Product · 2 MIN READ · KIM MAHONEY AND JOEL SHINDELDECKER · MAR 4, 2025 · TAGS: Announcement / Threat hunting
TL;DR
- Expel Managed Detection and Response (MDR) has new threat intelligence reporting capabilities in our SecOps platform, Expel Workbench™
- Threat Bulletins issued by our SOC will now be available in Workbench—previously they were communicated via email and productivity apps
- This new feature also shares details on if and when threat hunting was completed as a result of an incident, industry news, or other issue
Threat intelligence. It’s vital to those of us in the managed detection and response (MDR) community that fight the good fight against cybercriminals. Expel regularly references this vital information while protecting our customers, and many times we even source or uncover our own threat intelligence that benefits all of our customers.
In fact, a recent IDC research study said, “MDR Providers are in a unique position when it comes to turning threat intelligence into information that can proactively aid their customers.” (IDC, Managed Detection and Response: Perceptions from a Rapidly Growing Market, doc # US51725524, July 2024).
That’s why Expel recently expanded our threat intelligence reporting in Expel Workbench™. Expel customers—from time-to-time—receive what we call Threat Bulletins from our SOC team. Threat Bulletins outline information we’ve uncovered on emerging threats or zero-day attacks, either through our regular course of business, or when there’s a major industry threat announced (think log4j and the like). It’s an important part of our service, because it provides customers with peace of mind by letting them know what’s out there, as well as letting them know that we’re aware of the threats and doing something to keep their environment safe.
Our Threat Bulletins were previously distributed via email and through our customers’ preferred productivity apps. Now, we’ve released a brand new experience within Workbench that includes vital information for quick visibility and easy recall. The new UI for these Threat Bulletins includes information on the attack, attacker, origination point, any vulnerability information, and specific indicators of compromise (IOCs) associated with the threat (when available). It also includes guidance on next steps customers can take to protect their environments. When IOCs are available, we’ll also run an emerging threat hunt across our customers’ environments that looks back in time two weeks.
With this new Threat Bulletin experience built into Workbench, our customers can rest easy knowing that we’re aware of emerging threats—and in specific cases, actively hunting in their environment to ensure no compromise has occurred. They can also see the results of any hunt we’ve run on their behalf related to the threat. In the past, customers would often contact their account team if we hadn’t yet issued a Threat Bulletin, or if they missed the communication. Now, it’s there for them to see in Workbench anytime, providing them with that peace of mind that’s our stock-in-trade here at Expel.