The Expel Annual Threat Report is out now! We share the top trends identified by our SOC, how to detect these threats and protect your org, and what to watch for in 2024.
Get your copy:
#cybersecurity
#infosec
It’s a new day: we’ve secured $140.3 million in Series E funding, and with it, we’ve reached a valuation of over $1 billion.
Our founders
@davemerkel
,
@reefhack
, &
@justinbajko
share where we’re going, how we’re getting there, and what more we plan to do:
How to get started with the
#NIST
Cybersecurity Framework (CSF) -- We give you a quick tour of the NIST CSF framework and describe how you can baseline your efforts in a couple of hours. So check it out.
Yep, we secured a new round of funding. Here’s a look at where we’ve been, what we’ve learned and where we’re going on this journey (and a huge “thanks” to our supporters along the way).
#funding
#cybersecurity
It's official! Expel is a Leader in the 2021
@forrester
Wave: Managed Detection & Response, Q1 2021.
We're honored to receive the highest possible score in 14
#MDR
criteria, including "time to value" and "
@MITREattack
framework mapping & use"
So what's the difference between
#cybersecurity
vendor alerts and (cyber) threat hunting?
Take a moment (okay, ~5 minutes) to see (1) if threat hunting is right for your org and (2) what you would need to get started: cc
@MITREattack
Good news in unusual times --
We’re incredibly grateful and humbled to share that we’ve raised a new round of funding: a $50 million Series D investment led by CapitalG (
@capitalgtweets
)
We’re excited ┏(-_-)┛┗(-_- )┓┗(-_-)┛┏(-_-)┓ to offer these new services (Expel 24x7 for Endgame & Expel hunting for Endgame) in partnership with
@EndgameInc
to help orgs get the most out of their investment.
At
#RSAC
today Monty Python’s
@EricIdle
reminded the crowd that sometimes being “Stronger Together” requires teams to be “Stranger Together,“ 😜 noting that his unique brand of comedy wouldn’t have been authentic without...
It's one thing to say you're
#datadriven
, it's another to live by it.
That's how
@jhencinski
and the
#SOC
approach setting goals, creating strategy, and measuring success.
Read the first of our SOC efficiency and
#leadership
blog series:
#cybersecurity
How much does it cost to build a 24x7
#SOC
?
@reefhack
says understanding the true costs has a lot to do with the capability you’d like to field AND the people you need to hire.
Some real numbers (and options):
#MDR
#cybersecurity
#security
#secops
So:
What attack trends took center stage this past quarter?
Any new attack methods/tactics?
What % of incidents our
#SOC
observed were identity-based?
What can you watch out for in Q3?
It's all covered in our latest
#infosec
threat report:
@jhencinski
What hunting's not -- Looking at alerts coming from your endpoint detection and response (EDR) tool isn’t hunting. It’s alert management. And pretty much anything on this list () also isn’t hunting.
Read more >>
Hot off the press: Expel is a Leader in the
@forrester
Wave: Managed Detection & Response, Q2 2023 report! 🤯
We're honored to receive the highest possible scores across 16
#MDR
criteria, including Time to Value, Product Vision, and Market Approach ➡️
Newsflash! The
#NIST
Cybersecurity Framework was never intended to be something you could “do.” It’s supposed to be something you can “use.” But that’s often easier said than done.
@gdead
talks about how you can get started. Tools and full video:
Learn to Identify and prioritize “real” risks in the ☁️ cloud by seeing
@snyksec
and
@expel_io
during the
@SANSInstitute
2022 Solutions Forum June 14th:
.
@Fox0x01
’s keynote gave us a lot to think about this morning. Our main takeaway?
#AI
won't replace security pros, but skills requirements will shift. This is a chance for us to reinvent ourselves and our defenses to get ready for the next wave of challenges.
#BHUSA
#BlackHat2023
#DidYouKnow
over the past few months our
#SOC
team remediated 6+
#AWS
incidents?
We've captured our findings in this
#mindmap
showcasing a bad actor's potential attack paths. (deets + full-size download of this & our
@MITREattack
cheat sheet: )
@jhencinski
NIST has polished up their Cybersecurity Framework based on 1000s of orgs implementing it over the past 3 yrs. In case doing a “stare-and-compare” isn’t your idea of fun,
@gdead
, highlights 3 of the most significant (and practical) changes.
We were honored to take part in
@Nasdaq
's Closing Bell ceremonies yesterday in recognition of our (
#18
) spot on the
@Deloitte
#Fast500
!
Thank you,
@DeloitteUS
, for this invitation to formally celebrate/"ring in" this achievement.
(official announcement: )
A quick word of caution to
#LinkedIn
recruiters: watch out for
#malware
-laced resumes. 😬
Our
#SOC
walks thru how we spotted this kind of
#infosec
attack and its lifecycle (diagram below), and provide some remediation and resilience recommendations, too:
"We're focusing on the human side of the (
#cybersecurity
) equation here."
Off Script, Expel's new webcast series hosted by
@MugwumpJones
&
@jhencinski
, officially launches this Thursday!
Learn more about the series, & their first guest,
@jotunvillur
, at
Welcome to the board,
@flower_johanna
! 👋
We're so excited to welcome Johanna, who will bring outstanding leadership and support to the Expel Board of Directors.
