Engineering | 8 min readThe power of orchestration: how we automated enrichments for AWS alerts
Automation is key when it comes to helping analysts focus on doing what they do best – investigating legitimate threats. Find out how we use orchestration to automate enrichments for AWS alerts.
Engineering | 8 min readTerraforming a better engineering experience with Atlantis
To build something useful you must first understand your users. Find out how Expel used Terraform and Atlantis to build a platform that makes self-service provisioning in cloud infrastructure easy. % %
Security operations | 8 min readBehind the scenes in the Expel SOC: Alert-to-fix in AWS
Wonder what real-life investigation and response looks like in the cloud? Buckle up! Our team walks you through a coin-mining attack in AWS that they recently foiled – all the way from alert to fix.
Tips | 6 min readPrioritizing suspicious PowerShell activity with machine learning
Attackers love to look to PowerShell to enact their evil plans. Expel’s senior data scientist tells us how she used machine learning to help analysts spot malicious activity in PowerShell quickly.
Security operations | 3 min readWhere does Amazon Detective fit in your AWS security landscape?
If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.
Security operations | 5 min readBetter web shell detections with Signal Sciences WAF
Is Signal Sciences WAF part of your tech stack? Then you’ve got an amazing webshell detection method right at your fingertips.
Security operations | 7 min readGenerate Strong Security Signals with Sumo Logic & AWS Cloudtrail
Looking to get more or better security signals from AWS Cloudtrail? Learn how with Expel.io. See how we use the Sumo Logic SIEM for actionable data.
Security operations | 6 min readFive things law firms can do now to improve their security for tomorrow
Relativity CSO Amanda Fennell shares the top five, easy-to-get-started things she sees forward-thinking law firms doing to improve their security.
How often does a business email compromise actually happen? And what should you do about it? Our infographic answers those questions and more.
Security operations | 8 min readThe top five pitfalls to avoid when implementing SOAR
SOAR isn’t really about “orchestration and response.” It’s an engineering problem at its core. Here’s why.
Security operations | 6 min readHow to find anomalous process relationships in threat hunting
Finding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.
Security operations | 5 min readThis is how you should be thinking about cloud security
Your IT team isn’t racking and stacking servers like they used to, but cracking the cloud security code is easier than you think. Get our pro tips for doing just that.
Security operations | 4 min readDon’t blow it — 5 ways to make the most of the chance to revamp your security posture
If you’ve got a blank canvas with the opportunity to build a security program from scratch, here’s how to get started and make the most of your new program.
Security operations | 4 min readNIST’s new framework: Riding the wave of re-imagining privacy
The NIST Privacy Framework will revolutionize how we think about privacy. Here’s how your org might use it.
Security operations | 4 min readHow to get your security tool chest in order when you’re growing like crazy
Need to expand your security tool chest? Our CISO’s got some tips to consider when thinking about what tech to keep or buy.
Tips | 4 min readFour common infosec legal risks and how to mitigate them
There are four missteps we see happen often that open fast-growing companies up to unnecessary legal risks -- here’s how to course correct.
Tips | 6 min readDear fellow CEO: do these seven things to improve your org’s security posture
Need to get the security train back on the tracks? Our CEO’s got some pro tips on improving your org’s security ASAP.
Security operations | 4 min readDoes your MSSP or MDR provider know how to manage your signals?
How well is your MSSP or MDR going to manage your fleet of security signals over time? Here’s how to figure out whether they’re up for the challenge.
Security operations | 7 min readHow to build a useful (and entertaining) threat emulation exercise for AWS
Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.
Security operations | 9 min read12 ways to tell if your managed security provider won’t suck next year
How can you figure out if the quality of the service you’re about to sign up for will improve over time? Our COO Yanek Korff’s got some tips for making sure you choose a service that’ll last.
Tips | 4 min readHow public-private partnerships can support election security
Election security measures (or lack thereof) are making headlines. How can private sector orgs contribute to public sector security? Our CISO Bruce Potter’s got some ideas.
Tips | 9 min read12 revealing questions to ask when evaluating an MSSP or MDR vendor
We’ve heard lots of interesting Qs as prospective customers evaluate which solution's right for them... here are the 12 you should be asking.
Tips | 10 min readSeven ways to spot a business email compromise in Office 365
Learn what business email compromise is, BEC scams categories, and how to prevent or identify these spam phishing attacks in Office 365 including mailbox rule examples and more.
Security operations | 5 min readReaching (all the way to) your NIST 800-171 compliance goals
Close common compliance gaps, without building a SOC, for NIST 800-171 security requirements. And a bit about how we can help.
Tips | 6 min readHow to get the most out of your upcoming SOC tour: making your provider uncomfortable
If you’re in the market for an MSSP or looking to keep tabs on your existing provider, visiting their security operations center (SOC) can be a good way to get a sense for what you’re really buying. Let us walk you through how to prepare for your visit to get the most out of your visit.
Tips | 3 min readHow to disrupt attackers and enable defenders using resilience
So… what is resilience? We’ll cover that and also how it works in this post. We’ve even thrown in a couple examples to get you started.
Security operations | 5 min readManaged detection and response (MDR): symptom or solution?
An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.