Auto remediate
Reduce time to resolution but still control who, when, and why
Woah. Give up (some) control to automated remediation?
We get it. It’s smart to be cautious of a new approach. A lot of security practitioners who’ve purchased MDR services still want to maintain internal control of remediation steps. Why use Expel to auto remediate?
- Personalized to your org. You decide what resources we’ll remediate on your behalf.
- Stay protected. Coverage across all attack surfaces 24×7.
- Save time. Creates space and time to breathe during an incident.
- Focus on other initiatives. Creates space by automating repetitive tasks so your team can focus on other initiatives.
Why did we do it?
It all comes down to speed and latency. The faster you remediate, the better the outcome.
Peace of mind is nice. We tell you what to fix or fix it for you.
Remediation recommendations
provided when …
We don’t have access to the system
We’ll tell you what we find and give you actions to perform
We’re not able to perform the task based on tech
We’ll tell you what we find and give you actions to perform
Leverage automated remediation actions to …
Reduce your time to remediation
Manual remediation averages about 3.25 hours to fix. Auto remediation cuts this down to 6 minutes on average
Lessen workload for analysts
We can auto remediate repetitive tasks or alerts so your analysts can focus on other initiatives
What can we auto remediate?
From business email compromise, to malicious files, to ransomware, we’ve got you covered. You tell us what you’d like us to remediate and which ones you’d prefer to handle.
With 24×7 coverage, you have the time to plan your next steps…even if that means waiting until Monday morning.
Our approach to automated remediation is personal to your organization and based on the frequency of threats seen in your environment. You’re in control of which users and endpoints you’d like us to immediately take offline after a compromise is confirmed. So you’re involved when you want to be. This means your team can focus on other security initiatives—without spending a ton of time on remediation
Available with Expel
Host containment
Host containment stops current connections and prevents new network connections on a specific host so that threats cannot spread through the network.
Available with:
On-Prem
Block bad hashes
When our analysts identify hashes to block during an incident, we create a remediation action to add the hash on your “never block” list of files in your EDR.
Available with:
Phishing
On-prem
User account disablement
Similar to host containment, when a user’s activity isn’t normal, we’re able to automatically disable the compromised account.
Available with:
SaaS apps
Cloud infrastructure
Remove malicious email
If a malicious email is identified from a phishing submission, we’ll automatically remove it from users’ inboxes (and move it to the trash).
Available with:
Phishing
Related Resources
How Expel does remediation
Curious how Expel does remediation? Learn how our process works, what you can expect from our analysts during an investigation and what we’re adding next on our remediation roadmap.
Expel Quarterly Threat Report – Q2 2022
Intelligence on the most active attack vectors our SOC team observed. We translate the security events we detect into security strategies for your org.
