Data intelligence company strengthens security with Expel, freeing up time and saving millions

This global data intelligence platform enables organizations to know their enterprise data and take action for privacy, security, compliance, and governance. Customers deploy the data intelligence platform to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape.

Before the CISO joined the data intelligence company, they led the security team at a legal and compliance software provider. The CISO spent over four and a half years building out the organization’s security capabilities. During that time, the team relied on Expel’s managed detection and response (MDR) 24×7 detection coverage and threat intelligence insights as a way to scale the firm’s small but growing security team. It’s safe to say that Expel made a lasting impression.

When the CISO joined the data intelligence company, they knew from experience that Expel would be the ideal partner for bolstering the company’s existing security capabilities. “Since our organization is a software-as-a-service [SaaS] company, we’re focused on the security of the production environment,” the CISO says. “We needed full visibility into the cloud environment, primarily AWS [Amazon Web Services].”

The problem was how to monitor thousands of daily threat alerts, surface the most-critical ones, and decide on remediation paths. Dedicating the security team to these tasks would leave no time to engage in other security activities, the CISO explains. And significant staff time was already reserved for the list of projects around product security and the security infrastructure buildout that the team also needed to tackle.

“It’s not feasible for a human to look at 10,000 log lines a day,” the CISO says. “And you need to overlay threat intelligence and known attack patterns if you want humans to make sense of alerts.”

The CISO was also concerned about recruiting and retaining the staff needed for ongoing alert monitoring, especially given the perceived cybersecurity skills gap. While skilled people are available for hire, the CISO had to focus on retention. “When you find talented people, you need to keep them busy and happy. No one wants to just look at alerts all day. It isn’t interesting, challenging or meaningful work, and it just leads to burnout,” the CISO says.

The immediate need, the CISO explains, was adding threat alert and remediation capabilities that worked from day one. “A 24×7 platform with threat detection and coverage takes years to build,” the CISO says. “It’s rare that you have the time to build that out.”

The CISO was already familiar with Expel MDR’s capabilities from their previous partnership. “I also knew that Expel has great in-depth coverage of AWS,”the CISO says. “We’d have a trusted partner from day one if we chose Expel, without spending the significant budget required to build a SOC.”

In addition, the CISO saw the opportunity to work with a partner with a long-term outlook for innovating new threat detection capabilities. “Expel is always building more integrations with solutions we’re using.”

“Instead of having to call every team and ask them if they’ve legitimately spun up new cloud storage, we rely on Expel to identify only new cloud resources where questions are raised,” says the CISO. Automation plays a key role in this process in the Expel MDR: it helps improve outcomes by correlating events overlaying threat intelligence and known attack patterns, allowing analysts to make sense of the legitimate alerts.

Expel MDR to protect cloud infrastructure, SaaS apps and endpoints, the data intelligence company has saved significant budget that might have otherwise been dedicated to building a SOC — while accelerating the security of its SaaS environment. In addition, the CISO has achieved the goal of shifting tasks involved with threat monitoring to Expel MDR and its automated features, giving the growing security team more hours to build out infrastructure.

“Expel gives us the force multiplier security capability we needed,” the CISO says. Freed of the time-consuming responsibility of monitoring threat logs, the security team members can focus on product security, as the CISO had envisioned.

• Shifts time-consuming threat alert monitoring to an automated solution
• Frees up time for security experts to focus on the most-critical threats
• Allows the security team time to focus on product security and implementing new security tools
• Fine-tunes security settings with insights from Expel experts

Expel MDR’s automation handles the “noise” inherent in threat alerts, allowing the security team time to use their skills for more critical threats and long-term projects. Also of value to the data intelligence company: Expel’s commitment to a cloud-native and modern security architecture. “Expel has helped us architect a security infrastructure that collects the right alerts and data to ensure full visibility across our vast attack surface,” the CISO explains.

“When we got started with Expel, we asked which settings to turn on or tune, and if we should be collecting different data streams,” the CISO says. “It’s very important to our security posture to have this advice — you can’t attach a dollar amount to that guidance.”

With so much recent momentum, the data intelligence company has no plans to slow down. Expel’s roadmap aligns well with the organization’s plans, as the company continues to expand its offerings within cloud environments and beyond.

“We can now continue to push the envelope forward and build out a great security program, while still introducing new security technologies to the environment along the way,” the CISO says.

Expel’s transparent platform, reliable automations, and coverage across cloud environments allow the data intelligence company’s security team to meet (and exceed) the needs of its rapidly expanding customer base.