Expel – Security Operations Provider

Key to its security operations platform, Expel Workbench™, is the provision of managed detection and response (MDR) services, that are technology-agnostic, enabling organisations to make the best of investments they have already made, as well as sourcing other technology needs from Expel. To do this, Expel has more than 100 integrations in place with major cloud providers, multiple endpoint security, network security and SaaS providers that include provision of identity services, as well as major players in the SIEM market. This is backed up by access to expertise from Expel’s personnel, who can augment an organisation’s security team if the organisation has an existing security operations centre (SOC) or can help those without a SOC to gain access to the expertise that they need to keep their business safe. It provides its services to operations of all sizes.

In addition to MDR, Expel offers complementary services that include phishing protection, threat hunting and vulnerability prioritisation.

Customer Quotes

“The transparency means so much. There’s no haggling, no negotiations. We know exactly what Expel is doing and how they are doing it – so it’s clear to me and my technical team about exactly what we are getting for our money.”
Chief security officer, global software company

“Expel is a trusted partner and a key, critical piece of our security posture and security strategy at Insight Global.”
Jonathan Waldrop, Sr. Director, Cybersecurity

“We put an incredible amount of trust in Expel to go through all of the alerts we receive so we no longer have to worry at the end of every week about trying to track them down.”
Pat Lefler, Senior VP of risk and information security, FIA Tech

Mutable Award: Gold 2023

Expel gathers telemetry in the form of logs, activity flows and API callouts into its platform and correlates the information that it receives in order to efficiently analyse it to identify contextual information regarding activity that is being seen across the network, from on-premises implementations to the cloud. Its SOC is staffed 24×7, responding to alerts and incidents that occur, helping to prioritise remediation efforts on where they are needed the most. This provides an integrated view of risk across customers’ IT estates.

It offers services tailored to AWS, Google Cloud and Microsoft Azure implementations, including identity protection. For securing containers in DevOps environments, it helps organisations by monitoring activity in major Kubernetes environments.

One of the core principles at Expel is transparency and this is a key differentiator. Customers can log into the platform to watch ongoing investigations to see what Expel analysts are doing in real time and why, enabling customers to step in as remediation guidance is identified. They will see how improvements to their security posture are being made through detailed dashboards and can prevent recurring problems using information regarding what worked well with previous incidents. In short, customers can see exactly what the Expel analysts see.

Speed is critical in remediating security incidents and this is another key differentiator for Expel. It offers automated remediation for simpler tasks, including the use of its Josie and Ruxie bots for initial triage, and provides the choice of what tasks to ask Expel to do on the customer’s behalf. These greatly reduce the time taken for remediation. To improve detection, it uses the MITRE ATT&CK Framework to uncover the evolving tactics and techniques being used by attackers at each stage of the attack lifecycle. Combined with threat intelligence, even attack methods that were previously unknown can be uncovered.

The Bottom Line

Expel’s offerings are suited to the needs of organisations of any size, in any industry. It provides visibility and control over all parts of extended networks and tailors the expertise and advice given according to the specific business needs and environments of its customers. It is a true hands-on partner that will help any organisation to improve its resilience to security events so that they can get on with the business at hand.