to-remediate (MTTR) and mean-time-to-contain (MTTC). They also help combat the widespread usage and growth of identity-based attacks, which accounted for 61% of all incidents our security operations center (SOC) identified in Q1 2024. The expanded capabilities include the ability to:
- Remove harmful files and registry keys
- Reset compromised cloud and Microsoft Entra Identity credentials
- Disable compromised cloud keys
The new response capabilities are facilitated through existing automation and AI tools in Expel Workbench™, including Ruxie™. Our customers can configure their accounts for these new automated response actions in Workbench, and this allows our SOC team to remediate on their behalf whenever an attack is detected in the environment. Thanks to our commitment to quality and transparency, we are seeing rapidly increased adoption of our automated responses, despite the industry’s tendency to be skeptical of them.
We’ve also made some moves in how we support industry-leading security information and event management (SIEM) solutions. We expanded reporting for Splunk Enterprise Security and Microsoft Sentinel, giving customers evaluations of their SIEM rules configurations to determine supportability and guide them on which rules to implement to make their environments more secure. And Expel is broadening detection coverage for out-of-the-box rules for CrowdStrike Falcon Logscale and Splunk Enterprise Core.
Finally, we’re also expanding coverage of our Expel Vulnerability Prioritization service with a new integration for Qualys VMDR. Customers can now integrate their Qualys vulnerability information into Expel Workbench for fast analysis and prioritization of their highest-risk vulnerabilities.
We’re really excited about these new offerings and capabilities, and expect they’ll help ease some of the most pervasive challenges that security teams face as they navigate the increasingly complicated threat landscape.
If you’re attending RSA Conference, stop by our booth—#0535 in the South Hall—to chat about these changes in person. We’d love to talk with you.
