Customer videos · Cole Finch · TAGS: About Expel
Jim Craig emphasizes the significant improvements brought by partnering with Expel, including streamlined operations, effective onboarding, and enhanced reporting capabilities. Jim describes how close collaboration with Expel’s SOC team has transformed their approach to cybersecurity, allowing for better focus and organization in managing security events.
Customer interview transcript
A candid conversation with Jim Craig, Cyber Security Engineer at McPherson Oil, about transforming security operations with managed threat detection and response services.
Company: McPherson Oil (350 employees, 9 locations across the Southeast)
Interviewee: Jim Craig, Cyber Security Engineer
Hi, my name is Jim Craig. I run the cybersecurity operations here at McPherson Oil. We have about 350 employees. Our main headquarters is in Trussville, Alabama, but we have nine locations throughout the Southeast. We are an oil transport company. Primarily, we’re one of the largest distributors for Mobil 1 in the Southeast.
The challenge with previous managed threat detection solutions
The largest issue we had to start off with was communication between our security company and us, and trying to understand what alerts we needed to look at and what alerts we needed to disregard—what were benign. The biggest issue was just the amount of time we would spend looking at a lot of these things, and then it turned out to be nothing, or just time wasters in general.
Why we chose Expel’s managed threat detection and response
The biggest difference between Expel and many of the other managed detection and response tools we looked at was the insight we had into what was going on in our environment. It allows us to centralize all our tools in a way that I can look in one place and see what’s going on in those tools. There’s also the ability for that tool to feed directly through APIs, which is something that many MDRs do, but I’ve not quite seen them move as fast, so they’re seeing real-time data in most all our tools.
What Expel has done is taken over a dozen tools and allowed us to cut that in half, along with looking and seeing what areas we’re lacking in.
Seamless managed threat detection onboarding experience
The onboarding experience was surprisingly smooth and easy. It shocked me. It was only 25 minutes. The engineering team that worked with us was very capable, very communicative, and loaded up all the different tools we had very quickly.
There was one tool that took a little bit longer—it was with another company—and their engineering team actually went out and directly contacted them, and they worked out how to get that integrated. So that was very impressive to me and our team, and gave us a lot of faith in how things would be moving forward with them.
The biggest benefits of managed detection and response
The biggest benefit is peace of mind and being able to take the data that’s coming in to Expel and be able to present it up in a way that somebody who’s not so technical, but has the business mindset, can say, “Here’s some numbers showing what has been stopped.”
First year, we had over 93 million events that happened that filtered through the Expel system. That is an insight that with a couple other companies, we maybe get a score, and with that score, you’d have to figure out how that score was broken down. And in order to do that, you’d have to create a ticket. With Expel, right there, I’m able to pull a report, I’m able to send that up to C-level management, and they can read it and understand it like anybody could. It’s incredible.
They also have the ability for us to dig down deeper. So as a technical person, you could dig down and see exactly what made that score, what were those events, what actually was happening, what tool fed in and gave us all that insight. It allows you to see at a 30,000-foot view and then down to a more technical engineering level.
How managed threat detection improved our team focus
The biggest struggle with a small team is organization and where to focus your little bit of time you have. Before, it was kind of a whack-a-mole situation where something would come up, so you’d work on that until the next thing came along. What ended up happening is you had a lot of things that weren’t getting done.
With Expel, we’re able to focus that a lot better. It’s taken an incredible amount of work off our plates to where we can send triages over to Expel, and they do a fantastic job of giving us: “Okay, this was benign. This is something that you guys need to take this piece of action on to make sure that doesn’t happen again.”
So I would say before we were kind of stagnant, jumping around disorganized. This gives us a lot of focus.
The unexpected benefit: Direct communication with the SOC team
I’m smiling right now because one of the things we didn’t expect that was surprising to us was the Slack channel—the ability to communicate directly with the Expel SOC team. They’ve become almost an extension to our team in triaging events and investigations. It has turned out to be an incredible benefit of Expel. That’s something that I haven’t seen anywhere else.
Quantifying the managed detection and response impact
Let me give you an example. Before, in one particular month, I remember there were 16 alerts generated from a previous MDR tool we used. Of those 16 events that happened, it created 16 tasks for me.
With Expel, the first month, I believe we had over 17 events happen. And of those 17 events, I believe I had to do two things. Of those 93 million events we had to work with them on, I think that’s very impressive.
Professional approach to managed threat detection
The way they handle things is very professional. If someone can’t figure it out, they will admit that, and they’ll move it up, and they’ll get somebody who can. And that is impressive. It’s not about being right—it’s about, “Let’s figure this out. Let’s work collaboratively and solve the problem,” and their team does that outstandingly.
Key takeaways from McPherson Oil’s managed detection and response success
- 93 million security events processed in first year
- Tool consolidation: Reduced from dozen+ tools to half
- Alert efficiency: 17 events → only 2 actionable tasks
- 25-minute onboarding process
- Real-time API integrations with existing security stack
- Direct SOC communication via Slack integration
Ready to transform your security operations like McPherson Oil? Learn more about Expel’s managed detection and response services and discover how we can help reduce alert fatigue while improving your security posture.
This transcript has been edited for clarity and readability. For more cybersecurity insights and managed detection and response resources, visit expel.com and follow us on social media.
For more testimonials from Expel’s customer base, visit expel.com/customers or see our customer video playlist on YouTube.
