Expel insider | 3 min read
Happy Halloween! Cybersecurity horror stories from SOCs past

Enjoy these horror stories from past SOCs, as our analysts share their most haunting tales from previous roles (and get some tips, too).

Expel insider | 5 min read
Mandia unplugged: a recap of our fireside chat with our newest board member, Kevin Mandia

Check out this summary of Expel CEO David Merkel's chat with Expel's newest board member, cybersecurity pioneer Kevin Mandia, founder of Mandiant.

Expel insider | 4 min read
Securing your cloud investment: an interactive panel with AWS, Expel & Wiz

Expel, AWS & Wiz joined forces with customers to discuss the challenges of cloud security today, and what's to come in the future.

Security operations | 2 min read
Five security takeaways for Cybersecurity Awareness Month (and every month)

Expel analyst Aaron Walton was featured in Guidepoint Security's blog for Cybersecurity Awareness Month, and shared thoughts with other SOC members.

Expel insider | 2 min read
Expel welcomes Kevin Mandia to our board of directors

Security industry luminary joins our board to help guide us on the next chapter in our journey.

Security operations | 7 min read
MDR insights: how our SOC identified & responded to CVE-2024-3400

Learn how Expel's security operations center (SOC) identified and resolved CVE-2024-3400 for one of our customers.

Security operations | 5 min read
MDR insights: using vulnerability data to inform remediation strategies

MDR vulnerabilities data can be used with EPSS scoring and the CISA catalog to glean insights, reduce alert noise, and guide remediation.

Expel insider | 3 min read
Making sense of the seismic shifts in the SIEM world

If you're wondering what's going on in the world of SIEM, you're not alone. We tackle some of the more pressing questions you probably have about this rapidly evolving area of security operations.

Security operations | 3 min read
What outcomes can you expect from security-enabled innovation?

Security ROI is about a lot more than dollars and cents. The research shows that security investments drive innovation, which has wide-reaching ripple effects that enable business success.

Security operations | 5 min read
The myth of co-managed SIEMs

Think you can get a co-managed SIEM and then step away to let the magic happen? Not so fast. Our CISO shares some common myths and the realities you should consider before making a decision.

Engineering | 8 min read
The power of orchestration: how we automated enrichments for AWS alerts

Automation is key when it comes to helping analysts focus on doing what they do best – investigating legitimate threats. Find out how we use orchestration to automate enrichments for AWS alerts.

Engineering | 8 min read
Terraforming a better engineering experience with Atlantis

To build something useful you must first understand your users. Find out how Expel used Terraform and Atlantis to build a platform that makes self-service provisioning in cloud infrastructure easy. % %

Security operations | 8 min read
Behind the scenes in the Expel SOC: Alert-to-fix in AWS

Wonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.

Tips | 6 min read
Prioritizing suspicious PowerShell activity with machine learning

Attackers love to look to PowerShell to enact their evil plans. Expel’s senior data scientist tells us how she used machine learning to help analysts spot malicious activity in PowerShell quickly.

Tips | 6 min read
6 things to do before you bring in a red team

Red team engagements are essential to helping your SOC analysts stay battle ready. But before screaming, “CHARGE,” here are six things you should do to prepare for taking on a red team.

Expel insider | 3 min read
Good news in unusual times

We’re thrilled and humbled to be taking on a new round of funding, this time led by CapitalG.

Security operations | 7 min read
Managed Detection & Response for AWS

Learn how Expel detected and responded to an Amazon Web Services access key crisis with Amazon GuardDuty & CloudTrails logs securing cloud insecurities.

Security operations | 4 min read
Thinking about Zoom and risk

For many of us, Zoom is the app that’s keeping us connected. But recent news about security concerns has a lot of us wondering if it’s too risky. So... is it? Our CISO shares his thoughts.

Security operations | 3 min read
Where does Amazon Detective fit in your AWS security landscape?

If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.

Talent | 6 min read
7 habits of highly effective SOCs

Wondering what it takes to build an effective SOC full of motivated, happy analysts? We’ve got some thoughts on that.

Tips | 10 min read
It’s time to drive a rising tide

There are a few cybersecurity fundamentals that keep us safe … but how do you get the people in your org to adopt them? Our COO Yanek Korff’s got some ideas.

Security operations | 5 min read
Making sense of Amazon GuardDuty alerts

If you’re running workloads on AWS, then you’d better be running GuardDuty. But what is it and how can you make sense of all the signals? Here are our pro tips.

Security operations | 5 min read
Better web shell detections with Signal Sciences WAF

Is Signal Sciences WAF part of your tech stack? Then you’ve got an amazing webshell detection method right at your fingertips.

