AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Q3 Threat Report. SOC trends to take action on | Take a tour of Expel MDR for Cloud Infrastructure


Managed Detection and Response

We detect and respond to threats in minutes … you spend your hours on what matters most.

What we do

(it’s more than what’s in the SLA)

Our “BYO-tech” approach and API integrations get you up and running within hours. You can choose to protect everything – cloud infrastructure, on-prem infrastructure, SaaS apps – or just what you need. This unique MDR approach includes extended detection and response (XDR) capabilities to give you a full picture across your security and business applications. And with our SOC analysts chasing down your alerts and responding to incidents 24x7, your team can focus on advancing security strategies unique to your business.


We apply an additional layer of security with our custom rules

Investigate and respond

We find out exactly what happened and tell you what to do about it


We’ll automatically contain hosts in your environment

Hunt for threats

We proactively look for threats on-prem and the cloud

What are you looking to protect?

Cloud infrastructure

If you’ve moved to the cloud, we’ll connect to your AWS, Azure or GCP environment to identify:

  • Data loss
  • Compromised accounts
  • Web application attacks
  • Misconfigurations

On-prem infrastructure

Using the EDR, network and SIEM tools you already own, we filter out the false positives and look for:

  • Lateral movement
  • Malicious scripts
  • Defense evasion
  • Compromised accounts

SaaS apps

We look at user behavior in your applications like Microsoft O365 and Okta to search for:

  • Unusual user behavior
  • Compromised accounts
  • Data loss
  • Privileged access abuse

How it works

We plug into the cloud services and security tech you already own. We’ll tell you 24x7 when there’s something you need to care about, why and what you need to do to make sure your secrets stay secret.

What you see

(spoiler alert … it’s everything)

We believe in transparency. That means you see exactly what our analysts see. It also means there’s never any doubt about what we’re doing on your behalf. It’s a pretty radical idea. But we couldn’t imagine running the service any other way.

  • See how our detections improve your areas of risk
  • View each investigative step our analysts and bots take
  • Get insights into interesting activity we spot in your environment

The result

(not just words… we created a dashboard to track it)

Our customers come to us because they want to increase their security quickly and get their existing security operations team out of the weeds so they can focus on more valuable and satisfying work.

Increase security fast

Transform your security operations team with less investment and overhead

Make your team happier

Eliminate tedious tasks you hate so you can focus on the work you love

Detect and respond faster

Find and resolve threats sooner; measure your progress over time

Reduce cost and risk

Fewer incidents means less disruption for your employees and customers

Managed detection and response (MDR) is
managed security that gives you what MSSPs
promised … but never delivered

Summary of Expel MDR capabilities

Proactive threat hunting We go find the attacks your products don’t alert on and which only a human can find
Expel detection rules High fidelity alerts from Expel-curated rules based on simulated and real-life attacks
XDR alert analysis API-integration to your cloud services, EDR, network and SIEM tools let us investigate as if we are in your office
Alert triage by Josie™ Our bot, Josie, evaluates each alert and weeds out false positives so our human analysts focus on alerts that require judgement
Alert enrichment with benchmarks We add details about IPs, hashes and domains and tell you how often each alert leads to an incident
Alert signal visibility See which cloud instances and security tech generate the highest-quality alerts and investigative data
Incident validation and notification One click gets you detailed analysis including answers to what happened, where, when, why and how
Ruxie™ investigative bot Our bot, Ruxie, automates investigative steps so our human analysts get the info they need before they ask for it
Remote response Our analysts investigate and give you detailed reports (written in plain English!) with clear actions
Containment and remediation actions We go as far as you want … from telling you what to do … to pushing the button to contain threats
Alert-to-fix timeline See how long it takes our analysts to go from initial alert to remediation (and each step along the way)
Threat-specific reporting See attack diagrams, maps and timelines specific to threats like commodity malware and BEC
Resilience recommendations We’ll give you detailed guidance on how to improve and get at the root cause of repeated incidents
How we work
See what our analysts see We like company, so you get to share the same view as our analysts via the Expel Workbench
“BYO-tech” approach We’ll use the security tools you already invested in, not make you buy ours (and we don’t sell tools)
Slack comms with our SOC Talk live with our analysts any time via a dedicated Slack channel
Metrics to support ROI We show you what we’re doing as we do it, and calculate metrics so you can hold us accountable
API for custom reporting If you can click on it in our user interface you can automate it with our API and your own code
Security device monitoring While we don’t patch and upgrade your tools, we make sure they’re configured right … and stay that way
Easy to turn on (and off) We don’t take hostages. If we’re not meeting your needs it’s as simple to turn us off as it is to turn on
Transparent pricing We love a good time, but playing pricing games isn’t our thing; get a hassle free answer to what we cost through our pricing page.


What is MDR? And why is it critical to your security strategy?

Managed detection and response (MDR) defined, evaluated, and brought to life.


Explore the value of Expel MDR for your organization

Evaluate the potential financial impact of Expel MDR based on Forrester Consulting Total Economic Impact (TEI) study


The myth of co-managed SIEMs

Considering a co-managed SIEM? Our CISO shares what you need to know before taking the plunge, along with his thoughts on the value of SIEMS

Back To Top