Expel eliminates unnecessary alerts and enables product innovation for The Meet Group

The Meet Group is a top provider of livestreaming video and creator economy solutions for a number of the world’s top social apps. The company connects millions of people every single day—while also giving brands new opportunities to monetize and engage their audiences.

In addition to working with some of the most well-known social apps on the planet, The Meet Group has built its own portfolio of mobile apps and services to help even more people find connection and community. These apps and services include MeetMe, Skout, Tagged, and Growlr.

The Meet Group offers its own apps that connect people for networking, friendships, and even romantic relationships, as well as supporting other services with its technology. As such, the company is managing mountains of user data. “Ensuring that we keep our users’ data safe and out of nefarious hands is a top priority for our team,” said James Zhou, Senior Vice President of Technical Operations & Security at The Meet Group. “Nothing is more important to us than the safety and wellbeing of the millions of people who find connection and community on our platforms and through our technology every day. Our users trust us with their data and the last thing we want to do is lose that trust.”

Zhou and his team implemented a “secure by default” model, in which The Meet Group’s development organization considers security throughout the entire product development process. But Zhou and Brian Cenker, The Meet Group’s Director of Network & Security, know they must enable the dev team by providing the security infrastructure and guidance it needs to meet data compliance requirements.

“We have a large dev org and a small security operations team,” Cenker notes. “One of our main responsibilities is supporting that dev org and making sure the features they’re rolling out are safe, without slowing the pace of innovation.”

While strong security is baked into the product development process, The Meet Group also needs robust threat detection and response capabilities to protect its cloud environment and keep its technology and user data protected from outside threats. Given the security team’s focus on supporting the dev org, The Meet Group was working with a managed detection and response (MDR) vendor to keep an eye on threats and manage incidents. Unfortunately, the service they got from the vendor was overwhelming—and not in a good way.

“Every day, we were inundated with alerts—most of them benign,” recalls Zhou. “And the alerts were almost always from expected behavior—users moving from point A to point B, for example. Our team had to investigate each of these alerts—sometimes up to six or seven per day. We also started to worry about potentially missing a real incident buried under this mountain of false positives.”

Cenker adds, “We have a small and agile security team. We can’t spend hours every day investigating alerts. It was taking time away from how we enabled our development team, who are always hard at work rolling out new features and products for our customers. The sheer number of alerts we were getting was stretching us thin.”

A big reason for the high volume of the alerts was that the legacy MDR provider wasn’t cloud native, so it simply ingested Amazon GuardDuty alerts and passed them over to Zhou, Cenker, and their team. “Our team is spread out around the world, and our developers are constantly working on our products—either introducing new features, fixing problems, whatever—as a group, they could be pushing hundreds or even thousands of changes every day. This created an enormous number of GuardDuty alerts and if we didn’t stay on top of it, a mountain of security debt. Peace of mind is hard to come by when there’s that much to manage,” laments Zhou.

At this point, The Meet Group’s team saw an opportunity for a change.

Zhou and Cenker—along with The Meet Group’s leadership—set out to identify an MDR partner that could satisfy a few key criteria. First, the new MDR provider had to be cloud-centric. Amazon Web Services (AWS) is the backbone of The Meet Group’s infrastructure, so effectively protecting the cloud was a must. Next, the MDR provider would have to better manage the alerts coming in from The Meet Group’s existing security tools. The daily influx of alerts from the legacy partner was unsustainable—so wrangling those alerts was another important concern. The Meet Group also wanted an MDR partner that would work more seamlessly with its security tools and improve the team’s workflows. And lastly, the partner would need to be able to understand the distribution of The Meet Group’s worldwide developer team and handle their work appropriately, rather than as a reason to trigger yet more alerts.

“We opened up our search and evaluated a number of different providers,” recalls Cenker. “Most of the offerings we evaluated ended up being focused on the data center, rather than in the cloud. Some were just dipping their toes into the cloud, and would simply pass along alerts the same way our legacy provider did. Others had no way to integrate with our security tools.”

It wasn’t until The Meet Group learned about Expel’s approach to cloud security that they knew they’d found the MDR partner for them. Expel had the right mix of cloud detections, alert triaging capabilities, and integrations with both security and non-security tools to ease The Meet Group’s workflows and slow the flow of unnecessary alerts.

