AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content
X

Q2 Threat Report. SOC trends to take action on | Take a tour of Expel MDR for Cloud Infrastructure

X

MDR

  • 2 min read

Emerging Threats: Microsoft Exchange On-Prem Zero-Days

Until a patch is issued for the Microsoft Exchange Server zero-day vulnerabilities, there are a few things security teams can do to temporarily mitigate risk. Here’s what we recommend.

  • 12 min read

Detection and response in action: an end-to-end coverage story

This dramatized case study illustrates how our MDR, phishing, and threat hunting services work, and most importantly, how they work together.

  • 6 min read

Incident report: how a phishing campaign revealed BEC before exploitation

By the time the 89th phishing alert sounded, we knew a large-scale campaign had successfully hit a customer. This case walks you through what happened, what we did, and how it played out.

  • 18 min read

MORE_EGGS and Some LinkedIn Resumé Spearphishing

This post details how we recently detected and disarmed a clever LinkedIn resume spearphishing attack.

  • 3 min read

That’s a wrap! Top 3 takeaways from Black Hat

Hacker Summer Camp (A.K.A Black Hat) felt especially energized this year, with more people, exhibitors, and fun. Read up on our takeaways from the show floor as first time exhibitors in Mandalay Bay.

  • 8 min read

A year in review: An honest look at a developer’s first 12 months at Expel

Get a peek behind the curtain as one of our senior software engineers reflects on his experience during his first year at Expel, from the interview process all the way to where he is now.

  • 3 min read

Top 5 takeaways: Expel Quarterly Threat Report Q2

Our second quarterly (Q2) threat report is here and its chock full of cybersecurity data, trends, and recommendations to help you protect your organization. Here are our top five takeaways from Q2.

  • 2 min read

A defender’s MITRE ATT&CK cheat sheet for Google Cloud Platform (GCP)

In this new handy guide, we mapped the patterns we’ve seen throughout our GCP incident investigations to the MITRE ATT&CK Framework to help give you a head start protecting your organization.

  • 4 min read

How Expel’s Alert Similarity feature helps our customers

We process millions of alerts each day, and many look similar to one another. We asked ourselves: is it possible to teach our bots to compare similar “documents” and suggest or recommend a next step? (Spoiler alert: YES!)

  • 2 min read

Emerging Threat: BEC Payroll Fraud Advisory

Our SOC recently observed BEC attacks across multiple customer environments, targeting access to human capital management systems—specifically, Workday. The goal? Payroll and direct deposit fraud.

  • 2 min read

Cutting Through the Noise: RIOT Enrichment Drives SOC Clarity

Read on to learn why we use the RIOT API to dispatch network security alerts that don't require further investigation and how these APIs parse the results for human consumption.

  • 5 min read

Detecting Coin Miners with Palo Alto Networks NGFW

With cryptojacking on the rise, we walk through why we’ve found Palo Alto Networks next-generation firewall is great at detecting it, and some actions we’ve integrated into our detection bot to help.

  • 3 min read

Top 3 takeaways from RSA Conference 2022

It was four days of excitement as we made our exhibitor debut at #RSAC. Now that we’ve had time to reflect on this year’s conference, here are three of the big takeaways from our time at Moscone.

  • 3 min read

RSA Conference Day 3: Impressions From the Show Floor

Day three of the conference was full of interesting conversations with long-time industry folks who are no stranger to RSA. Here are some of our favorite takeaways and observations.

  • 3 min read

Incident report: Spotting an attacker in GCP

In this report, we walk you through how an attacker gained access to a customer’s GCP environment, our investigative process, and some key takeaways for securing your organization.

  • 2 min read

RSA Conference Day 2: Inclusivity is the Goal

Another day at RSA full of interesting speakers, lessons learned, and (of course) cool swag — but one session stood out to us the most. Here are some of our main takeaways from day two.

  • 3 min read

RSA Conference Returns: Day 1 Keynote Summary

That’s a wrap on day one of #RSAC and we’re still reeling from excitement. From beatboxers to keynote speakers, here are some of our takeaways from the first day at Moscone.

  • 4 min read

How Expel does remediation

Curious how Expel does remediation? Learn how our process works, what you can expect from our analysts during an investigation and what we’re adding next on our remediation roadmap.

