AWS
Cloud security | 3 min read
Cloud Decoded (part 2): What attackers don’t want you to knowThis is part two of Expel's blog series on decoding the cloud. It dives in to what attackers don't want you to know.
Current events | 2 min read
Key takeaways from AWS re:Inforce 2025Expel recently attended the 2025 AWS re:Inforce conference, where our CEO David Merkel spoke at AWS Security Live. Here's what we learned.
Cloud security | 4 min read
Cloud Decoded (part 1): The cloud security mythbuster—what MDR really means for cloudThis is part one of Expel's blog series on decoding the cloud. The first one covers what MDR really means for cloud.
Cloud security | 8 min read
Comparison of cloud resources (part II): Demystifying cloud security toolsThis is part two of our four-part blog series on comparing cloud resources. Part two defines the types of tools used for cloud security.
Cloud security | 5 min read
Comparison of cloud resources (part I): Securing every layer of your cloud—from the control plane to appsThis is part one of our four-part blog series on comparing cloud resources. Part one covers the layers of the cloud infrastructure.
Company news | 4 min read
Securing your cloud investment: an interactive panel with AWS, Expel & WizExpel, AWS & Wiz joined forces with customers to discuss the challenges of cloud security today, and what's to come in the future.
Company news | 2 min read
Pack your bags: Expel hits the cybersecurity event circuitWe’re headed to the Gartner Security & Risk Management Summit and AWS re:Inforce to talk shop and show off our industry-leading services.
Current events | 7 min read
Attackers are expanding access through Amazon CognitoImproperly configured AWS Cognito web portals can allow attackers to gain direct access to your AWS control plane. Here's how.
Current events | 2 min read
Our top five cybersecurity predictions for 2024Here are our top five cybersecurity predictions for 2024 from Expel experts and leadership based on trends and current events.
Rapid response | 5 min read
Incident report: stolen AWS access keysLearn what happens after AWS access keys are stolen. Our teams collaborated on a real-world incident. Read how we responded to the attack.
Rapid response | 6 min read
Incident report: From CLI to console, chasing an attacker in AWSWe detected and stopped unauthorized access in a customer's AWS environment. Learn how we spotted it, what we did, and key takeaways for your security.
Cloud security | 3 min read
5 pro tips for detecting in AWSCloud security is complex, but start with the basics. Get pro tips to help focus your lens for detecting threats in AWS effectively.
Cloud security | 4 min read
Attack trend alert: AWS-themed credential phishing techniqueAttackers are phishing with fake AWS log-in pages. See how our crew identified and triaged a malicious email to protect a customer.
Product | 2 min read
Introducing Expel Workbench™ for Amazon Web Services (AWS)Spend less time fixing AWS security issues. Our new SaaS product automates alert and log investigation, freeing up your team.
Cloud security | 6 min read
Evilginx-ing into the cloud: How we detected a red team attack in AWSSee how we defeated a red team attack in AWS! We detail our defense strategy using open source tools and share tips to protect your org.
Cloud security | 2 min read
Introducing a mind map for AWS investigationsInvestigating in AWS? We created a mind map using CloudTrail insights to help your team. Check out this essential AWS security resource.
Product | 8 min read
The power of orchestration: how we automated enrichments for AWS alertsAutomation is key for analysts. Learn how we use orchestration to automate enrichments for AWS alerts, freeing analysts to focus on threats.
Cloud security | 8 min read
Behind the scenes in the Expel SOC: Alert-to-fix in AWSWonder what cloud investigation looks like? See how our team foiled a real-life coin-mining attack in AWS, from alert to fix.
Cloud security | 5 min read
Making sense of Amazon GuardDuty alertsRunning AWS workloads? You need GuardDuty. Get our pro tips on what it is and how to make sense of all its security signals.
Cloud security | 7 min read
Generate Strong Security Signals with Sumo Logic & AWS CloudtrailLooking to get more or better security signals from AWS Cloudtrail? Learn how with Expel.io. See how we use the Sumo Logic SIEM for actionable data.
Cloud security | 7 min read
How to build a useful (and entertaining) threat emulation exercise for AWSWant to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.
Cloud security | 8 min read
How to find Amazon S3 bucket misconfigurations and fix them ASAPWhy do Amazon S3 bucket breaches happen? Get the AWS pro tips you need to protect your org from making this costly mistake.