Benefits of partnering with Expel
- Cost savings
- Automation that drastically reduces time-to-fix
- Rapid communication
- A strong partnership between security teams
Patrick realized significant cost savings by working with Expel by refining the org’s security signal and eliminating redundancies in tech. For example, his team turned on Microsoft Defender for Endpoint at the recommendation of Expel, which allowed Ivanhoé Cambridge to get rid of a more expensive endpoint service that was providing less value to their investigations.
“Expel helped us optimize our security signal, which saved us about $150,000 a year. Now we’re using that money to accelerate several other strategic security initiatives,” Patrick said.
Thanks to Expel’s native integrations with AWS, Patrick also avoided purchasing another piece of technology to synthesize his Amazon GuardDuty alerts. Instead, the Expel team ingested Ivanhoé Cambridge’s AWS security signal right into Expel Workbench.
Automation that drastically reduces time-to-fix
Patrick is impressed with Expel’s ability to quickly triage and respond to millions of security alerts across Ivanhoé’s tech stack.
“It’s all about finding the needle in the haystack, which is incredibly time consuming without the right resources. Expel built a platform that ingests alerts across our vast network, evaluates and weeds out millions of false positives, and then automates the investigative steps so Expel analysts can recommend the right next actions to our team. In today’s threat landscape, with ransomware in particular, reaction time from alert to remediation needs to be measured in minutes. That’s what Expel has done for us; their approach just makes sense.
Patrick finds that Expel’s quick communication on the status of investigations – and their overall alert-to-fix time – are head and shoulders above other vendors.
He says his peer CISOs with other SOC providers report that incidents can take hours and multiple emails to remedy. Patrick says Expel’s time to remedy is a matter of minutes – thanks in part to nearly real-time Slack communication.
He also appreciates Expel’s ability to quickly triage and tune alerts.
“There are hundreds of investigations and each one takes our team at least an hour – Expel’s automations are [crunching] all of that for us so their mean time from alert to remediation is a matter of minutes. They get the signal-to-noise ratio just right, and filter out the false positives so that my team isn’t spending valuable time on something that’s not a concern.”
A strong partnership between security teams
Patrick finds immense value in the partnership between Expel’s analysts and his own team.
“Expel consistently provides my analysts with the context they need about alerts and investigations. They explain what happened, why they made each decision, how they’re remediating something and how we can prevent it in the future. We not only get to ‘done’ faster thanks to their proactive and collaborative approach, but it also strengthens our confidence in the Expel team.”
Additionally, he noted that he’s able to get his new hires up to speed faster thanks to the strong working relationship with Expel.