MDR | 3 min read
Getting real value from your Palo Alto investment: how Expel MDR transforms security operations

Expel MDR reduces Palo Alto alert noise by 87% with 17-minute response times. Expert 24x7 analysis maximizes your security investment ROI.

Rapid response | 1 min read
Security alert: Ivanti zero-day vulnerability

Ivanti disclosed a critical zero-day vulnerability impacting multiple products. Address it immediately to prevent unauthenticated remote code execution.

Rapid response | 2 min read
Security alert: Christmas Day Chrome extension compromise

At least five Chrome extensions, including the Cyberhaven extension, were targeted on Christmas Day. Here's what you need to know.

MDR | 4 min read
Part III: How MDR can transform your SIEM investment

This is part three of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.

MDR | 4 min read
Part II: How MDR can transform your SIEM investment

This is part two of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.

MDR | 4 min read
Part I: How MDR can transform your SIEM investment

This is part one of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.

Rapid response | 1 min read
Security alert: Fortinet zero-day vulnerability

Fortinet has disclosed a zero-day vulnerability that needs to be patched immediately, or the protocol connection to the internet should be disabled.

Rapid response | 2 min read
Security Alert: CrowdStrike Windows Outage

An issue in a CrowdStrike Falcon Sensor update rendered Microsoft’s Windows OS inoperable. Here’s what happened and how you can address it.

MDR | 3 min read
Making sense of the seismic shifts in the SIEM world

Here's answers to pressing questions about what's happening in the world of SIEM, and what to do if you're asking yourself these questions.

Rapid response | 1 min read
Security alert: Palo Alto Networks PAN-OS GlobalProtect Command Injection Vulnerability

Palo Alto Networks disclosed that attackers are exploiting a vulnerability in PAN-OS for GlobalProtect. Here's what you need to know. 

Rapid response | 1 min read
Security alert: XZ Linux utility backdoor

Researchers identified a backdoor into the XZ Linux utility, via supply chain compromise. Here’s what you need to know.

Current events | 1 min read
GKE/Gmail vulnerability: notes and tips

Security researchers have discovered a new Google Kubernetes Engine misconfiguration. Here’s what you need to know.

Cloud security | 3 min read
New mind maps & cheat sheets: Azure & Kubernetes

Our new Kubernetes mind map/cheat sheet show you which API calls are associated with different MITRE ATT&CK tactics in K8 environments.

MDR | 6 min read
Assessing suspicious Outlook rules: an exercise

Outlook Inbox rules are used for legitimate and malicious reasons. Use these case exercises, tips, and tricks on how to analyze them.

Current events | 7 min read
Attackers are expanding access through Amazon Cognito

Improperly configured AWS Cognito web portals can allow attackers to gain direct access to your AWS control plane. Here's how.

Current events | 2 min read
Our top five cybersecurity predictions for 2024

Here are our top five cybersecurity predictions for 2024 from Expel experts and leadership based on trends and current events.

MDR | 4 min read
What frameworks and tools drive security maturity?

New research by the SANS Institute, commissioned by Expel, outlines the frameworks, tools, and techniques that drive security maturity.

Rapid response | 2 min read
Security alert: Okta “support user” data theft

Okta recently determined an attacker stole user support system info in October 2023. Here’s what Okta customers need to do right now.

Current events | 4 min read
Suspicious Outlook rules: high-fidelity patterns to watch for

Inbox rule manipulation is hard to accurately alert on. Here’s some tips on how to spot high-fidelity inbox manipulation tactics.

Rapid response | 1 min read
Security alert: privilege escalation vulnerability in Confluence Data Center and Server, CVE-2023-22515

Here's how to mitigate a Confluence Data Center and Server vulnerability that lets attackers create admin accounts on external-facing servers.

Rapid response | 1 min read
Security alert: zero-day vulnerability CVE-2023-4863 in libwebp (WebP) library

CVE-2023-4863 is a zero-day vulnerability in libwebp, which can result in arbitrary command execution when exploited. Here’s why it matters and what to do.

Cloud security | 3 min read
In the age of innovation, does security hold the key?

A new report by the CSA showcases the results of research on getting a deeper understanding of areas of innovation and cloud use trends.

Rapid response | 1 min read
Security alert: critical Fortigate remote code execution vulnerability

Get a clear breakdown of the critical Fortigate Firewall vulnerability's impact and steps you can take to reduce your risk.

Rapid response | 2 min read
Security alert: 3CXDesktopApp supply chain attack

A supply chain attack on 3CXDesktopApp can turn installers into malicious tools. Learn the steps you can take to mitigate the risk.

Cloud security | 1 min read
Understanding the 3 Classes of Kubernetes Risk

The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated.

Rapid response | 5 min read
Incident report: stolen AWS access keys

Learn what happens after AWS access keys are stolen. Our teams collaborated on a real-world incident. Read how we responded to the attack.

Rapid response | 3 min read
Emerging Threat: CircleCI Security Incident

A security incident at CircleCI requires immediate credential rotation. Learn what happened, why it matters, and the steps to take to mitigate the risk.

Data & research | 5 min read
45 minutes to one minute: how we shrunk image deployment time

We recently figured out how to reduce Kubernetes image deployment time from 45 minutes (way too long) to one minute (really fast). Here’s how we did it.

Rapid response | 2 min read
Security alert: high-severity vulnerability affecting OpenSSL V3 and higher

Two new security flaws affect OpenSSL v3.0 and later. Learn about the vulnerabilities and why you should upgrade to v3.0.7 as soon as it's reasonable.

MDR | 4 min read
Who ya gonna call (to make the most of your SIEM data)?

Import your SIEM into Expel Workbench and turn hours of development into custom rules. Find out why you might not need a SIEM at all.

Cloud security | 5 min read
Understanding role-based access control in Kubernetes

Understanding authorization is critical to securing Kubernetes. Learn how RBAC works and the rules that govern your access control.

Cloud security | 3 min read
Three Kubernetes events worth investigating

Monitoring your Kubernetes environment? Learn what to look for and how to use audit logs to secure your production workloads.

Cloud security | 3 min read
Kubernetes: the whale in the room

More than half of our cloud customers use Kubernetes (k8s) to ship software faster and cut costs with elastic infrastructure.

Rapid response | 2 min read
Emerging Threats: Microsoft Exchange On-Prem Zero-Days

Until a patch is issued for the Microsoft Exchange Server zero-day vulnerabilities, there are a few things security teams can do to temporarily mitigate risk. Here’s what we recommend.

Rapid response | 1 min read
Heads up: WPA2 vulnerability

A (very) quick overview of the reported WPA2 weakness. The TL;DR is “don’t flip out.” (1 min read)

MDR | 3 min read
Get your security tools in order: seven tactics you should know

Get your work right. Learn seven things to consider to bring harmony to your security toolchain and get the equipment you need to succeed.

MDR | 7 min read
How to triage Windows endpoints by asking the right questions

The three parts of the investigative mindset and how to apply them when you triage endpoint alerts. (8 min read)