Guidance
Rapid response | 2 min read
Scattered Spider’s heightened activity—here’s the 411Threat group Scattered Spider is making headlines again as they increase targeting for financial services and insurance orgs.
Current events | 4 min read
5 questions to ask when your security vendor gets acquiredWhether your MDR provider is going through a merger or acquisition, here are five questions you'll want to ask your new point of contact.
Product | 3 min read
How to onboard with Expel in 7 minutes (No, really. We’ll show you.)See with your own eyes how Expel MDR is up and running in less than seven minutes, from API connection to immediate protection.
MDR | 6 min read
Scaling detection: When 1 + 1 = 3 (grouping IPs to find bad actors across orgs)Here's an overview of how at Expel, we group large data sets via IP information to identify bad actors working across multiple customers.
Cloud security | 4 min read
Cloud Decoded (part 1): The cloud security mythbuster—what MDR really means for cloudThis is part one of Expel's blog series on decoding the cloud. The first one covers what MDR really means for cloud.
MDR | 4 min read
MDR pricing decoded: what CISOs and security directors need to knowDiscover the hidden costs behind MDR pricing models. Learn what CISOs need to know about managed detection and response pricing, per-endpoint costs, and avoiding 'free' feature traps to make informed MDR cost decisions.
Data & research | 5 min read
Expel Quarterly Threat Report, Q1 2025: Cloud infrastructure trendsVolume IV of our Q1 2025 Quarterly Threat Report summarizes key findings for cloud infrastructure. Learn what to focus on right now.
Data & research | 3 min read
Expel Quarterly Threat Report, Q1 2025: Endpoint threatsVolume III of our Q1 2025 Quarterly Threat Report summarizes key findings for endpoint threats. Learn what to focus on right now.
Cloud security | 3 min read
Comparison of cloud resources (part IV): Making a roadmap for cloud securityThis is part four of our four-part blog series on comparing cloud resources. Part four covers the roadmap for cloud security.
Data & research | 5 min read
MDR insights: Tracking lateral movement in a Windows environment (part 2)This is part two of a pocket guide created by Expel's SOC analysts to track and identify lateral movement within your Windows environments.
SOC | 7 min read
Stressed SOC? Data’s your best ally to justify more resourcesUse analyst workload metrics and efficiency KPIs data to build a business case for more SOC resources and increased budget.
Current events | 12 min read
Code-signing certificate abuse in the Black Basta chat leaks (and how to fight back)Ransomware gang Black Basta's chats were recently leaked, proving how they abuse code-signing certificates. Here's how to defend against it.
Cloud security | 9 min read
Vulnerability management for cloud environmentsVulnerability management in the cloud has its own unique challenges and strategies. Dive into the nuances and how Expel can help.
Current events | 2 min read
A Valentine’s Day guide to protecting your digital heartHappy Valentine's Day! Love is in the air, and unfortunately, so is cyber crime. Stay safe with these cybersecurity tips from Expel.
Data & research | 7 min read
MDR insights: Tracking lateral movement in a Windows environment (part I)This is a pocket guide created by Expel's SOC analysts to track and identify anomalous lateral movement within your Windows environments.
MDR | 9 min read
MDR mythbusters: ten common myths, debunkedWe debunk ten MDR myths to help you make sense of the increasingly complex security landscape and understand cybersecurity alphabet soup.
MDR | 4 min read
Part I: How MDR can transform your SIEM investmentThis is part one of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.
Data & research | 5 min read
Expel Quarterly Threat Report Q3 2024, volume V: Preparing for software supply chain riskVolume V of our Q3 2024 Quarterly Threat Report focuses on preparing for software supply chain risk. Learn what to focus on right now.
Rapid response | 1 min read
Security alert: Fortinet zero-day vulnerabilityFortinet has disclosed a zero-day vulnerability that needs to be patched immediately, or the protocol connection to the internet should be disabled.
Data & research | 3 min read
Expel Quarterly Threat Report Q3 2024, volume IV: Suspicious infrastructure from phishing-as-a-service (PhaaS) platformsVolume IV of our Q3 2024 Quarterly Threat Report focuses on phishing-as-a-service (PaaS). Learn what to focus on right now.
