FIA Tech selects Expel’s “APIs not agents” approach for 24x7 managed detection and response (MDR)

Fintech company saves 40 hours a week, shrinks response time with Expel.

The company

FIA Tech is the leading technology provider to the exchange traded derivative industry and supports 8,000 organizations around the world that are involved in trading futures and other derivatives. Its customers include clearing firms, banks, exchanges and buy-side institutions. Since its launch in 2007, FIA Tech has worked with the industry to develop and provide key services and technologies which help market participants reduce risk, mitigate operational costs, and meet market and regulatory challenges.

We wanted to focus on the stuff that mattered, the stuff that was going to drive increased revenue. ”

⎯Pat Lefler | Senior Vice President of Risk and Information Security

The situation

In 2021, FIA Tech announced a $44 million investment by ten leading banks to fund its strategic growth. The newly capitalized FIA Tech planned to invest in further developing existing products that have successfully served its industry and in launching innovative new solutions to improve market infrastructure across the listed and cleared derivatives industry.

This new capitalization brought with it increased security requirements and led FIA Tech to modify its security program.

Pat Lefler joined FIA Tech as the senior vice president of risk and information security in 2020. He works alongside an in-house tech ops team.

Lefler and FIA Tech quickly developed a three-pronged approach to increase visibility into its endpoints, network, and cloud services. First, they set up new endpoint protection with Carbon Black, then SIEM and log file aggregation with Sumo Logic as the second prong. They also wanted to integrate Palo Alto’s Prisma through Panorama, as well as their cloud security signals from Microsoft and Amazon Web Services (AWS).

Once the new tech was in place, the company needed a third prong — a way to monitor. “We just didn’t have the resourcing to look through the myriad alerts we were getting,” said Lefler. He needed to find a Security Operations Center (SOC) that would integrate well with FIA Tech’s existing tech and could start monitoring quickly, given how rapidly the organization was growing.

Evaluating options

From the start, Lefler knew that he wanted to look externally for a managed detection and response (MDR) partner. FIA Tech’s tech ops team was already “so busy, we couldn’t ask them to research all of the Carbon Black alerts we were getting,” he said. “We wanted to focus on the stuff that mattered, the stuff that was going to drive increased revenue.”

To start the evaluation process, FIA Tech identified several key criteria for its new MDR provider. Given the company’s new investments in Carbon Black and Sumo Logic, it was critical that the partner they chose integrated well with these existing solutions. In addition, the MDR provider would need to aggregate FIA Tech’s security signals from both AWS and Microsoft tech like Azure and Office365.

FIA Tech started by evaluating a large, well-known managed security provider, knowing the company was a big player in the space. However, that provider didn’t integrate well with Sumo Logic — a major issue given FIA Tech’s existing investment. “Even though we already had our own agents on all of our Sumo Logic servers, this MSSP would have required us to implement their agents, as well, wasting weeks of our time and resources,” Lefler said.

At this point, one of the company’s technology partners recommended that they speak to Expel. Three things stood out to FIA Tech as they met with Expel: Expel’s ability to support their existing security tools, Expel’s ease of integration, and the positive working relationship he developed with Expel’s representatives through the sales process.

Just three weeks later, FIA Tech chose Expel as its new SOC.

Expel’s remediation recommendations allowed us to make better decisions faster, especially at 2am. ”

⎯Pat Lefler | Senior Vice President of Risk and Information Security

How Expel helps

Expel integrates with Carbon Black, Sumo Logic, Microsoft Azure, O365, and AWS — the pillars of FIA Tech’s security program. This was key for FIA Tech’s implementation team to feel comfortable that their new partner could support their security needs.

The fact that Expel could integrate with FIA Tech’s existing tech investments through APIs instead of agents also stood out. “I think we were just agent exhausted, so to speak,” Lefler said. “And so, when Expel said no agents, it really perked our ears up.”

In addition, bringing on Expel gave FIA Tech the benefit of a fully ramped, expert SOC with deep experience and expertise for less than the cost of hiring an additional junior technical team member to service its alerts (let alone a more experienced hire).

Another thing that stood out to Lefler was the ease of working with Expel through the sales process. “It was a really easy process. They were nice. They were reasonable. I think that goes a long way, you see things from your partners in these types of negotiations that are indicators of success going forward,” he said.


Thanks to Expel’s integrations with its existing tech stack and a smooth onboarding process, FIA Tech was able to quickly implement 24×7 monitoring and investigation to round out its security strategy in just a few weeks.

Benefits of partnering with Expel

  • Immediate time to value
  • Rapid response and investigation by an expert SOC
  • Time saved from sifting through alerts
  • 24×7 monitoring without adding additional staff

“The immediate value of seeing our data and alerts in Expel Workbench™ in a matter of hours, as well as Expel being able to integrate via API (instead of installing agents) were pivotal points for us,” said Lefler. “It’s just allowed us to focus on growing our infrastructure to support our strategic business goals.”

Since partnering with Expel, FIA Tech saw that over 40 percent of its alerts were happening after business hours, according to the Alert Analysis dashboard in Workbench. To make sure that his team could work seamlessly with Expel’s SOC — even at late hours — Lefler spun up some 2am testing.

The test was a success. Lefler found that “Expel’s remediation recommendations allowed us to make better decisions faster, especially at 2am.”

Through the rapid monitoring, investigation, and response FIA Tech gets with Expel, Lefler estimates that FIA Tech is saving at least 40 work hours per week previously spent sifting through alerts. This has allowed the team to concentrate on other projects and helped to reduce team fatigue.

“We put an incredible amount of trust in Expel to go through all of the alerts we receive so we no longer have to worry at the end of every week about trying to track them all down,” he said.

A look ahead

With Expel’s support, the FIA Tech team can now dedicate their time to security projects unique to their business rather than sifting through tens of thousands of alerts. “We’re very happy to be Expel’s client, and we rely on them,” Lefler shared.

Down the road, the FIA tech team is excited about the possibility of adding auto-containment and other support from Expel.

Working with Expel for 24×7 monitoring, investigation, and incident response has helped FIA Tech meet the enhanced security requirements brought on by its corporate changes, resulting in an upgraded security program, peace of mind that they won’t miss the alerts that matter most, and time back in their days. FIA Tech’s in-house tech ops team can now focus on maintaining their networks, growing their infrastructure, and increasing their overall security.

Bots mascots