What we do
(it’s more than what’s in the SLA)
Our “BYO-tech” approach and API integrations get you up and running within hours. You can choose to protect everything – cloud infrastructure, on-prem infrastructure, SaaS apps – or just what you need. This unique MDR approach includes extended detection and response (XDR) capabilities to give you a full picture across your security and business applications. And with our SOC analysts chasing down your alerts and responding to incidents 24x7, your team can focus on advancing security strategies unique to your business.
Detect
We apply an additional layer of security with our custom rules
Investigate and respond
We find out exactly what happened and tell you what to do about it
Remediate
We’ll automatically contain hosts in your environment
Hunt for threats
We proactively look for threats on-prem and the cloud
What are you looking to protect?
Cloud infrastructure
If you’ve moved to the cloud, we’ll connect to your AWS, Azure or GCP environment to identify:
- Data loss
- Compromised accounts
- Web application attacks
- Misconfigurations
On-prem infrastructure
Using the EDR, network and SIEM tools you already own, we filter out the false positives and look for:
- Lateral movement
- Malicious scripts
- Defense evasion
- Compromised accounts
SaaS apps
We look at user behavior in your applications like Microsoft O365 and Okta to search for:
- Unusual user behavior
- Compromised accounts
- Data loss
- Privileged access abuse
How it works
We plug into the cloud services and security tech you already own. We’ll tell you 24x7 when there’s something you need to care about, why and what you need to do to make sure your secrets stay secret.
What you see
(spoiler alert … it’s everything)
We believe in transparency. That means you see exactly what our analysts see. It also means there’s never any doubt about what we’re doing on your behalf. It’s a pretty radical idea. But we couldn’t imagine running the service any other way.
- See how our detections improve your areas of risk
- View each investigative step our analysts and bots take
- Get insights into interesting activity we spot in your environment
The result
(not just words… we created a dashboard to track it)
Our customers come to us because they want to increase their security quickly and get their existing security operations team out of the weeds so they can focus on more valuable and satisfying work.
Increase security fast
Transform your security operations team with less investment and overhead
Make your team happier
Eliminate tedious tasks you hate so you can focus on the work you love
Detect and respond faster
Find and resolve threats sooner; measure your progress over time
Reduce cost and risk
Fewer incidents means less disruption for your employees and customers
Managed detection and response (MDR) is
managed security that gives you what MSSPs
promised … but never delivered
Summary of Expel MDR capabilities
| Detection | |
|---|---|
| Proactive threat hunting | We go find the attacks your products don’t alert on and which only a human can find |
| Expel detection rules | High fidelity alerts from Expel-curated rules based on simulated and real-life attacks |
| XDR alert analysis | API-integration to your cloud services, EDR, network and SIEM tools let us investigate as if we are in your office |
| Alert triage by Josie™ | Our bot, Josie, evaluates each alert and weeds out false positives so our human analysts focus on alerts that require judgement |
| Alert enrichment with benchmarks | We add details about IPs, hashes and domains and tell you how often each alert leads to an incident |
| Alert signal visibility | See which cloud instances and security tech generate the highest-quality alerts and investigative data |
| Response | |
| Incident validation and notification | One click gets you detailed analysis including answers to what happened, where, when, why and how |
| Ruxie™ investigative bot | Our bot, Ruxie, automates investigative steps so our human analysts get the info they need before they ask for it |
| Remote response | Our analysts investigate and give you detailed reports (written in plain English!) with clear actions |
| Containment and remediation actions | We go as far as you want … from telling you what to do … to pushing the button to contain threats |
| Alert-to-fix timeline | See how long it takes our analysts to go from initial alert to remediation (and each step along the way) |
| Threat-specific reporting | See attack diagrams, maps and timelines specific to threats like commodity malware and BEC |
| Resilience recommendations | We’ll give you detailed guidance on how to improve and get at the root cause of repeated incidents |
| How we work | |
| See what our analysts see | We like company, so you get to share the same view as our analysts via the Expel Workbench™ |
| “BYO-tech” approach | We’ll use the security tools you already invested in, not make you buy ours (and we don’t sell tools) |
| Slack comms with our SOC | Talk live with our analysts any time via a dedicated Slack channel |
| Metrics to support ROI | We show you what we’re doing as we do it, and calculate metrics so you can hold us accountable |
| API for custom reporting | If you can click on it in our user interface you can automate it with our API and your own code |
| Security device monitoring | While we don’t patch and upgrade your tools, we make sure they’re configured right … and stay that way |
| Easy to turn on (and off) | We don’t take hostages. If we’re not meeting your needs it’s as simple to turn us off as it is to turn on |
| Transparent pricing | We love a good time, but playing pricing games isn’t our thing; get a hassle free answer to what we cost through our pricing page. |
Analyst Report
IDC MDR Workbook
Considering a managed detection and response (MDR) service provider and need help getting started? This workbook is the tool for you.
Tool
Explore the value of Expel MDR for your organization
Evaluate the potential financial impact of Expel MDR based on Forrester Consulting Total Economic Impact (TEI) study
Blog
The myth of co-managed SIEMs
Considering a co-managed SIEM? Our CISO shares what you need to know before taking the plunge, along with his thoughts on the value of SIEMS