Data & research | 4 min read
Expel Quarterly Threat Report Q3 2024, volume III: Malware trendsVolume III of our Q3 2024 Quarterly Threat Report focuses on malware trends. Learn what to focus on right now.
Data & research | 4 min read
Expel Quarterly Threat Report Q3 2024, volume II: CAPTCHA trick or treatVolume II of our Q3 2024 Quarterly Threat Report focuses on malicious CAPTCHAs. Learn what to focus on right now.
Data & research | 2 min read
Expel Quarterly Threat Report, volume I: Q3 2024 by the numbersVolume I of our Quarterly Threat Report summarizes key findings and stats from Q3 of 2024. Learn what to focus on right now.
Data & research | 5 min read
Expel Quarterly Threat Report Q2 2024 volume V: Latent-risk infostealing malwareLast up in our Q2 QTR series: we dig into infostealers and the importance of detecting, mitigating, and responding to this form of malware.
Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume IV: Phishing trendsPhaaS platforms make phishing easy. In this volume in our series, we share what these are, how they work, and how they can be counteracted.
Data & research | 5 min read
Expel Quarterly Threat Report Q2 2024 volume III: Malware infection trendsVolume III of our Quarterly Threat Report covers malware trends in Q2 of 2024. Learn what to focus on right now.
Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume II: Attackers advance with AIVolume II of our Quarterly Threat Report covers how attackers are advancing with AI in Q2 of 2024. Learn what to focus on right now.
Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume I: Q2 by the numbersVolume I of our Quarterly Threat Report summarizes key findings and stats from Q2 of 2024. Learn what to focus on right now.
SOC | 7 min read
Logs your SOC can use every day: a quick reference guideWe pulled the logs our SOC team use daily into a handy quick reference guide for our analysts—and now, you.
MDR | 3 min read
No honor among ransomware criminalsTake steps to assess your org’s security now, so you can protect yourself from ransomware gangs like BlackCat.
Current events | 1 min read
GKE/Gmail vulnerability: notes and tipsSecurity researchers have discovered a new Google Kubernetes Engine misconfiguration. Here’s what you need to know.
MDR | 6 min read
Assessing suspicious Outlook rules: an exerciseOutlook Inbox rules are used for legitimate and malicious reasons. Use these case exercises, tips, and tricks on how to analyze them.
SOC | 5 min read
Work with your SOC/MDR in a cybersecurity risk assessmentThere are different kinds of security assessments, and what you perform should be aligned to your organization's goals.
MDR | 3 min read
When does an org need to up its cybersecurity game?Every company must have an acceptable level of security to earn customer and partner trust as it grows. How do you know when you're there?
Product | 3 min read
Following the lifecycle of a cloud alert in Expel WorkbenchOur tour shows you the journey a cloud alert takes in Expel MDR for cloud infrastructure, in a single or multi-cloud environment.
Rapid response | 1 min read
Security alert: privilege escalation vulnerability in Confluence Data Center and Server, CVE-2023-22515Here's how to mitigate a Confluence Data Center and Server vulnerability that lets attackers create admin accounts on external-facing servers.
Rapid response | 1 min read
Security alert: zero-day vulnerability CVE-2023-4863 in libwebp (WebP) libraryCVE-2023-4863 is a zero-day vulnerability in libwebp, which can result in arbitrary command execution when exploited. Here’s why it matters and what to do.
MDR | 6 min read
Wake me up, before you log-log (…or when September ends, whichever comes first)Logs are a necessary and useful component in any cybersecurity practice, but when and how you use them can significantly change your security outcomes.
MDR | 3 min read
Red team sneakiness: Splunking for AD certificate abuseRecently we saw a red team operation which included attacks against Active Directory. Here’s how we solved the mystery.
MDR | 4 min read
How should my MDR provider support my compliance goals?Find out what compliance means in practice and how your MDR provider can support your compliance program, not become a liability.