Managed detection and response
Tips | 7 min readSo you’ve got a multi-cloud strategy; here’s how to navigate
Switching to a multi-cloud solution? Easy! Just kidding. Expel’s senior detection & response engineer shares some things you need to think about when going multi-cloud – and how to stay sane.
Security operations | 5 min readIncident report: Spotting SocGholish WordPress injection
Our SOC stopped a ransomware attack that compromised WordPress CMS to trigger a drive-by RAT download. Find out what happened, how we caught it, and our recommendations to secure your WordPress CMS.
Security operations | 8 min readIs Microsoft Defender for Endpoint good?
Expel has integrated Microsoft Microsoft Defender for Endpoint into our platform and we’re impressed! Our SOC analysts share why they love it and how they use it to triage alerts.
Security operations | 5 min readThe myth of co-managed SIEMs
Think you can get a co-managed SIEM and then step away to let the magic happen? Not so fast. Our CISO shares some common myths and the realities you should consider before making a decision.
Security operations | 8 min readBehind the scenes in the Expel SOC: Alert-to-fix in AWS
Wonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.
Tips | 6 min readPrioritizing suspicious PowerShell activity with machine learning
Attackers love to look to PowerShell to enact their evil plans. Expel’s senior data scientist tells us how she used machine learning to help analysts spot malicious activity in PowerShell quickly.
Tips | 6 min read6 things to do before you bring in a red team
Red team engagements are essential to helping your SOC analysts stay battle ready. But before screaming, “CHARGE,” here are six things you should do to prepare for taking on a red team.
Expel insider | 1 min readIntroducing 24×7 monitoring and response for Google Cloud Platform
Running a Google Cloud Platform (GCP) workload or thinking about integrating it into your security portfolio? Expel can help! We’ve officially launched our GCP 24x7 monitoring and response services.
Tips | 6 min readHow to create and maintain Jupyter threat hunting notebooks
We got a lot of questions about configuring Jupyter notebooks after presenting at Infosec Jupyterthon 2020. See our response along with some tips for incorporating this tech into infosec processes.
Security operations | 8 min readSpotting suspicious logins at scale: (Alert) pathways to success
Find out how our SOC analysts used automation to reduce the time it takes to investigate and report a suspicious login by 75%. The team outlines the process and shares a case study of it in action.
Security operations | 9 min readObfuscation, reflective injection and domain fronting; oh my!
During a recent red team engagement, the CrowdStrike EDR Platform alerted our SOC team on the execution of a suspicious VBScript file. This is what they learned from untangling the malware code.
Tips | 6 min readMalware operators Zoom’ing in
Over the weekend, Expel’s analysts discovered a new way attackers are using Zoom to compromise users’ security. Here’s what they learned and what you can do to avoid getting duped.
Security operations | 5 min read7 habits of highly effective (remote) SOCs
Security ops is a team sport … but how do you “play” together when your company’s working 100% remotely? Jon’s got some advice.
Talent | 6 min read7 habits of highly effective SOCs
Wondering what it takes to build an effective SOC full of motivated, happy analysts? We’ve got some thoughts on that.
Tips | 10 min readIt’s time to drive a rising tide
There are a few cybersecurity fundamentals that keep us safe … but how do you get the people in your org to adopt them? Our COO Yanek Korff’s got some ideas.
Security operations | 8 min readOur journey to JupyterHub and beyond
If you use or are considering trying JupyterHub, it’s your lucky day -- we’re sharing configuration tips and tricks, how we’re using it to make technical research easier, and much more.
Security operations | 5 min readManaged detection and response (MDR): symptom or solution?
An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.