AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Q2 Threat Report. SOC trends to take action on | Take a tour of Expel MDR for Cloud Infrastructure


MDR for
SaaS apps

24x7 monitoring and response for Office 365,
G Suite and more

Detection and response built for your apps

Figuring out the difference between normal and suspicious user activity is tough. It changes from app to app and what’s normal for one role can be suspicious for another.

Our detection and response strategy is built for each app. We’ll tell you when we spot risky user behavior, investigate and provide you with next steps or we can auto-disable the compromised account (just say the word).

24x7 monitoring and response for …

SaaS applications

Detecting business email compromise (BEC) is just the start …

We’ve got you covered when it comes to BEC. And we’re also looking for other signs like risky config changes, logins via proxy servers and attempts to bypass MFA. In fact, our detection strategy is built specifically for each SaaS app.

Productivity Access management Data management
SaaS apps we support Gmail
Examples of things we monitor across SaaS apps
Suspicious authentication
Resource sharing
Unusual admin activity Duo and Okta
Risky config change Duo
Examples of unique things we monitor for each SaaS app
Suspicious email sending patterns
Creation of mailbox forwarding/redirect rule
Unusual volume of external file sharing
Unusual volume of file deletion
Authentication from suspicious country
Possible bypass of MFA
Login from proxy
GitHub repo given public visibility
New admin added to organization
GitHub new oauth app access approved


Three tips for getting
started with cloud
application security

If you’re feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.


Seven ways to spot a
business email
compromise in Office 365

As attackers behind BEC attacks find even more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.


Spotting suspicious logins at scale: (Alert) pathways to success

Suspicious login attempts for SaaS apps are on the rise, given this new reality we’re working in. Here are some tips on how to handle these attempts.

Three questions other MDR providers are hoping you won’t ask them

Is your detection strategy tailored to each SaaS app?

Do you treat log data from SaaS app services differently than other logs?

How do you train your analysts to investigate incidents that originate in your SaaS applications?

Back To Top