  • 3 min read

Expel Quarterly Threat Report: Cybersecurity data, trends, and recs from Q1 2022

Top takeaways from our first quarterly report, filled with patterns and trends we identified from Q1 2022. Our goal? Help translate the events we detect into a security strategy for your organization.

  • 2 min read

Meet us at Moscone… Expel makes its #RSAC debut!

For the first time, Expel is headed to RSA Conference as an exhibitor! Stop by our booth to meet the crew, snag some swag, meet Josie and Ruxie, and let us show you that security can be delightful.

  • 2 min read

How to quantify security ROI… for real

Measuring cybersecurity ROI can feel like trying to nail Jello to a tree — frustrating and unproductive. Take some of the guesswork out of the equation with our new interactive ROI calculator.

  • 6 min read

Incident report: From CLI to console, chasing an attacker in AWS

Our SOC detected and stopped unauthorized access in one of our customer’s AWS environments. Here’s how we spotted it, the steps we took to understand what they did, lessons learned and key takeaways.

  • 5 min read

Attack trend alert: Email scams targeting donations to Ukraine

As more people look to donate to Ukrainian relief efforts, bad actors are taking advantage. Lookout for these phishing scams to ensure your donations are actually going to help those in need.

  • 2 min read

Top 7 recs for responding to the Lapsus$ breach claims

While the situation surrounding the reported breach of Okta by Lapsus$ is still developing, here are our top 7 recommendations you can take to protect yourself and your org.

  • 8 min read

Top Attack Vectors: February 2022

This report dives into the top attack vectors and trends among the incidents our SOC investigated in February 2022. Learn our key recommendations to protect your org from these types of attacks.

  • 5 min read

Evaluating MDR providers? Ask these questions about their onboarding process

Looking for an MDR provider? Make sure you understand their onboarding process. Here are the questions you should ask when you’re evaluating MDRs. Bonus: learn how we do onboarding here at Expel.

  • 6 min read

Top Attack Vectors: January 2022

This report dives into the top attack vectors and trends among the incidents our SOC investigated in January 2022. Learn our key recommendations to protect your org from these types of attacks.

  • 3 min read

5 pro tips for detecting in AWS

Cloud-based infrastructures can be confusing, but sometimes building a better security program starts with the basics. Try these pro tips to help focus the lens for detecting threats in AWS.

  • 4 min read

Attack trend alert: AWS-themed credential phishing technique

They’re at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users. Find out how our crew identified and triaged a phishing email.

  • 3 min read

Great eXpeltations 2022: Cybersecurity trends and predictions

Introducing Great eXpeltations 2022: Cybersecurity trends and predictions — an annual report from our security operations center (SOC) on top threats, how to handle them, and what to expect this year.

  • 7 min read

Top Attack Vectors: December 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in December 2021. Learn our key recommendations to protect your org from these types of attacks.

  • 5 min read

Threat hunting: Build or buy?

Not sure if you should build your own hunting capability or get a hunting partner? Check out this post to discover your options and the things you should consider (yes, we break down cost for you).

  • 4 min read

What’s hunting and is it worth it?

Heard about hunting but are unclear on whether it’s something you should invest in? You’re not alone. Find out what it is and the value it brings to your org’s detection and response capabilities.

  • 7 min read

Top Attack Vectors: November 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in November 2021. Learn our key recommendations to protect your org from these types of attacks.

  • 9 min read

The Grinchy email scams to watch out for this holiday season

As the holidays approach, cyber Grinches are targeting phishing campaigns to steal data, credentials and more. Look out for these email scams while online shopping and checking your inbox this season.

  • 4 min read

More good news in still unusual times

We’ve reached a valuation over $1 billion thanks to our Series E fundraising round, led by CapitalG. Check out what our founders have to say about this exciting news and what’s next for Expel.

  • 6 min read

Top Attack Vectors: October 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in October 2021. Learn our key recommendations to protect your org from these types of attacks.

  • 5 min read

Top Attack Vectors: September 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in September 2021. Learn our key recommendations to protect your org from these types of attacks.

  • 4 min read

How we use VMRay to support Expel for Phishing

How does Expel tackle phishing? Smart people and great tech. Learn how VMRay helps our analysts triage and analyze potentially malicious emails submitted by our managed phishing service customers.

  • 5 min read

Top Attack Vectors: August 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in August 2021. Learn our key recommendations to protect your org from these types of attacks.

  • 5 min read

The top phishing keywords in the last 10k+ malicious emails we investigated

Curious how attackers are prompting victims to engage with phishing campaigns? Check out the top keywords from the malicious emails our SOC investigated and our top resilience recommendations.