“Expel was the only vendor we evaluated that wrote its own meaningful cloud detections, and weren’t just a proxy for GuardDuty,” says Cenker. “Every other vendor we met with said they could manage our cloud alerts, but Expel was the only one that could back up its claims. Coupled with the right mix of integrations and an unmatched operational transparency, we quickly realized Expel was the ideal partner.”

Zhou, Cenker, and the team gained peace of mind from Expel before it was even fully integrated. Zhou remembers, “The onboarding process was easy, and the documentation was clear and up-to-date. Looking at such an important process and seeing how easy and painless it would be definitely inspired confidence in our new relationship.”

Simple onboarding allowed The Meet Group to realize benefits right away. The organization integrated its security tools, as well as Slack, with Expel Workbench™, Expel’s security operations platform, to tie all security workflows together and enable quick and transparent communication between Expel’s analysts and The Meet Group’s security team. “We’re a Slack shop, and being able to tie Slack and all our other tools into Expel Workbench totally transformed our workflows,” recalls Cenker.

Expel’s custom detections and automated triaging slashed the number of alerts The Meet Group’s security team received. “We went from six or seven alerts every day before Expel to around one alert per week, once we configured our system with Expel Workbench,” Cenker says. “We’re only seeing the alerts we want to see, and are no longer inundated with ‘false-positives.’ We get back all that time we used to waste on unnecessary alerts, and now invest that into supporting our dev org. Expel has been a game changer for us.”

Ironically, dealing with fewer alerts gives Zhou and Cenker better visibility into their environment. Expel only delivers important alerts that mean something. And with Expel’s help, they can turn an eye to the future of the security strategy and be more proactive about The Meet Group’s investments.

“With cloud being such an integral part of our environment, we evaluate all potential tools and vendors from a cloud standpoint,” Zhou explains. “And since Expel is such a critical partner on our cloud journey, we lean on the Expel team to help us ensure we’re bringing in capabilities that will complement our cloud security approach.”

The first and perhaps most impactful benefit for Zhou and Cenker’s team was going from spending one to two hours every day investigating false-positive alerts, to managing one to two alerts per week—a decrease in alert volume of more than 90%. “We completely cut out the unnecessary alerts. If Expel flags something for us, we know it’s worth reviewing. We’re not seeing what we don’t need, and only seeing what we expect. We’re saving 10-15 hours in investigation time every week, which frees up about 25% of the team’s working hours,” says Zhou.

Beyond the time savings, The Meet Group has experienced some unexpected upsides, too. “Having Expel on our side benefits the business at a higher level than just security operations,” explains Zhou. “We realized significant savings on our cybersecurity insurance policy rates, and we have a security model that satisfies the security audits some of our partners require. Having Expel in place has benefited and enabled our business in ways we didn’t originally anticipate.”

With Expel, The Meet Group security team doesn’t exist in a silo. Knowledge of threats impacting other customers, along with assets like Expel’s Quarterly Threat Reports, keeps Zhou, Cenker, and their team informed about threats, saving loads of time on research.

“I like that we’re not on an island with the Expel team, and that they bring the full breadth of their knowledge on current trends and attack techniques into how they advise us,” says Cenker. “Again, with such a small team, we don’t have the bandwidth to research emerging threats—but Expel does, and that information helps us prioritize changes in our strategy.”

For The Meet Group, Expel’s benefits boil down to freeing up the security team to focus on supporting the dev org, and peace of mind knowing that Expel is there to identify and mitigate potential threats.

“Expel didn’t force us into a box, but rather came into our environment and adapted to provide us with exactly what we needed,” says Zhou. “Expel’s cloud detections, automations, integrations, security industry knowledge—everything—combines to give us the security operations support we need now. And we know that as our needs change over time, Expel will be right there with us, giving us the support we need in that moment. It’s great to have a partner like Expel in your corner.”

Benefits of partnering with Expel

• Saves 10-15 hours per week investigating unnecessary alerts, about 25% of the team’s working hours
• Reduces alert volume by 90%, freeing up time and resources for The Meet Group’s security team to support product development
• Improves the company’s cybersecurity insurance costs
• Provides needed cloud expertise now, and enables the company to grow on its security journey in the future
• Supports The Meet Group in keeping user data safe and secure