Engineering · 2 MIN READ · ALAN NEWMAN · SEP 28, 2023 · TAGS: Expel Workbench / Integrations / Tech tools
This quarter’s integrations cover everything from password management solutions to new Kubernetes environments, with stops in the cloud and at the endpoint…
If your budgets are like those at most organizations, it’s essential to get the most out of your existing security investments. Integrating with the tech you already have is a fantastic (and obvious) way. In fact, 75% of our customers told us that our integrations with a wide variety of technology was of significant value to them.
Our integrations portfolio includes 100+ technologies across cloud, Kubernetes, SaaS, and on-prem environments, and we’re always adding to that list. We’re back this quarter to share with you the newest tech integrations we’ve added to our security operations platform, Expel Workbench™.
LastPass integration addresses the top incident type our SOC deals with: identity-based attacks
Once again, identity-based attacks remain the top incident type identified by our SOC; they accounted for 64% of the total incidents in Q2 2023—up seven percentage points from the previous quarter. Password management is a great solution for helping to reduce password and identity-based risks by securing passwords in an encrypted vault.
We now integrate with LastPass to detect successful authentication with suspicious user agent strings, changes to sensitive configurations, authentication from suspicious countries, and more.
Lacework and Orca: get answers, not alerts, from your cloud investments
In our recent study with the Cloud Security Alliance (CSA), we found that 71% of organizations are using more than one cloud service provider. Cloud adoption continues to rise and we want to ensure our platform enables you to securely capitalize on the opportunities the cloud presents.
That’s why we’re unveiling integrations with Lacework, a cloud-native application protection platform, as well as Orca Security, a cloud security platform, to detect and respond to incidents in your cloud environment sooner. We’ll monitor your Lacework and Orca Security alerts so that our SOC analysts can quickly and efficiently triage and investigate them.
Expanded coverage for Kubernetes workloads: Azure
In the same study with CSA, we found that 85% of organizations use Kubernetes workloads. Kubernetes is the de facto standard for containerized applications, but they’re often a blindspot for security teams.
Earlier this year, we launched our new Expel® Managed Detection and Response (MDR) for Kubernetes offering with support for Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS). We’ve now expanded our integrations to support Azure Kubernetes Service (AKS). We’ll analyze your AKS audit logs, apply custom detection logic to alert on malicious or interesting activity, and offer clear steps to remediate.
Improve endpoint detection and response (EDR) decision support with our Trend Micro integration
Endpoint tech can produce a lot of alerts. With so much to sort through, it’s easy to get lost in the noise and miss a serious incident. That’s why we integrate with your EDR tech to filter out the noise, enrich the signal with context, and provide clear next steps for decision support. We now integrate with Trend Micro Apex One. We use its security events to provide additional context and correlation during alert triage so you get answers instead of alerts.
Additional integrations for web application firewalls (WAFs): Imperva and Cloudflare
Due to web applications’ inherent exposure to the internet, WAFs can generate a lot of noise from scanners, bots, and opportunistic threat actors. We help eliminate the noise, so you can focus only on high-fidelity alerts.
You can see the full list of our 100+ integrations here. As always, our team is busy working on the next set to help you maximize your existing tech investments. Stay tuned for next quarter’s integration roundup.