  • 6 min read

Swimming past 2FA, part 2: How to investigate Okta compromise

First we showed you how to spot an Okta compromise in this two-part blog series. Now we’ll walk you through our investigation and share five tips on how you can strengthen your security defense.

  • 5 min read

Top Attack Vectors: July 2021

This report dives into the top attack vectors and trends among the incidents our SOC investigated in July 2021. Learn our key recommendations to protect your org from these types of attacks.

  • 6 min read

How Expel goes detection sprinting in Google Cloud

Building detections in Google Cloud Platform (GCP) but not sure where to start? Time to get strategic. Our detection and response engineers demystify the process for building detections in the cloud.

  • 10 min read

Well that escalated quickly: How a red team went from domain user to kernel memory

A red team recently swooped in and showed off some new tactics. What started as a PowerShell download cradle quickly turned into a custom rootkit download. Find out how we spotted the crafty red team.

  • 4 min read

How should my MDR provider support my compliance goals?

Need to ensure your tech, privacy and security policies are compliant? Find out what compliance means in practice and how your MDR provider can support your compliance program, not become a liability.

  • 4 min read

Swimming past 2FA, part 1: How to spot an Okta MITM phishing attack

Crafty attackers are finding new ways to bypass multiple-factor authentication. Find out how our SOC detected an attack and get some tips on how your org can prevent credentials phishing.

  • 3 min read

Kaseya supply chain attack: What you need to know

A new ransomware attack upheaved the beginning of Fourth of July weekend. Fortunately, there are steps you can take right now to stay safe. Find out what’s happening and how Expel is looking ahead.

  • 4 min read

Someone in your industry got hit with ransomware. What now?

We’re noticing a trend in ransomware attacks. But that doesn’t mean it’s time to go into panic mode. Find out what you need to know and get some tips on how you can keep your org safe.

  • 8 min read

How to measure SOC quality

You can scale your SOC and improve quality. Seems impossible? Not if you know how and what to measure. The crew that helped build Expel’s SOC explain how they pulled it off – and how you can too.

  • 7 min read

Cloud attack trends: What you need to know and how to stay resilient

We shared the top attack trend spotted during the pandemic and what to keep an eye out for looking ahead. But how do you remediate and stay resilient against these attacks? Our crew shares some tips.

  • 6 min read

Performance metrics, part 3: Success stories

Our team shares some success stories in creating efficiency and reducing analyst burnout. They end this three-part series with a gift from our SOC – a downloadable resource to measure performance.

  • 3 min read

Expel Hunting: Now in the cloud

We’ve added something new to Expel Hunting: cloud hunts. Find out how our crew’s newly developed hunting techniques can help you spot visibility gaps in your cloud (and give you some peace of mind).

  • 5 min read

The top cybersecurity attack trend we saw emerge during the COVID-19 pandemic

Check out our newest infographic to learn about the top attack trend during the COVID-19 pandemic, how our SOC’s data reinforces these recent findings and how you should be looking ahead.

  • 1 min read

How does your approach to AWS security stack up?

Take our short quiz to find out how your approach to AWS security compares to similar orgs. Based on your responses, we’ll also share some resources to help you level up your AWS security game.

  • 12 min read

Migrating to GKE: Preemptible nodes and making space for the Chaos Monkeys

Find out how Expel’s internal teams collaborated to migrate our core infrastructure from a legacy environment to GCP, with no downtime (while also making sure they were prepared for a little chaos).

  • 1 min read

Wow, they really like us

Expel is recognized as a leader in The Forrester Wave™: Managed Detection And Response, Q1 2021 report. And our CEO – along with the whole Expletive crew – are pretty excited about it.

  • 6 min read

5 best practices to get to production readiness with Hashicorp Vault in Kubernetes

Flying blind when it comes to running Hashicorp Vault in Kubernetes? We’ve got you covered. Accelerate your path to production without compromising on security with these tips and best practices.

  • 6 min read

How to create (and share) good cybersecurity metrics

Establishing metrics is vital. But how do you report progress and have a conversation about what you’re seeing? Are you even looking at the right things? Here are some tips on measuring cybersecurity.

  • 8 min read

Containerizing key pipeline with zero downtime

Migrating to Kubernetes as Expel’s core engineering platform with zero downtime – and without interfering with our analysts’ workflow – is a tall order. But our engineers pulled it off. Find out how.

