Expel MDR strengthens security operations for Estes Express Lines

Estes Express Lines is one of North America’s largest privately held freight transportation companies. With more than 24,000 employees and a fleet of more than 53,000 tractors and trailers, Estes operates a Less-Than-Truckload (LTL) shipping network through a hub-and-spoke model. Their terminals sort and consolidate shipments from multiple customers through a network that handles freight volume similar to major air carriers.

The company’s operations rely on integrated technology including tens of thousands of IoT-enabled tractors, GPS tracking systems, dimensioning cameras, and electric forklifts with weighing capabilities to maintain tracking of shipment weight, volume, and density while monitoring hazardous materials transport.

“As a critical component of national transportation infrastructure, our security needs extend far beyond typical enterprise concerns. Our operations demand round-the-clock protection,” says Christian Emery, Security Director, Estes Express Lines.

With over 60,000 connected devices generating data across their nationwide network of terminals, the security team faced an increasingly complex monitoring challenge. Traditional approaches to threat detection and response weren’t keeping pace with their expanding digital footprint and the evolving threat landscape.

A cybersecurity incident in October 2023 prompted Estes to reevaluate their security approach. While they had invested in security tools, their security functions were spread across IT operations and engineering teams. Their digital twin modeling system—a virtual representation of operations and processes designed to simulate and optimize real-world scenarios—added another critical layer requiring protection, and security responsibilities competed with other operational priorities. The team knew that any vulnerabilities could affect service delivery to their customers across the country, potentially impacting the thousands of businesses that rely on their transportation network each day.

“We needed a solution that could rapidly bring together our existing security investments into a cohesive, manageable system,” says Emery.

Estes worked with a strategic advisor to help organizations make better cybersecurity decisions to minimize risk—to assess and implement a new security strategy. The team evaluated several security platforms, focusing on solutions that could scale with their growing infrastructure while reducing the operational burden on their existing staff. Key requirements included comprehensive threat detection capabilities, automated response features, and the ability to integrate seamlessly with their existing security tools.

Their evaluation led to a two-phase implementation plan. First, Estes deployed SentinelOne as their EDR solution to address their endpoint security needs. Then the team integrated Expel Managed Detection and Response (MDR) to enhance their security operations, as a whole.

Estes found that Expel MDR actually enriched their SentinelOne findings with rich contextual data. While SentinelOne monitors individual devices and servers, Expel correlates this data with insights from Estes’ network monitoring, cloud services, and identity management systems. Expel’s technology and real-time integrations help identify threats that might go unnoticed when viewing threat data from disparate security systems.

The Expel MDR service was deployed quickly and seamlessly, working with SentinelOne and other tools in their existing technology stack. This ultimately allowed Estes to meet their goal of enhancing the value of their current systems without the need to replace systems or hire additional staff.

Expel also automated manual tasks and offered a roadmap that aligned with Estes’ growth objectives. Expel’s ability to quickly deliver practical results was essential for their fast-paced logistics environment. By choosing Expel as their MDR provider, Estes allowed their security analysts to concentrate on more strategic tasks.

“We chose Expel because it instantly multiplied our security operations capacity without adding headcount,” says Emery. “When I saw how quickly we could integrate our existing security tools and automate our response capabilities, I knew this would transform how we protect our infrastructure.”

The Estes security team found themselves breathing easier after a remarkably smooth implementation. “By Monday morning, we had 60 million events in the Expel console, and we set the connection up on our own, just following the simple guidance and guides. We all went to bed and slept a little bit easier that weekend, knowing that we had better visibility and protection,” Emery says. The team completed five integrations in the first weekend, achieved 80% integration within a week, finishing all twelve planned integrations within a month.

Expel MDR’s platform—Expel Workbench™—connects with Estes’ existing security infrastructure to enable monitoring and response across data sources. The integration started with SentinelOne EDR, providing endpoint detection and response, threat hunting, and investigation capabilities, but security coverage quickly moved beyond the endpoint.

Expel monitors attack surfaces like endpoint, network, identity, and cloud, then correlates this data to paint a full picture of threat activity. The platform’s approach to security automation and correlation helps Estes make sense of millions of daily security events from many sources. By analyzing data from across their nationwide network of terminals within one place, Expel helps identify potential threats before they can impact operations or customer service.

“Expel takes all those disparate security signals across attack surfaces, aggregates them together, and gives me a centralized view on what’s happening,” Emery explains. “It helps us make better decisions faster because we get the who, what, when, and how in a more complete picture, without having to spend time researching through disparate tools.”

The Expel MDR implementation transformed Estes’ security operations efficiency and effectiveness. Integration with existing tools maximized their previous security investments while improving coverage across their infrastructure.

“It probably saves us hundreds of hours of staff time per year,” says Emery. “I can’t imagine how large a team I would need to review millions of alerts per day. More importantly, it’s allowed us to shift our focus from reactive monitoring to proactive security improvements.”

• Correlates telemetry across twelve integrated security tools, eliminating manual review of millions of alerts
• 80% of security infrastructure connected within the first week, providing immediate visibility
• Security team saves hundreds of staff hours annually through automated alert management
• 24/7 monitoring provides consistent coverage without additional headcount
  Team shifted from day-to-day monitoring to strategic security initiatives
• Faster threat detection and response through centralized visibility across security tools
• Better utilization of existing security investments through tool integration
• Simplified compliance monitoring and reporting through unified dashboard

Estes continues expanding their security capabilities through custom playbooks and response procedures. They’re developing more sophisticated threat detection approaches while maintaining resilience to new security challenges. Expel’s scalability helps Estes adapt to evolving security needs while supporting their critical role in transportation logistics.

“You can’t rest on your laurels. You always have to have that proactive mindset,” says Emery. “Our focus has shifted from reactive to proactive security, allowing us to invest our time in automations, threat intelligence, and staying ahead of current events. That’s how we protect what matters most to our customers.”

“Security really is a team sport,” continues Emery. “With Expel, we have another set of eyes looking at this thing and backing us up. We’re backstopping each other at the end of the day. Because we’re all working from the Expel platform, Workbench, we can collaborate effectively and ensure nothing falls through the cracks.”