Videos · Marketing Admin · TAGS: MDR
A live demonstration of Expel’s streamlined MDR onboarding process, showing how customers can integrate multiple security tools and begin monitoring in minutes, not weeks.
Featuring:
- Paul Lawrence, Global Solutions Architect, Expel
Executive summary
In this live demonstration, Expel’s Global Solutions Architect Paul Lawrence showcases the company’s self-service MDR onboarding process by integrating three different attack surfaces in real-time: AWS CloudTrail (cloud infrastructure), CrowdStrike (endpoint detection), and Microsoft Office 365 (SaaS applications). The entire onboarding process, from initial setup to active signal ingestion, completed in under seven minutes—demonstrating how organizations can rapidly deploy comprehensive managed detection and response capabilities without lengthy implementation delays.
The challenge of traditional MDR onboarding
Traditional MDR onboarding processes often involve weeks or months of complex configurations, professional services engagements, and back-and-forth communications between vendors and customers. Many prospects find it hard to believe that comprehensive MDR onboarding can be completed in a single day, let alone in minutes.
Expel’s approach prioritizes self-service capabilities, allowing customers to quickly integrate their existing security tools through intuitive wizards and automated processes. This demonstration proves that rapid MDR onboarding isn’t just marketing—it’s a practical reality that organizations can achieve immediately.
Live MDR onboarding demonstration: Three attack surfaces in seven minutes
Paul Lawrence: Today I’m going to walk you through the onboarding process as if I were a customer in the Expel Workbench platform. We’ve invested significant time and effort into making MDR onboarding as self-service as possible. Instead of just talking about how easy it is, I’ll show you the actual process of onboarding three different attack surfaces.
We’ll integrate AWS from the cloud infrastructure side, CrowdStrike from the EDR side, and Office 365 from the SaaS application side. I have a stopwatch running during the entire process so you can see this is happening in real-time.
AWS CloudTrail integration (Cloud infrastructure)
Starting with the AWS CloudTrail integration, I’ll use the quick radio button wizard to deploy via CloudFormation. The process requires my AWS account ID, and then I’ll acknowledge the stack creation and let it run in the background.
The beauty of this approach is that while CloudFormation is deploying the necessary infrastructure, I can simultaneously work on other integrations rather than waiting for each step to complete sequentially.
CrowdStrike integration (Endpoint detection and response)
While the AWS integration runs in the background, I’ll onboard CrowdStrike by jumping into the CrowdStrike console to generate the required API keys. The integration needs access to alerts, detections, host information, and incidents to provide comprehensive endpoint visibility.
The process involves:
- Creating API credentials with appropriate permissions
- Entering the client ID and client secret into Expel Workbench
- Verifying the connection goes healthy
This integration becomes healthy almost immediately after entering the credentials, showing how quickly Expel can establish connections with existing security tools.
Microsoft Office 365 integration (SaaS applications)
For the Office 365 integration, I’ll go through another wizard that requires consent to the Expel application. The process needs my tenant ID, which I can grab directly from the Microsoft admin portal.
Like the other integrations, this follows a simple wizard format:
- Consent to the Expel application
- Enter the tenant ID
- Complete the wizard
- Verify healthy connection status
Results: Complete MDR onboarding in under 5 minutes
By the three-minute mark, two of the three integrations are already healthy and actively connected. The AWS CloudTrail integration completes by the four-minute mark, giving us all three attack surfaces fully integrated and operational.
But MDR onboarding isn’t just about establishing connections—it’s about actively monitoring and detecting threats. To demonstrate this, I’ll generate some test activity to show that Expel is already ingesting and analyzing security signals.
From connection to active monitoring
The true test of successful MDR onboarding isn’t just healthy connections—it’s active threat detection and response capabilities. Within seven minutes of starting the integration process, Expel Workbench was already ingesting and analyzing security signals from the integrated platforms.
This rapid transition from setup to operational monitoring represents a fundamental shift in how organizations can approach managed detection and response. Rather than waiting weeks for professional services teams to configure complex integrations, customers can achieve operational security monitoring in minutes.
Key advantages of Expel’s MDR onboarding approach
Self-service efficiency
The wizard-driven approach eliminates the need for extensive technical expertise or professional services engagement. Customers can complete integrations independently using intuitive interfaces that guide them through each step.
Parallel processing capabilities
Rather than requiring sequential integration steps, Expel’s platform allows multiple integrations to proceed simultaneously. This parallel approach significantly reduces total onboarding time.
Immediate operational value
Unlike traditional implementations that require extensive testing and validation phases, Expel begins monitoring and analyzing security signals immediately upon successful integration.
Comprehensive attack surface coverage
The demonstration showed integration across three critical attack surfaces—cloud infrastructure, endpoints, and SaaS applications—providing holistic security visibility from day one.
The impact on security operations
This rapid MDR onboarding capability addresses several critical challenges facing security teams:
Time to value: Organizations begin receiving security monitoring benefits within minutes rather than weeks or months of engagement.
Resource efficiency: IT and security teams don’t need to dedicate extensive time to integration projects, allowing them to focus on other priorities.
Coverage gaps: The ability to quickly add new attack surfaces means organizations can rapidly address security blind spots as they’re identified.
Scalability: As organizations adopt new technologies or expand their infrastructure, they can quickly extend their MDR coverage to maintain comprehensive protection.
Technical implementation insights
The demonstration highlighted several technical approaches that enable rapid MDR onboarding:
API-first architecture: All integrations leverage robust APIs that provide immediate access to security telemetry without complex agent deployments or network modifications.
Automated provisioning: CloudFormation templates and similar automation tools handle the technical complexity of creating necessary access permissions and configurations.
Real-time validation: The platform provides immediate feedback on integration health, allowing customers to quickly identify and resolve any configuration issues.
Standardized workflows: Consistent wizard interfaces across different technology integrations reduce the learning curve and potential for errors.
Beyond the demonstration: Real-world implications
While this demonstration focused on three common integrations, Expel’s platform supports over 130 different security tools and technologies. This extensive integration library means organizations can typically onboard their existing security stack without requiring new tool purchases or major infrastructure changes.
The self-service MDR onboarding approach also supports hybrid and multi-cloud environments, allowing organizations to maintain comprehensive security coverage as they expand across different platforms and providers.
Getting started with MDR onboarding
Organizations interested in experiencing similar rapid MDR onboarding can begin by inventorying their current security tools and identifying integration priorities. Expel’s platform provides clear documentation and support for each supported integration, making it easy to plan and execute comprehensive onboarding strategies.
The demonstration proves that effective MDR onboarding doesn’t require complex professional services engagements or lengthy implementation timelines. With the right platform approach, organizations can achieve operational security monitoring in minutes while maintaining the flexibility to expand coverage as their needs evolve.
Additional resources
- Learn more about Expel’s managed detection and response services
- Explore Expel’s 130+ security tool integrations
- Read about Expel’s approach to cloud security
- Discover Expel’s identity threat detection capabilities
- Check out Expel’s Annual Threat Report for the latest security insights
This transcript demonstrates Expel’s commitment to making enterprise-grade managed detection and response accessible and efficient for organizations of all sizes.
To learn more about rapid MDR onboarding and see a personalized demonstration, visit expel.com.