Security operations | 10 min read
Applying the NIST CSF to U.S. election security

NIST isn’t only useful for corporations -- it’s helpful for guiding security activities around processes like our national elections. Our CISO’s got some thoughts on exactly how to apply NIST to election security.

Security operations | 7 min read
Generate Strong Security Signals with Sumo Logic & AWS Cloudtrail

Looking to get more or better security signals from AWS Cloudtrail? Learn how with Expel.io. See how we use the Sumo Logic SIEM for actionable data.

Security operations | 6 min read
Five things law firms can do now to improve their security for tomorrow

Relativity CSO Amanda Fennell shares the top five, easy-to-get-started things she sees forward-thinking law firms doing to improve their security.

Security operations
Here’s what you need to know about business email compromise (BEC)

How often does a business email compromise actually happen? And what should you do about it? Our infographic answers those questions and more.

Security operations | 8 min read
The top five pitfalls to avoid when implementing SOAR

SOAR isn’t really about “orchestration and response.” It’s an engineering problem at its core. Here’s why.

Security operations | 6 min read
How to find anomalous process relationships in threat hunting

Finding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.

Security operations | 5 min read
This is how you should be thinking about cloud security

Your IT team isn’t racking and stacking servers like they used to, but cracking the cloud security code is easier than you think. Get our pro tips for doing just that.

Expel insider | 4 min read
Judgment, relationships and gratitude

Yep, we secured a new round of funding. Here’s a look at where we’ve been, what we’ve learned and where we’re going on this journey (and a huge “thanks” to our supporters along the way).

Security operations | 4 min read
Don’t blow it — 5 ways to make the most of the chance to revamp your security posture

If you’ve got a blank canvas with the opportunity to build a security program from scratch, here’s how to get started and make the most of your new program.

Security operations | 4 min read
NIST’s new framework: Riding the wave of re-imagining privacy

The NIST Privacy Framework will revolutionize how we think about privacy. Here’s how your org might use it.

Security operations | 3 min read
Four habits of highly effective security teams

Practice these habits consistently and you’ll have an engaged, talented and all-around awesome security team.

Security operations | 4 min read
How to get your security tool chest in order when you’re growing like crazy

Need to expand your security tool chest? Our CISO’s got some tips to consider when thinking about what tech to keep or buy.

Tips | 4 min read
Four common infosec legal risks and how to mitigate them

There are four missteps we see happen often that open fast-growing companies up to unnecessary legal risks -- here’s how to course correct.

Tips | 6 min read
Dear fellow CEO: do these seven things to improve your org’s security posture

Need to get the security train back on the tracks? Our CEO’s got some pro tips on improving your org’s security ASAP.

Security operations | 4 min read
Does your MSSP or MDR provider know how to manage your signals?

How well is your MSSP or MDR going to manage your fleet of security signals over time? Here’s how to figure out whether they’re up for the challenge.

Security operations | 7 min read
How to build a useful (and entertaining) threat emulation exercise for AWS

Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.

Security operations | 9 min read
12 ways to tell if your managed security provider won’t suck next year

How can you figure out if the quality of the service you’re about to sign up for will improve over time? Our COO Yanek Korff’s got some tips for making sure you choose a service that’ll last.

Tips | 4 min read
How public-private partnerships can support election security

Election security measures (or lack thereof) are making headlines. How can private sector orgs contribute to public sector security? Our CISO Bruce Potter’s got some ideas.

Tips | 9 min read
12 revealing questions to ask when evaluating an MSSP or MDR vendor

We’ve heard lots of interesting Qs as prospective customers evaluate which solution's right for them... here are the 12 you should be asking.

Tips | 10 min read
Seven ways to spot a business email compromise in Office 365

Learn what business email compromise is, BEC scams categories, and how to prevent or identify these spam phishing attacks in Office 365 including mailbox rule examples and more.

Security operations | 5 min read
Reaching (all the way to) your NIST 800-171 compliance goals

Close common compliance gaps, without building a SOC, for NIST 800-171 security requirements. And a bit about how we can help.

Tips | 6 min read
How to get the most out of your upcoming SOC tour: making your provider uncomfortable

If you’re in the market for an MSSP or looking to keep tabs on your existing provider, visiting their security operations center (SOC) can be a good way to get a sense for what you’re really buying. Let us walk you through how to prepare for your visit to get the most out of your visit.

Tips | 3 min read
How to disrupt attackers and enable defenders using resilience

So… what is resilience? We’ll cover that and also how it works in this post. We’ve even thrown in a couple examples to get you started.

Security operations | 5 min read
Managed detection and response (MDR): symptom or solution?

An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.

Security operations | 7 min read
Warning signs that your MSSP isn’t the right fit

Look out for these 5 indicators that it's probably time to start considering alternatives to your managed security services provider (MSSP). 8 min read.