Our Pricing

Whether you’re a Fortune 500 company or a boutique law firm, Expel can help you get better security … overnight.

You choose the attack surface you’d like us to monitor and we’ll provide 24x7 detection and response. All products include access to Expel Workbench™, communication with our SOC analysts via Slack or Microsoft Teams and custom recommendations that reduce risk.

Choose one or all Expel products

Cloud infrastructure icon

MDR for cloud infrastructure

If you’ve moved to the cloud, we’ll monitor your AWS, Azure or GCP environment. Pricing is based on resources.

MDR for Kubernetes

We integrate with EKS and GKE to monitor and secure your Kubernetes environment. Pricing is based on nodes.

On prem infrastructure icon

MDR for on-prem infrastructure

For those looking to monitor some combination of their network, endpoint SIEM technology. Pricing is based on endpoints.

Saas icon

MDR for SaaS apps

Detect suspicious activity, like BEC, in your applications like Office 365 and G Suite. Pricing is based on user accounts.

Phishing icon


We’ll spot the real phishes for you by investigating user reported emails.
Pricing is based on users.

Orange arrow in bullseye - Threat hunting

Threat Hunting

Find stealthy new threats that slip past your security tech. Pricing is based on your environment.

Get a quote

Looking to understand what Expel would cost for your team? We’re here to help. Fill out the form below, and we’ll start crunching the numbers.

In the meantime, look for an email from us with times to chat through a few more details to give you the most accurate estimate. We’ll talk through your personalized quote and how our pricing works so you leave with the info you need – no strings attached.

Common questions

  • What do you consider endpoints?

    When we talk about endpoints, we mean laptops, workstations and servers. We’re not including mobile devices or things like printers, thermostats and other things with an IP address.

  • How should I calculate my total number of user accounts?

    When we talk about users we mean how many user accounts you have for apps like O365 and G suite. Our pricing is based on the largest number of users for an application we monitor. For example, if you have 5,000 user accounts for O365 and 3,000 user accounts for Okta, the total cost is based on 5,000.

  • What technology do you integrate with?

    We’re constantly adding to our list of integrations but below are a few examples. You can find the tech we plug into here.

  • What resources should I count?

    When we talk about resources we’re referring to three areas. - Compute: your servers or processors in the sky, like AWS EC2, Lambda, or Azure virtual machines - Storage: resources like AWS S3, Blobs and managed databases (think RDS and alike) We get all resources aren’t created equally and weigh them a bit differently. We’re working on an easy way to estimate the cost based on your resources, in the meantime contact us for pricing.

  • Do you offer hunting services?

    Yes, proactive hunting is available as an add-on to our MDR service for an additional fee. We take a retrospective look at data from your existing SIEM, network, endpoint and cloud infrastructure and apply advanced investigative techniques to find evidence of malicious activity. When it comes to response and finding root cause (which some consider reactive hunting) that’s included in our MDR service.

  • How do you price phishing?

    We price based on users.