Rapid response | 2 min read
Scattered Spider’s heightened activity—here’s the 411

Threat group Scattered Spider is making headlines again as they increase targeting for financial services and insurance orgs.

Current events | 4 min read
5 questions to ask when your security vendor gets acquired

Whether your MDR provider is going through a merger or acquisition, here are five questions you'll want to ask your new point of contact.

Product | 3 min read
How to onboard with Expel in 7 minutes (No, really. We’ll show you.)

See with your own eyes how Expel MDR is up and running in less than seven minutes, from API connection to immediate protection.

MDR | 6 min read
Scaling detection: When 1 + 1 = 3 (grouping IPs to find bad actors across orgs)

Here's an overview of how at Expel, we group large data sets via IP information to identify bad actors working across multiple customers.

Cloud security | 4 min read
Cloud Decoded (part 1): The cloud security mythbuster—what MDR really means for cloud

This is part one of Expel's blog series on decoding the cloud. The first one covers what MDR really means for cloud.

MDR | 4 min read
MDR pricing decoded: what CISOs and security directors need to know

Discover the hidden costs behind MDR pricing models. Learn what CISOs need to know about managed detection and response pricing, per-endpoint costs, and avoiding 'free' feature traps to make informed MDR cost decisions.

Data & research | 5 min read
Expel Quarterly Threat Report, Q1 2025: Cloud infrastructure trends

Volume IV of our Q1 2025 Quarterly Threat Report summarizes key findings for cloud infrastructure. Learn what to focus on right now.

Data & research | 3 min read
Expel Quarterly Threat Report, Q1 2025: Endpoint threats

Volume III of our Q1 2025 Quarterly Threat Report summarizes key findings for endpoint threats. Learn what to focus on right now.

Cloud security | 3 min read
Comparison of cloud resources (part IV): Making a roadmap for cloud security

This is part four of our four-part blog series on comparing cloud resources. Part four covers the roadmap for cloud security.

Data & research | 5 min read
MDR insights: Tracking lateral movement in a Windows environment (part 2)

This is part two of a pocket guide created by Expel's SOC analysts to track and identify lateral movement within your Windows environments.

SOC | 7 min read
Stressed SOC? Data’s your best ally to justify more resources

Use analyst workload metrics and efficiency KPIs data to build a business case for more SOC resources and increased budget.

Current events | 12 min read
Code-signing certificate abuse in the Black Basta chat leaks (and how to fight back)

Ransomware gang Black Basta's chats were recently leaked, proving how they abuse code-signing certificates. Here's how to defend against it.

Cloud security | 9 min read
Vulnerability management for cloud environments

Vulnerability management in the cloud has its own unique challenges and strategies. Dive into the nuances and how Expel can help.

Current events | 2 min read
A Valentine’s Day guide to protecting your digital heart

Happy Valentine's Day! Love is in the air, and unfortunately, so is cyber crime. Stay safe with these cybersecurity tips from Expel.

Data & research | 7 min read
MDR insights: Tracking lateral movement in a Windows environment (part I)

This is a pocket guide created by Expel's SOC analysts to track and identify anomalous lateral movement within your Windows environments.

MDR | 9 min read
MDR mythbusters: ten common myths, debunked

We debunk ten MDR myths to help you make sense of the increasingly complex security landscape and understand cybersecurity alphabet soup.

MDR | 4 min read
Part I: How MDR can transform your SIEM investment

This is part one of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.

Data & research | 5 min read
Expel Quarterly Threat Report Q3 2024, volume V: Preparing for software supply chain risk

Volume V of our Q3 2024 Quarterly Threat Report focuses on preparing for software supply chain risk. Learn what to focus on right now.

Rapid response | 1 min read
Security alert: Fortinet zero-day vulnerability

Fortinet has disclosed a zero-day vulnerability that needs to be patched immediately, or the protocol connection to the internet should be disabled.

Data & research | 3 min read
Expel Quarterly Threat Report Q3 2024, volume IV: Suspicious infrastructure from phishing-as-a-service (PhaaS) platforms

Volume IV of our Q3 2024 Quarterly Threat Report focuses on phishing-as-a-service (PaaS). Learn what to focus on right now.

