Cyber insurer finds a trusted security and business partner in Expel

Expel significantly upgrades D&R capabilities for cyber insurance provider; alert data gives value-add for policyholders.

The company

This company provides specialized digital risk protection backed by advanced data analytics. They offer both cyber insurance coverage and preventative tools designed to help clients understand their exposures, strengthen defenses, and recover more effectively from incidents. Their approach balances traditional protection with technology-driven risk reduction strategies.

The situation

As a cyber insurance provider, it’s their job to care deeply about the cybersecurity of their policyholders. The security team places a strong emphasis on their own security fundamentals as well.

The security team knows that advancements in security engineering are significant contributors to their success. The CISO also understood that as they grow, robust detection and response capabilities are needed. He explains, “We’re a small but mighty team. We must balance our time in securing our environment with effective monitoring it to protect against the latest security threats. We knew right off the bat that we wanted to rely on outside experts to handle detection and response. Looking outside our organization for trusted vendor partners to augment our security needs provides us with more resources and capabilities to properly monitor our environment and identify potential issues.”

Policyholders rely on this insurer to help them understand complex risks, and to provide ongoing cyber-threat monitoring and risk alerts. In the event of a claim, they offer customers incident response support throughout the claim lifecycle, assisting with the engagement of vetted and trusted partners, such as breach counsel and forensics firms, to ensure success.

Of course, to do all of this and properly serve its customers, this organization must be able to effectively manage risk and mitigate its own security vulnerabilities.

When the CISO joined in 2021, he took a hard look at the cybersecurity posture of the organization to determine potential gaps, weak spots, and vulnerabilities. It wasn’t long before he realized that the managed security services provider (MSSP) they had in place wasn’t the right fit.

“Trust is the single most important thing we look for when we’re outsourcing a capability,” says the CISO. “We wanted a vendor partner that would guard our house the same way they’d guard their own.”

Evaluating options

They opened their search with a number of managed detection and response (MDR) options. Expel was in the mix from the beginning, but the CISO also evaluated long-established security players and other, newer companies. However, the solutions he evaluated came up short in supporting their fast-paced, cloud-native environment. None of the other companies could match Expel’s capabilities and understanding of their cloud environment.

“Everyone at Expel—from its leadership to our account team—understands the mindset of attackers and how to bring technology to bear to solve these challenges,” he says. “No other company approaches the problem of security the way that Expel does.”

That innovative approach to cybersecurity was one of the ways the CISO championed Expel within the organization, but he also envisioned Expel delivering value to their policyholders. “We knew Expel would have an immediate impact on our detection and response strategy. We also realized early on that the alert context Expel sends is useful intelligence our customers can use for their own security strategies. Once we showed leadership how Expel would protect our environment, and that we could use Expel’s alerts to inform our customers, bringing them on was a piece of cake.”

Everyone at Expel—from its leadership to our account team—understands the mindset of attackers and how to bring technology to bear to solve these challenges. No other company approaches the problem of security the way that Expel does.”

⎯Chief Information Security Officer (CISO)

How Expel helps

Once on board, Expel’s main responsibility became providing MDR services and supporting the existing team.

“We need 24×7 coverage. Our internal team is great and they punch above their weight, but they also have to sleep, take time off, spend time with their families—generally have a life outside of work. I can relax knowing that if our team can’t get to something right away, or we’re focused on another initiative, Expel is on the case,” the CISO says.

One of the ways that Expel stays on the case is by working seamlessly with the security tools already in place. “I particularly love Expel’s integration with a wide range of security technologies. I don’t want to be trapped in a box with the solutions we use,” says the CISO. “One of my favorite things about Expel is how easy it is to communicate with our Expel team.”

But while this insurer has robust cybersecurity capabilities, they’re not resting on their laurels. “Like so many organizations, we’re working hard to build out our security strategy, and that goes far beyond detection and response,” he notes. “We’re working on improving our engineering, our architecture, our GRC [governance, risk management, and compliance] functions…our entire security program. Having Expel on board gives us the head space to continue building out our organization.”

The CISO points to one specific example as a perfect summation of how Expel helps their security team. “We had an interesting alert that came in over a weekend. I was outside doing yard work, and Expel was in touch immediately,” he recalls. “At that point, we took the lead on investigating and Expel became an extension of our team. We seamlessly collaborated and the alert was resolved before it had a chance to escalate. It was exactly what we wanted to see from a managed security partner.”

What separates Expel is that they're the layer between us and our tools that gives us critical context. Expel is unique in that the team develops custom detection logic for the security tools they integrate with to make detections more precise. This in turn helps us maximize the return on our other security investments.”

⎯Chief Information Security Officer (CISO)

Benefits

The CISO has a simple way of knowing whether a vendor partner is benefitting his team. “If I don’t have to think about you, that’s a good thing. You’re doing your job,” he says. “The more you’re on my radar, the less trust I have. Our legacy MSSP was always on my mind. Now I’m confident that when there’s an issue, Expel is taking care of it.”

As the CISO anticipated from the evaluation process, they are maximizing the alerts received from Expel. “We work hard to educate our policyholders on various risks, and we notify them when issues that can impact them come up,” he explains. “We regularly use Expel alerts to inform the actionable advice we provide to our customers. That intel is helping us better serve our customers in a variety of ways. This is one of the ways that Expel is not only meeting my expectations, but exceeding them.”

Benefits of partnering with Expel

  • Provides peace-of-mind as a trusted partner, allowing the security team to focus on more pressing business initiatives
  • “Bring-your-own-tech” approach allows for flexible business growth
  • Equips the security team with critical context to communicate to policyholders

Finally, Expel provides this insurer with a foundation on which they can continue to build out their cybersecurity capabilities. Expel has integrations with more than 130 security tools and the unique capability to analyze security and non-security data along with business context (e.g., critical assets, users, business process, and allowed behaviors).

“We often think about our detection philosophy. Any MDR company can set up in a SOC, tap into other technologies, and pass over alerts,” says the CISO. “What separates Expel is that they’re the layer between us and our tools that gives us critical context. Expel is unique in that the team develops custom detection logic for the security tools they integrate with to make detections more precise. This in turn helps us maximize the return on our other security investments. Compare that with other MDR or MSSP companies, and Expel is playing chess while the others are playing checkers.”

The CISO knows that as he adds security technology to his SOC, Expel will be standing right beside him, helping make sense of his security signals.