Managed detection and response
Tips | 7 min read
So you’ve got a multi-cloud strategy; here’s how to navigateSwitching to a multi-cloud solution? Easy! Just kidding. Expel’s senior detection & response engineer shares some things you need to think about when going multi-cloud – and how to stay sane.
Security operations | 5 min read
Incident report: Spotting SocGholish WordPress injectionOur SOC stopped a ransomware attack that compromised WordPress CMS to trigger a drive-by RAT download. Find out what happened, how we caught it, and our recommendations to secure your WordPress CMS.
Security operations | 8 min read
Is Microsoft Defender for Endpoint good?Expel has integrated Microsoft Microsoft Defender for Endpoint into our platform and we’re impressed! Our SOC analysts share why they love it and how they use it to triage alerts.
Security operations | 5 min read
The myth of co-managed SIEMsThink you can get a co-managed SIEM and then step away to let the magic happen? Not so fast. Our CISO shares some common myths and the realities you should consider before making a decision.
Security operations | 8 min read
Behind the scenes in the Expel SOC: Alert-to-fix in AWSWonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.
Tips | 6 min read
Prioritizing suspicious PowerShell activity with machine learningAttackers love to look to PowerShell to enact their evil plans. Expel’s senior data scientist tells us how she used machine learning to help analysts spot malicious activity in PowerShell quickly.
Tips | 6 min read
6 things to do before you bring in a red teamRed team engagements are essential to helping your SOC analysts stay battle ready. But before screaming, “CHARGE,” here are six things you should do to prepare for taking on a red team.
Expel insider | 1 min read
Introducing 24×7 monitoring and response for Google Cloud PlatformRunning a Google Cloud Platform (GCP) workload or thinking about integrating it into your security portfolio? Expel can help! We’ve officially launched our GCP 24x7 monitoring and response services.
Tips | 6 min read
How to create and maintain Jupyter threat hunting notebooksWe got a lot of questions about configuring Jupyter notebooks after presenting at Infosec Jupyterthon 2020. See our response along with some tips for incorporating this tech into infosec processes.
Security operations | 8 min read
Spotting suspicious logins at scale: (Alert) pathways to successFind out how our SOC analysts used automation to reduce the time it takes to investigate and report a suspicious login by 75%. The team outlines the process and shares a case study of it in action.
Security operations | 9 min read
Obfuscation, reflective injection and domain fronting; oh my!During a recent red team engagement, the CrowdStrike EDR Platform alerted our SOC team on the execution of a suspicious VBScript file. This is what they learned from untangling the malware code.
Tips | 6 min read
Malware operators Zoom’ing inOver the weekend, Expel’s analysts discovered a new way attackers are using Zoom to compromise users’ security. Here’s what they learned and what you can do to avoid getting duped.
Security operations | 5 min read
7 habits of highly effective (remote) SOCsSecurity ops is a team sport … but how do you “play” together when your company’s working 100% remotely? Jon’s got some advice.
Talent | 6 min read
7 habits of highly effective SOCsWondering what it takes to build an effective SOC full of motivated, happy analysts? We’ve got some thoughts on that.
Tips | 10 min read
It’s time to drive a rising tideThere are a few cybersecurity fundamentals that keep us safe … but how do you get the people in your org to adopt them? Our COO Yanek Korff’s got some ideas.
Security operations | 8 min read
Our journey to JupyterHub and beyondIf you use or are considering trying JupyterHub, it’s your lucky day -- we’re sharing configuration tips and tricks, how we’re using it to make technical research easier, and much more.
Security operations | 5 min read
Managed detection and response (MDR): symptom or solution?An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.