Expel introduces Managed Detection and Response for Microsoft

Expel for Microsoft connects to Microsoft Defender for Endpoint, Azure, Sentinel, Office 365 and MCAS

Press releases · Cole Finch

Herndon, Va. – June 2, 2021 – Expel, the managed detection and response (MDR) provider that’s making great security as accessible as the internet, today announced the launch of Expel for Microsoft.

Expel for Microsoft automates security operations across the Microsoft tech stack, including Active Directory, AD Identity Protection, Azure, MCAS, Microsoft Defender for Endpoint, Office 365 and Sentinel. Expel connects via APIs and ingests security signals from Microsoft’s products into Expel Workbench™, along with other third-party signals you have in place. Expel then applies its own detection engine along with threat intelligence gathered from across its broad customer base to quickly find activity that doesn’t look right, like suspicious logins, data exfiltration, suspicious RDP activity or unusual inbox rules. Specific context and business rules that are unique to your environment enhance these built-in detections as Expel’s detection engine learns what “normal” looks like for your organization.

Expel is demonstrating and answering questions about its Expel for Microsoft solution on June 22 at 2 p.m. ET. Register here for the live demo.

“Many of our customers invest in Microsoft security tools, and at the end of the day they want to know which incidents they should care about and what to do about them,” said Matt Peters, chief product officer at Expel. “Most security providers get you part way there — they take your Microsoft signals, comb through them and hand you back a list of alerts to investigate. At Expel, we ingest your signal, our tech filters it down to what might be interesting and our analysts review — based on what’s important to your org and what we’re seeing among our broader customer base — to determine if it requires your attention. We flag only what needs action from you, saving you the time and headaches associated with sifting through piles of alerts.”

With Expel for Microsoft, you’ll get:

  • 24×7 monitoring and response for Microsoft security signals: Expel monitors, detects and responds to alerts across all your Microsoft tech, as well as any third-party security tech you have in place (or plan to invest in).
  • Increased ROI from your Microsoft investments: Expel for Microsoft helps you optimize your current Microsoft security investments, along with those you make down the road.
  • Real-time collaboration with Expel on Teams: Expel makes use of the tools you use every day and the team will message you when something looks suspicious so you can fix it fast. Not a Teams player? Expel’s on Slack, too.

Expel customer Ivanhoe Cambridge, a real estate investment firm, relies on Expel to monitor the organization’s many security signals, including Microsoft Azure, Microsoft Defender for Endpoint and Office 365. “Expel built a platform that ingests alerts across our vast network, evaluates and weeds out millions of false positives, and then automates the investigative steps so Expel analysts can recommend the right next actions to our team. That’s what Expel does for us; their approach just makes sense,” said Patrick Gilbert, head of security at Ivanhoe Cambridge.

To learn more about Expel for Microsoft and whether this “easy” button for securing your Microsoft stack is right for you:

About Expel

Expel’s mission is to make great security as accessible as the internet. The company’s SOC-as-a-service capability offers 24×7 security monitoring and response for cloud, hybrid and on-premises environments. Expel uses the security signals customers already own so organizations can get more value from their existing security investments. And Expel connects to customer tech remotely through APIs, not agents, so its SOC can start monitoring a customer’s environment in a matter of hours, letting their internal teams get back to focusing on the most strategic security priorities that are unique to their business. Learn more at https://expel.com.


Kate Dreyer

Editor’s note: The following buzzwords were banned from this press release in no particular order: autonomous, market-leading, next-generation, military-grade intelligence, artificial intelligence, leveraging, powerful, platform, scalable, robust, changing threat landscape, end-to-end, actionable, real-time, machine learning, state-of-the-art, best-of-breed, elite, continuous and purpose-built. We did throw in an “optimize,” though. Whoops.

Resources home