Case studies · Cole Finch
Ben Uhlig, global cybersecurity and compliance manager at CentroMotion, shares how switching to Expel transformed security operations for a lean two-person team managing 30 global locations—including coverage for legacy operating systems that other MDR vendors couldn’t support.
Customer interview transcript
A candid conversation with Ben Uhlig, global cybersecurity and compliance manager at CentroMotion, about replacing a slow, noisy MDR with one that actually keeps up.
Company: CentroMotion (3,000+ endpoints, 30 global locations across the US, Europe, Asia, and Latin America)
Interviewee: Ben Uhlig, global cybersecurity and compliance manager
My name is Ben Uhlig. I work for a company called CentroMotion. I’m the global cybersecurity and compliance manager. We have approximately 30 global locations with presence in China, Japan, India, Brazil, Europe, Mexico, and the US. Our primary work that we do revolves around agriculture, cargo material handling, construction and mining, healthcare components, marine and transportation, and specialty vehicles.
Well, our team is only two people. We run very lean, considering we’re a fairly decent-sized organization. Right around 3,000 users that have endpoints, but we have substantially more due to manufacturing.
The challenge with CentroMotion’s previous MDR vendor
We were using another product that was actually brought in before I was hired. I was actually completing the review of incidents before they even responded to them for us. There was stuff getting through the triage process, like the Guilduma banking Trojan showed up somewhere in our Brazil facility. I detected it with CrowdStrike before our MDR reported it, and I already had the system rebuilt by the time they responded and said, “Hey, you have a piece of malware out there.” So we’re talking four to six hours of latency on the response. That’s when I made the decision that we have to find something better.
Why CentroMotion chose Expel for managed detection & response
Being a lean team, we don’t have time to sit there and babysit the tool and follow down every single lead and try triaging it, and that’s why I started looking into Expel and a few other vendors. I had five or six different vendors that I was reviewing, and after all was said and done, since we are a manufacturing company, guess what?
We have obsolete operating systems that they couldn’t support. But Expel, with the way they do things, and you bring your own infrastructure into their environment, it was much easier to maintain coverage across all devices, even the ones at the time that were obsolete. The level of engagement that they had with their MDR process just blew me away compared to what I was used to.
The other piece that really got my attention was how machine learning and how the AI works with their product. So out of a million events, I would say 99.5% of them are filtered out in triage by AI and machine learning before we actually need to have eyes on the actual issue.
How Expel gave a lean security team peace of mind
Well, the biggest thing before and after Expel is now I can actually sleep at night. Didn’t have the ability to be comfortable with the other vendor. But knowing Expel is watching it, they have their AI and ML watching it, I know if I go to sleep and if I get a call, it’s a legitimate call. It’s not another false positive. That’s the biggest improvement, I think. We’re talking mean time to resolution on malware events, stuff like that, are usually within less than 15 minutes, 20 minutes tops.
As a company, we’re fairly new. We’re only about four years old because we divested from another company, so there’s been a lot of technical debt that we’ve had to deal with. Using Expel has opened up a lot of time for myself and my colleague in India to actually work on other project stuff, work on other issues that are coming up, and it gives us more time to deal with vulnerability management because we know that the triaging of the actual issues is covered.
Time saved, trust earned
I couldn’t ask for a better partner. We have a great rapport with Expel, and I trust them with everything in our environment. I wouldn’t give that to most vendors that I’ve dealt with in the past. My CIO has even said we made the right choice, even though we were reluctant at first.
A lot of it had to do with cost. But the time saved clearly offsets the cost difference that we’re paying. I just think they’re probably one of our best vendors that I’ve ever had to deal with.
Key takeaways from CentroMotion’s MDR success
- 4–6 hour response latency eliminated with previous MDR vendor
- Legacy OS coverage maintained across all devices, including obsolete systems
- 99.5% of events filtered by AI and machine learning before human review
- <15–20 minute MTTR on malware events
- 2-person team freed up to focus on vulnerability management and strategic projects
- CIO confirmed: the right choice
Ready to see what MDR looks like when it actually keeps up with your team? Learn more about Expel’s managed detection and response services and discover how we help lean security teams do more with less.
This transcript has been edited for clarity and readability. For more cybersecurity insights and managed detection and response resources, visit expel.com and follow us on social media.
For more testimonials from Expel customers, visit expel.com/customers or see our customer video playlist on YouTube.
