This organization is a real estate investment and development firm that manages a diverse portfolio of commercial properties across multiple countries. Backed by institutional funding, the company focuses on premium assets in urban centers, and their holdings span various property types, including retail centers and corporate facilities.
Global real estate investment firm chooses Expel for 24x7 security monitoring
Real estate firm shrinks alert-to-fix time to minutes and saves $150K by optimizing security signal
The company
The situation
The head of security manages a team of analysts at the firm. The group is responsible for managing the company’s high volume of security alerts. The existing process of ingesting and reviewing alerts was described as “gruesome.” Worried about potential team turnover, the security leader started to look for solutions that could improve their approach.
“Most of the alerts that surfaced required the team to investigate after regular business hours,” the security executive said. “I was worried about alert fatigue with my team, which was a major motivating factor in our decision to find a SOC-as-a-service provider.”
The security leader also wanted to free up the team to focus on more strategic security initiatives that were unique to the firm’s business, like creating an insider risk management model.
Evaluating options
The team had precise requirements for their security partner: one that would integrate seamlessly with their existing tech stack, clearly demonstrate value across all executive levels, and automatically respond to their millions of alerts.
The security team evaluated multiple managed detection and response (MDR) providers, and quickly discovered that Expel was the only tech-agnostic provider that could work with more than 130+ security tool integrations, including multiple cloud services. The security leader was shocked to find that other vendors all required a rip-and-replace of endpoint and network security tools.
Expel’s transparency immediately piqued interest, which was helpful not only for the security team but also for communicating Expel’s value to fellow executives and the company’s board of directors.
“Every provider makes big claims but they can’t back them up. With Expel, I have access to Expel Workbench™ and can log in any time I want to see what analysts are working on, how they’re handling a particular alert and what’s in the queue,” the security executive said. “I also keep our shared Slack channel up on one of my computer monitors at all times. It’s easy for me to ping the Expel team and get updates from them.”
Beyond the ability to watch an investigation unfold as it happens, the security leader saw value in being able to easily export information about Expel’s investigations and present those insights to other executives and the board of directors.
“My peers at the executive level and our board of directors aren’t solely focused on security, so the easy-to-understand reports in Expel Workbench help me clearly tell the story and show the continuous value we get from working with Expel,” the security leader said.
Every provider makes big claims but they can't back them up. With Expel, I have access to Expel Workbench™ and can log in any time I want to see what analysts are working on, how they're handling a particular alert and what's in the queue.”
⎯Head of Security
How Expel helped
Expel turned on its 24×7 monitoring service quickly for the firm, connecting to tech like endpoint detection and response (EDR), network and SIEM tools, along with cloud platforms and SaaS apps like Amazon Web Services (AWS), Microsoft Azure, and Office 365.
The security leader recalls the process being “painless.”
“Expel’s pricing model was so straightforward that I knew exactly what the service would cost me once we got all our tech connected,” said the security executive. “It was also incredibly helpful for me to see Expel’s roadmap before we purchased the service; knowing what integrations they’re building and what will be available in the future helps me make decisions about the new tech I decide to purchase.”
Benefits
The security leader and the team quickly noticed the benefits of working with Expel, including cost savings, automation that saved the team time, rapid communication, and a strong partnership between the Expel team and theirs.
Cost savings
The security leader realized significant cost savings by working with Expel by refining the org’s security signal and eliminating redundancies in tech. For example, the team turned on Windows Defender for Endpoint at the recommendation of Expel, which allowed the firm to get rid of a more expensive endpoint service that was providing less value to their investigations.
“Expel helped us optimize our security signal, which saved us about $150,000 a year. Now we’re using that money to accelerate several other strategic security initiatives,” the security leader said.
Thanks to Expel’s native integrations with AWS, the security executive also avoided purchasing another piece of technology to synthesize Amazon GuardDuty alerts. Instead, the Expel team ingested the real estate firm’s AWS security signal right into Expel Workbench.
Automation that drastically reduces time-to-fix
“It’s all about finding the needle in the haystack, which is incredibly time consuming without the right resources. Expel built a platform that ingests alerts across our vast network, evaluates, and weeds out millions of false positives, and then automates the investigative steps so Expel analysts can recommend the right next actions to our team. In today’s threat landscape, with ransomware in particular, reaction time from alert to remediation needs to be measured in minutes. That’s what Expel has done for us; their approach just makes sense.”
Benefits of partnering with Expel:
- Cost savings
- Automation that drastically reduces time-to-fix
- Rapid communication
- A strong partnership between security teams
Rapid communication
The security leader also found that Expel’s quick communication on the status of investigations—and their overall alert-to-fix time—were head and shoulders above other vendors.
The security leader noted that colleagues working with other security providers reported incidents requiring hours and multiple emails to resolve. With Expel, remediation took just minutes, enabled by real-time communication through Slack.
He also appreciates Expel’s ability to quickly triage and tune alerts.
“There are hundreds of investigations and each one takes our team at least an hour—Expel’s automations are [crunching] all of that for us so their mean time from alert to remediation is a matter of minutes. They get the signal-to-noise ratio just right, and filter out the false positives so that my team isn’t spending valuable time on something that’s not a concern.”
A strong partnership between security teams
The security leader has found immense value in the partnership between Expel’s analysts and the firm’s own team.
“Expel consistently provides my analysts with the context they need about alerts and investigations. They explain what happened, why they made each decision, how they’re remediating something and how we can prevent it in the future. We not only get to ‘done’ faster thanks to their proactive and collaborative approach, but it also strengthens our confidence in the Expel team.”
Additionally, the information security director noted being able to get new hires up to speed faster thanks to the strong working relationship with Expel.
Looking ahead
The security leader predicted that Expel’s approach could set an industry standard.
“Expel’s model is basically the next big thing, but the industry doesn’t know it yet. In-house cybersecurity is still a buzzword because the techies still love it and love to do it themselves. But the novelty is going to fade,” the security strategist remarked.
“Think about home alarm systems now — nobody tries to build their own. They pay a provider to come in and install their technology. If something bad happens, the owner is notified. We’re going to see the same shift in cybersecurity,” the security leader concluded.