Expel

Last Updated: 20th October 2023
Analyst Coverage: Fran Howarth

Expel is a security operations platform provider that offers managed detection and response (MDR) services that enable swift detection, understanding of the impact and remediation of threats throughout the extended network. It has its headquarters in Hendon, Virginia in the US and is currently focused on international expansion and is now active in the UK, Ireland, Sweden and the Netherlands. It is well funded and experiencing high levels of growth.

Expel takes a technology-agnostic approach, enabling customers to make the best of their existing investments as well as benefiting from the more than 100 integrations that it has in place that include major cloud providers, multiple endpoint security, network security and SaaS providers that include identity services, and major players in the SIEM vendors. It has been cloud-first for the past five years, but also caters to on-premises infrastructure.

Customers range from smaller firms with no security operations centre (SOC) to large enterprises with a fully staffed SOC. It aims to help organisations of all sizes to minimise their business risk, taking into account the business objectives and security strategies that each espouse. Its expert staff from its own SOC work on a 24×7 basis, responding to alerts and incidents that occur on behalf of its customers or alongside their own security operations personnel, helping to prioritise remediation efforts to focus on what is needed the most. The expertise and technology platform that Expel offers make sense of security signals from throughout the extended network to provide an integrated view of risk across an organisation’s IT estate.

Expel claims as differentiators the speed of its service and the high transparency that it offers. Customers gain access to the central portal and can keep an eye on the work that is being done in real time. Another differentiator is its use of bots for initial triage. It offers proactive threat hunting services, even for misconfigurations that can introduce vulnerabilities, and it has a managed phishing service available. Most recently, it has added a vulnerability prioritisation service. It has also added remediation for Microsoft, including Azure identity protection, which is especially attractive for mid-market firms, and can help organisations secure their DevOps needs by monitoring activity within containers.

Company Info

Headquarters: 12950 Worldgate Drive, Suite 200, Hendon, VA 20170, USA
Telephone: +1 844 397 3524

Expel – Security Operations Provider

Last Updated: 17th July 2023
Mutable Award: Gold 2023

What is it?

Fig 1 - Situation report

Key to its security operations platform, Expel Workbench™, is the provision of managed detection and response (MDR) services, that are technology-agnostic, enabling organisations to make the best of investments they have already made, as well as sourcing other technology needs from Expel. To do this, Expel has more than 100 integrations in place with major cloud providers, multiple endpoint security, network security and SaaS providers that include provision of identity services, as well as major players in the SIEM market. This is backed up by access to expertise from Expel’s personnel, who can augment an organisation’s security team if the organisation has an existing security operations centre (SOC) or can help those without a SOC to gain access to the expertise that they need to keep their business safe. It provides its services to operations of all sizes.

In addition to MDR, Expel offers complementary services that include phishing protection, threat hunting and vulnerability prioritisation.

Customer Quotes

“The transparency means so much. There’s no haggling, no negotiations. We know exactly what Expel is doing and how they are doing it – so it’s clear to me and my technical team about exactly what we are getting for our money.”
Chief security officer, global software company

“Expel is a trusted partner and a key, critical piece of our security posture and security strategy at Insight Global.”
Jonathan Waldrop, Sr. Director, Cybersecurity

“We put an incredible amount of trust in Expel to go through all of the alerts we receive so we no longer have to worry at the end of every week about trying to track them down.”
Pat Lefler, Senior VP of risk and information security, FIA Tech

What does it do?

Fig 2 - How expel works

Expel gathers telemetry in the form of logs, activity flows and API callouts into its platform and correlates the information that it receives in order to efficiently analyse it to identify contextual information regarding activity that is being seen across the network, from on-premises implementations to the cloud. Its SOC is staffed 24x7, responding to alerts and incidents that occur, helping to prioritise remediation efforts on where they are needed the most. This provides an integrated view of risk across customers’ IT estates.

It offers services tailored to AWS, Google Cloud and Microsoft Azure implementations, including identity protection. For securing containers in DevOps environments, it helps organisations by monitoring activity in major Kubernetes environments.

Why should you care?

One of the core principles at Expel is transparency and this is a key differentiator. Customers can log into the platform to watch ongoing investigations to see what Expel analysts are doing in real time and why, enabling customers to step in as remediation guidance is identified. They will see how improvements to their security posture are being made through detailed dashboards and can prevent recurring problems using information regarding what worked well with previous incidents. In short, customers can see exactly what the Expel analysts see.

Speed is critical in remediating security incidents and this is another key differentiator for Expel. It offers automated remediation for simpler tasks, including the use of its Josie and Ruxie bots for initial triage, and provides the choice of what tasks to ask Expel to do on the customer’s behalf. These greatly reduce the time taken for remediation. To improve detection, it uses the MITRE ATT&CK Framework to uncover the evolving tactics and techniques being used by attackers at each stage of the attack lifecycle. Combined with threat intelligence, even attack methods that were previously unknown can be uncovered.

The Bottom Line

Expel’s offerings are suited to the needs of organisations of any size, in any industry. It provides visibility and control over all parts of extended networks and tailors the expertise and advice given according to the specific business needs and environments of its customers. It is a true hands-on partner that will help any organisation to improve its resilience to security events so that they can get on with the business at hand.

Mutable Award: Gold 2023