Data & research | 4 min read
Expel Quarterly Threat Report Q3 2024, volume III: Malware trends

Volume III of our Q3 2024 Quarterly Threat Report focuses on malware trends. Learn what to focus on right now.

Data & research | 4 min read
Expel Quarterly Threat Report Q3 2024, volume II: CAPTCHA trick or treat

Volume II of our Q3 2024 Quarterly Threat Report focuses on malicious CAPTCHAs. Learn what to focus on right now.

Data & research | 2 min read
Expel Quarterly Threat Report, volume I: Q3 2024 by the numbers

Volume I of our Quarterly Threat Report summarizes key findings and stats from Q3 of 2024. Learn what to focus on right now.

Data & research | 5 min read
Expel Quarterly Threat Report Q2 2024 volume V: Latent-risk infostealing malware

Last up in our Q2 QTR series: we dig into infostealers and the importance of detecting, mitigating, and responding to this form of malware.

Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume IV: Phishing trends

PhaaS platforms make phishing easy. In this volume in our series, we share what these are, how they work, and how they can be counteracted.

Data & research | 5 min read
Expel Quarterly Threat Report Q2 2024 volume III: Malware infection trends

Volume III of our Quarterly Threat Report covers malware trends in Q2 of 2024. Learn what to focus on right now.

Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume II: Attackers advance with AI

Volume II of our Quarterly Threat Report covers how attackers are advancing with AI in Q2 of 2024. Learn what to focus on right now.

Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume I: Q2 by the numbers

Volume I of our Quarterly Threat Report summarizes key findings and stats from Q2 of 2024. Learn what to focus on right now.

SOC | 7 min read
Logs your SOC can use every day: a quick reference guide

We pulled the logs our SOC team use daily into a handy quick reference guide for our analysts—and now, you.

MDR | 3 min read
No honor among ransomware criminals

Take steps to assess your org’s security now, so you can protect yourself from ransomware gangs like BlackCat.

Current events | 1 min read
GKE/Gmail vulnerability: notes and tips

Security researchers have discovered a new Google Kubernetes Engine misconfiguration. Here’s what you need to know.

MDR | 6 min read
Assessing suspicious Outlook rules: an exercise

Outlook Inbox rules are used for legitimate and malicious reasons. Use these case exercises, tips, and tricks on how to analyze them.

SOC | 5 min read
Work with your SOC/MDR in a cybersecurity risk assessment

There are different kinds of security assessments, and what you perform should be aligned to your organization's goals.

MDR | 3 min read
When does an org need to up its cybersecurity game?

Every company must have an acceptable level of security to earn customer and partner trust as it grows. How do you know when you're there?

Product | 3 min read
Following the lifecycle of a cloud alert in Expel Workbench

Our tour shows you the journey a cloud alert takes in Expel MDR for cloud infrastructure, in a single or multi-cloud environment.

Rapid response | 1 min read
Security alert: privilege escalation vulnerability in Confluence Data Center and Server, CVE-2023-22515

Here's how to mitigate a Confluence Data Center and Server vulnerability that lets attackers create admin accounts on external-facing servers.

Rapid response | 1 min read
Security alert: zero-day vulnerability CVE-2023-4863 in libwebp (WebP) library

CVE-2023-4863 is a zero-day vulnerability in libwebp, which can result in arbitrary command execution when exploited. Here’s why it matters and what to do.

MDR | 6 min read
Wake me up, before you log-log (…or when September ends, whichever comes first)

Logs are a necessary and useful component in any cybersecurity practice, but when and how you use them can significantly change your security outcomes.

MDR | 3 min read
Red team sneakiness: Splunking for AD certificate abuse

Recently we saw a red team operation which included attacks against Active Directory. Here’s how we solved the mystery.

MDR | 4 min read
How should my MDR provider support my compliance goals?

Find out what compliance means in practice and how your MDR provider can support your compliance program, not become a liability.