Global intelligence company extends assurance of trust with Expel

Founded in 2013, this global technology provider delivers data, insights, and analysis to make regulatory, legislative, and market intelligence more accessible, actionable, and valuable. Using AI technology with expert and peer insights, the company serves clients worldwide—including governments, nonprofits, and Fortune 100 corporations—helping them define goals, maintain compliance, assess risk, and navigate complex policies.

For its first few years, the company was very much a startup, with fast growth and a “make it work now” culture. That fairly typical early-stage approach, combined with the fact that the company’s core product provided access to data that was largely in the public domain, initially reduced concern about security internally. But as the company’s business grew, so did the scope of potential threats. Stronger security defenses were required to maintain trust with customers and to scale with the company’s growth and increasing complexity.

To help further protect assets and enhance security policies, the company  brought in a VP of Cybersecurity & DevOps. Coming into the business, the VP saw their main challenge as managing the “unknown unknowns.” 

“During the startup phase, the company understandably moved very fast. Thanks to employee diligence and a relatively straightforward single product offering, basic security practices were enough to keep a lid on security risk for several years. However, evolving major changes to the organization were clearly going to add a lot more complexity.”

Attention to these issues increased even further once the company announced plans to go public. “Part of my mandate was always to bring more security consciousness to the company, but this increased public attention on the company,” the VP says. “Any security incident could have negatively impacted our reputation at exactly the wrong time.”

Acquisitions also added to the company’s need to enhance its security program. The company has acquired more than a dozen companies since its founding. “Each company had its own cloud infrastructure, identity infrastructure, and SaaS apps,” the security leader  explains. “One of my jobs is to make sure we have tools and processes in place to smoothly, easily, and securely bring any acquired entities into our security program. It had to be a repeatable process.”

The Security VP had an action plan. As a team of one (to start), the focus was to carry out a  new security approach—and hope that the “unknown unknowns” were few. To accomplish these goals, the VP knew a trusted partner was needed, and quickly.

“I needed more headcount, but I also needed some kind of force multiplier that could be deployed relatively quickly,” the VP says. “Even given budget for headcount, the hiring wasn’t going to happen fast, and building an in-house team with 24x7x365 coverage wasn’t likely. So managed services naturally started to stand out—with innovative partners behind the solutions.”

As the search  for a trusted security partner began, the security leader explored Expel to understand what was possible.  Expel’s innovation and experience in the security market, as well as the attitude and outlook of its leadership team, convinced the VP that Expel MDR was the right solution at the right time.

“I liked the company story,” says the security VP. “The leadership wanted to disrupt the state of the market and they had clear ideas on how to create transparency in their investigations.” The difference was that Expel wouldn’t simply throw alerts over the fence for them to deal with; they would enrich the data by providing real context for rapid decision-making with 24x7x365 coverage. 

When pitching Expel to leadership, the VP sketched out what it would take to replicate Expel’s services in-house. “We’d need at least three full-time resources, likely making well into six figures each, annually, at a minimum,” the VP says. “We’d also need to procure a commercial SIEM tool and/or a security data lake. Expel’s cost would be less than half the cost of building the equivalent team in-house—and offer more consistent coverage with minimal management overhead. And of course, they already have the expertise—what are the chances we’d do better than them 24x7x365?”

Expel integrates natively with all the software and platforms the company already relies on. “Google Workspace, AWS [Amazon Web Services], GitHub, and Okta account for probably three-quarters of the risk landscape that we had,” says the security leader . Expel also integrates with the wide range of other security solutions the company uses, including native AWS security services like GuardDuty.

The integrations help streamline onboarding for employees of both the parent company and new acquisitions, while protecting the company from attacks. “Once new acquisitions accept our AWS Organizations invitation, they’re immediately plugged into Expel Workbench,” the VP explains. “At most, there’s one more click to enable AWS GuardDuty. With a few minutes of effort, Expel is monitoring critical application infrastructure activity.” 

Expel’s easy integrations also help protect the company from data loss. “Expel consumes and enriches the findings across all the integrations they have in the platform,” the Security VP says. “With minimal tweaks, Expel tells us what we need to look at from a security perspective using the big picture—rather than us writing rules, reviewing alerts, configuring dozens of integrations, and chasing after countless false positives.”

The security leader’s confidence in Expel went up several notches when the solution helped unearth a potential security breach involving unauthorized access in the company’s infrastructure environment. Expel alerted the VP to anomalous behavior within an identity access management tool—in this case, a chain of events resulting in the creation of an unauthorized user account.

“This was the kind of thing that I suspected might happen in our environment—and Expel’s proactive alerting saved us from a much more serious incident. We were able to rapidly revoke the unauthorized user accounts,” the VP says. 

Benefits of partnering with Expel

• Enables rapid improvement of security company-wide
• Helps define new policies for proper data handling, user accounts, and incident response
• Streamlined processes save time and bring all security features into one platform
• Significant cost savings from further investment in resources and technology

By relying on expertise and product excellence from Expel, the Security VP built 24x7x365 security for the company environment, and saved budget by not purchasing a commercial SIEM, which wouldn’t have offered the consistent and precise coverage provided by Expel.

“We saved a lot of time and frustration as well as configuration confusion,” the VP says. “Not only were there significant monetary savings, but also significant opportunity cost savings from our decision to work with Expel.” 

With Expel taking on the heavy lifting for monitoring security threat alerts and help with remediation, the VP and the team’s two security engineers can devote their time and attention to big-picture security issues. 

“The system we set up has really performed well at shaking out the unknowns,” says the security leader, “like looking at how previous users of our systems might be misusing access. Security people are infamously skeptical. I’m suspicious of products that claim to provide only the information we need to know. I’m always wondering if they’re missing something. But Expel earned my trust pretty quickly.”

For the security VP the benefits of Expel MDR also relate to saved time. In today’s complex security landscape, having a multitude of task-specific tools generates a lot of noise. Expel refines these inputs into recommendations and actions, leading to quicker action and more decisiveness in the company’s security posture. 

“Just getting the information isn’t enough,” says the VP. “Relevance is paramount. Security alerts need to be accurate, useful, and include enough context to help us make good decisions quickly. With Expel I can focus on what’s important, and use the time saved on other high-value projects.”