Engineering | 8 min readTerraforming a better engineering experience with Atlantis
To build something useful you must first understand your users. Find out how Expel used Terraform and Atlantis to build a platform that makes self-service provisioning in cloud infrastructure easy. % %
Security operations | 8 min readBehind the scenes in the Expel SOC: Alert-to-fix in AWS
Wonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.
Tips | 6 min readPrioritizing suspicious PowerShell activity with machine learning
Attackers love to look to PowerShell to enact their evil plans. Expel’s senior data scientist tells us how she used machine learning to help analysts spot malicious activity in PowerShell quickly.
Tips | 7 min read10 tips for protecting computer security and privacy at home
Many of us recently became remote workers. Now, more than ever, it’s important for us to understand how to keep our at home networks safe. Here are 10 tips to stay secure at home.
Security operations | 2 min readNIST CSF: A new interactive tool to track your progress
There’s lots to like about the NIST CSF. Here are our practical tips for how to use it, plus a preview of a new NIST feature we introduced in Expel Workbench™.
Security operations | 5 min readCreating data-driven detections with DataDog and JupyterHub
Creating alert thresholds is critical to *not* driving your SOC analysts batty, but what’s the “right” number? Here are some tips, tricks and favorite tools we use to determine alert thresholds for customer environments.
Security operations | 3 min readWhere does Amazon Detective fit in your AWS security landscape?
If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.
Security operations | 8 min readUsing JupyterHub for threat hunting? Then you should know these 8 tricks.
Jupyter Notebook gave us the freedom to rethink the way we analyzed hunting data. Here are some tips and tricks you can use in your own analysis.
Security operations | 5 min readBetter web shell detections with Signal Sciences WAF
Is Signal Sciences WAF part of your tech stack? Then you’ve got an amazing webshell detection method right at your fingertips.
Security operations | 5 min readMFA is not a silver bullet to secure your cloud email
Learn how dual or multi-factor authentication (MFA) are not an entirely secure solution for cloud email security on the Expel blog.
Tips | 4 min read5 tips for writing a cybersecurity policy that doesn’t suck
All good cybersecurity policies share some similar traits. Here are our pro tips for creating a solid policy for your own org.
Security operations | 7 min readGenerate Strong Security Signals with Sumo Logic & AWS Cloudtrail
Looking to get more or better security signals from AWS Cloudtrail? Learn how with Expel.io. See how we use the Sumo Logic SIEM for actionable data.
Security operations | 6 min readFive things law firms can do now to improve their security for tomorrow
Relativity CSO Amanda Fennell shares the top five, easy-to-get-started things she sees forward-thinking law firms doing to improve their security.
Security operations | 4 min read3 must-dos when you’re starting a threat hunting program
So you decided you want to build a threat hunting program ... but where do you start? Here are our three must-dos when you’re planning your hunt.
Security operations | 6 min readHow to make your org more resilient to common Mac OS attacks
Got Macs in your org? Here are a few recent Mac OS attack trends and how you can become more resilient to ‘em.
Security operations | 6 min readHow to find anomalous process relationships in threat hunting
Finding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.
Security operations | 5 min readThis is how you should be thinking about cloud security
Your IT team isn’t racking and stacking servers like they used to, but cracking the cloud security code is easier than you think. Get our pro tips for doing just that.
Security operations | 7 min readHow to choose the right security tech for threat hunting
How do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.
Security operations | 4 min readDoes your MSSP or MDR provider know how to manage your signals?
How well is your MSSP or MDR going to manage your fleet of security signals over time? Here’s how to figure out whether they’re up for the challenge.
Security operations | 7 min readHow to build a useful (and entertaining) threat emulation exercise for AWS
Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.
Tips | 6 min readFive tips for improving your data ingestion and auditing process
You’re processing loads of data every day...but are you catching it all? Here are tips from our pros for rocking your data auditing.
Security operations | 9 min read12 ways to tell if your managed security provider won’t suck next year
How can you figure out if the quality of the service you’re about to sign up for will improve over time? Our COO Yanek Korff’s got some tips for making sure you choose a service that’ll last.
Tips | 8 min readHow to find Amazon S3 bucket misconfigurations and fix them ASAP
Why do Amazon S3 bucket breaches happen and how can you protect your own org from making this mistake? We’ve got all the AWS pro tips for you in our latest post.
Tips | 6 min readEvaluating GreyNoise: what you need to know and how it can help you
We use technologies behind the scenes to make Expel Workbench and our analysts more efficient. GreyNoise is one of those -- here's how we use it and why you might find it useful too.
Tips | 9 min read12 revealing questions to ask when evaluating an MSSP or MDR vendor
We’ve heard lots of interesting Qs as prospective customers evaluate which solution's right for them... here are the 12 you should be asking.
Tips | 10 min readSeven ways to spot a business email compromise in Office 365
Learn what business email compromise is, BEC scams categories, and how to prevent or identify these spam phishing attacks in Office 365 including mailbox rule examples and more.
Tips | 8 min readWhy we love threat emulation exercises (and how to get started with one of your own)
If your team doesn’t have lots of incident response practice under their belt (yet!), a threat emulation exercise is the perfect way to help them flex...
Security operations | 4 min readHow to start a cybersecurity program (or restart one that lapsed)
If you're left holding the hot potato of a legacy lackluster security program, or are suddenly forced to protect your org and its data with less, here are a few quick steps to take to get cybersecurity efforts back on track.
Security operations | 3 min readThree tips for getting started with cloud application security
If you're feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.
Security operations | 3 min readOffice 365 security best practices: five things to do right now to keep attackers out
Here are five Office 365 security best practices to check out right now.
Tips | 6 min readHow to get the most out of your upcoming SOC tour: making your provider uncomfortable
If you’re in the market for an MSSP or looking to keep tabs on your existing provider, visiting their security operations center (SOC) can be a good way to get a sense for what you’re really buying. Let us walk you through how to prepare for your visit to get the most out of your visit.
Tips | 4 min readFive quick checks to prevent attackers from weaponizing your website
Here are some of the most frequent ways attackers can use your website and your web presence to harm your company, your users and the public at large.
Security operations | 12 min readA common sense approach for assessing third-party risk
Let us walk you through our third-party assessment process. We think it's lightweight but still achieves the objective - determining if a vendor can be trusted. And, as a bonus, we're providing the third-party questionnaire and emails we use so you can download it and get going right away.
Security operations | 7 min readLessons learned from a CISO’s first 100 days
In this guest post, Amanda Fennell, CSO at Relativity reflects on what she’s learned -- I recently finished my first 100 days as Chief Security Officer (CSO) of Relativity. I’ve learned a lot. And while every new CSO faces unique challenges, I’ve come up with some recommendations to help new CSOs.
Talent | 9 min readA beginner’s guide to getting started in cybersecurity
Our list of five things you can do to take the first steps to an entry-level technical cybersecurity career and more.
Security operations | 8 min readHow to get started with the NIST Cybersecurity Framework (CSF)
We give you a quick tour of the NIST CSF and describe how you can baseline your efforts in a couple of hours. So check it out.
Security operations | 8 min readWhat “I Love Lucy” teaches us about SOC performance
A little nerdy (and a lot math-y) post to help you better understand your SOC's systems, so you know how changes will impact its operation.
Tips | 3 min readHow to disrupt attackers and enable defenders using resilience
So… what is resilience? We’ll cover that and also how it works in this post. We’ve even thrown in a couple examples to get you started.
Tips | 7 min readFrom webshell weak signals to meaningful alert in four steps
A practical example of how you can make a weak signal actionable by combining events from your endpoint and network security tech into one meaningful alert.