  • 3 min read

Attack trend alert: REvil ransomware

Expel’s SOC spotted a new trend in REvil campaigns and they’re sounding the alarm. Find out what’s new about this type of attack, how our analysts spotted it and what you can do to protect your org.

  • 12 min read

Behind the scenes: Building Azure integrations for ASC alerts

Find out how Expel’s internal teams built an integration on top of Azure signal – creating a new detection strategy for ASC that provides more context around alerts and improves customer visibility.

  • 3 min read

Introducing Expel Workbench™ for Amazon Web Services (AWS)

We’re excited to announce the launch of our first SaaS product! It automates the investigation of AWS alerts and logs – allowing your team to spend less time finding and fixing security issues.

  • 1 min read

Got workloads in Microsoft Azure? Read this

Got Microsoft Azure? Running Microsoft products in your org? Then you might want to get a free copy of our all-new Azure guidebook.

  • 7 min read

Plotting booby traps like in Home Alone: Our approach to detection writing

Find out how Expel’s D&R engineers think about detection writing, and how this process helps our SOC analysts make smart decisions and gain a deeper understanding of our customers’ environments.

  • 6 min read

Supply chain attack prevention: 3 things to do now

What do you do when you can’t trust the internet? Supply chain attacks like the SolarWinds Orion breach are not new. Here are some things you can do to help prepare and guard against similar attacks.

  • 8 min read

Improving the phishing triage process: Keeping our analysts (and our customers) sane

Here’s how Expel created a phishing triage process that keeps our analysts’ heads above water while also ensuring that a trained pair of eyes is on every email submitted by our customers.

  • 3 min read

The SolarWinds Orion breach: 6 ideas on what to do next and why

Here are some of our early observations on the SolarWinds Orion breach, plus our ideas on what to do next to detect related activity and better protect your org.

  • 8 min read

How to investigate like an Expel analyst: The Expel Workbench managed alert process

Ever wonder about how Expel’s analysts investigate alerts? Our SOC team created a workflow called the Expel Workbench managed alert process. Read on to find out how it works and how it can help you.

  • 6 min read

Evilginx-ing into the cloud: How we detected a red team attack in AWS

Red team sneak attack? Bring it on. Find out how we tackled a red team attack using open source offensive security tools in AWS and what you can do to protect your org from similar attacks.

  • 4 min read

The CISO in 2020 (and beyond): A chat with Bruce Potter

It’s impossible to sum up a year that felt like 1000 in a single blog post. But we did gather some topline takeaways on security trends and the evolving role of the CISO from Expel’s Bruce Potter.

  • 2 min read

Introducing a mind map for AWS investigations

We’ve been doing a lot of investigations in AWS using CloudTrail logs and have been noticing some interesting things along the way. So we created an AWS mind map for our team (and you). Check it out!

  • 2 min read

Announcing Open Source python client (pyexclient) for Expel Workbench

We’re open sourcing a python client in the Expel Workbench! This labor of love will allow our customers to take advantage of our APIs. Find out what the release of the pyexclient project includes.

  • 9 min read

Performance metrics, part 2: Keeping things under control

In this second post in our three-part series on all things metrics and SOC leadership, our team dives into details of what metrics and techniques are used to protect the SOC against volatility.

  • 2 min read

Introducing Expel for phishing

Expel just introduced a new offering: Expel for Phishing! Lost in a sea of phishing emails? Find out how our product goes beyond automated triage and helps our customers come up for air.

  • 8 min read

Why don’t you integrate with [foo]?

You’ve heard that Expel integrates with your tech. But not YOUR tech. What gives? Well, sometimes it doesn’t always make sense. Expel’s COO explains why and what this means when working with us.

  • 10 min read

Performance metrics, part 1: Measuring SOC efficiency

How do you establish metrics for SOC efficiency? This first post in a three-part series shares our team’s approach to setting SOC goals, creating a strategy and measuring success.

  • 9 min read

3 steps to figuring out where a SIEM belongs in your security program

How can a SIEM help you address your business needs? Do you even need a SIEM? Finding the right answer isn’t easy. Here are some tips to help you make a decision that works best for you.

  • 5 min read

Managed detection and response (MDR): symptom or solution?

An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.

Review Expel on G2

© 2022 Expel, Inc. All Rights Reserved

Back To Top