Analyst Coverage: Fran Howarth
Expel is a security operations platform provider that offers managed detection and response (MDR) services that enable swift detection, understanding of the impact and remediation of threats throughout the extended network. It has its headquarters in Hendon, Virginia in the US and is currently focused on international expansion and is now active in the UK, Ireland, Sweden and the Netherlands. It is well funded and experiencing high levels of growth.
Expel takes a technology-agnostic approach, enabling customers to make the best of their existing investments as well as benefiting from the more than 100 integrations that it has in place that include major cloud providers, multiple endpoint security, network security and SaaS providers that include identity services, and major players in the SIEM vendors. It has been cloud-first for the past five years, but also caters to on-premises infrastructure.
Customers range from smaller firms with no security operations centre (SOC) to large enterprises with a fully staffed SOC. It aims to help organisations of all sizes to minimise their business risk, taking into account the business objectives and security strategies that each espouse. Its expert staff from its own SOC work on a 24×7 basis, responding to alerts and incidents that occur on behalf of its customers or alongside their own security operations personnel, helping to prioritise remediation efforts to focus on what is needed the most. The expertise and technology platform that Expel offers make sense of security signals from throughout the extended network to provide an integrated view of risk across an organisation’s IT estate.
Expel claims as differentiators the speed of its service and the high transparency that it offers. Customers gain access to the central portal and can keep an eye on the work that is being done in real time. Another differentiator is its use of bots for initial triage. It offers proactive threat hunting services, even for misconfigurations that can introduce vulnerabilities, and it has a managed phishing service available. Most recently, it has added a vulnerability prioritisation service. It has also added remediation for Microsoft, including Azure identity protection, which is especially attractive for mid-market firms, and can help organisations secure their DevOps needs by monitoring activity within containers.