Official announcement ⬇️ ⬇️ ⬇️
We get it. You get it. The right metrics are critical to
#SOC
success:
So how often should you be looking at them? And what do you do if a metric is heading in a wrong direction?
More
#WednesdayWisdom
from
@jhencinski
(plus a shout-out to
@datadoghq
) ⬇️
"[I]t’s been a blast. Seeing the initial vision of the company come to fruition is awesome ... Although I’m off to a new adventure and excited about the future, it’s safe to say I’ll miss Expel & its band of merry Expletives."
A message from
#CISO
@gdead
:
Truth 💣 from
@jhencinski
:
"A lot of
#SOC
burnout is the result of ineffective
#secops
management. A SOC can be a great place to work - but highly effective management is required!"
👀 ⬇️ examples of metrics we use to make our team AND customers happy.
If you’ve got an EDR tool that gives process-level insights give this technique () a shot. We think it’s a pretty straightforward and effective approach to find attacker activity when they’re still early in the attack lifecycle. Happy hunting.
Mondays are hard. Chasing down attackers in your Google Cloud Platform shouldn't be – That's why our
#SOC
team built a guide to MITRE ATT&CK in
#GCP
to help you identify potential attacks & quickly map them using lessons learned from our investigations:
6⃣ Block
@Microsoft
Office Macros
Macros are one of the most common ways attackers attempt to “trick” users into running malicious code that can be used to install malware. Check Trust Center Settings, adjust appropriately.
More info/deets: h/t
@tfornez
#ElectionDay
is an Expel holiday.
We want our crew to have the time and space needed to make their voices heard by exercising their right to
#vote
. (we even offer transportation if needed)
We’re proud to join
#TimeToVote
, and encourage everyone to participate in
#Election2020
.
As we set out to create Expel, we wanted to build something that would let CISOs everywhere stop playing a game of alert whack-a-mole on managing the risks unique to their business.
That feeling when ... you make
@Forbes
' "America's Best Startup Employers" list -- No. 44 out of 500 (and the only
#cybersecurity
company in the top 50)! 😃
We're pumped to be named to
@FortuneMagazine
's
@GPTW_US
Best Workplaces in Technology 2021 list!
See who joined us and how we made it at .
Thank you to our crew for all of their contributions leading to this recognition!
#GPTWcertified
#BestWorkplaces
Earlier today, we sharpened our (metaphorical) pencils for a
#DEI
chat w/ career & diversity/equity/
#inclusion
consultant Noelle Johnson on:
✅ The importance of
#diversity
& what it looks like
✅
#Equality
vs equity & how to speak out
✅ Getting comfortable w/ meaningful convos
Shamelessly corny (with our usual sarcasm). 😜Enjoy!
‘Twas the night before
#RSAC
, when all thro’ San Fran,
No attacker was stirring, not even Shodan.
The booths were all built, the swag was all there,
In hopes that the hordes would actually care ...
Security for the other 99 percent -- TL;DR: We got more money to keep doing the things we love doing. Click away to read
@davemerkel
rant a bit. (3 min read)
‼️ Emerging Threat ‼️
#BEC
attacks targeting access to systems like
#Workday
to commit payroll & direct deposit fraud.
Get details on the attack chain we’ve seen across multiple environments AND how to spot/prevent it.
@jhencinski
@RpughIII
#infosec
We hate to burst anyone's bubble, but a co-managed
#SIEM
isn't just something you can set and forget.
#CISO
@gdead
drops more truth bombs - separating fact from fiction - on the perceived benefits and value of implementing a SIEM:
#cybersecurity
#security
🆕 blog: what happens when an attacker steals a set of
@awscloud
access keys?
Get a step-by-step recap of this incident, incl. how our
#secops
powers combined (
#SOC
,
#threathunting
, & detection engineering teams) to keep our customer environment(s) safe:
Cybersecurity Operations Engineer in the Energy and Utilities Industry gives Expel Managed Detection and Response Services 5/5 Rating in Gartner Peer Insights Managed Detection and Response Services Market. Read the full review here:
#gartnerpeerinsights
Grab your snacks and dice (hats optional) and check out the new incident response tabletop role-playing game "Oh Noes! : an adventure through the cyberz" by our own
@gdead
and
@taumaniac
. Find the toolkit here:
Let's talk about
#MSBuild
:
- App Whitelisting bypass
- Execute arbitrary C# code on a system
- Even if an org is blocking custom binaries, most allow MS signed code
- Run code through MSBuild and have it execute
A few ways we saw MSBuild used for evil
@expel_io
in 2020:
What does it take to work for a
#SOC
?
@jhencinski
says it starts with a "passion for helping people."
From "embracing empathy" to "radical candor," see the traits
#infosec
analysts (and detection and response engineers) need in his op-ed for
@DarkReading
:
If "building my own
#SOC
" is part of your end-of-summer to-do list, you'll wanna take a peek at this resource.
Check out average tool/personnel costs, different types of SOCs, and more info to help you find the one that best fits your org's unique needs:
It’s a new day: we’ve secured $140.3 million in Series E funding, and with it, we’ve reached a valuation of over $1 billion.
Our founders
@davemerkel
,
@reefhack
, &
@justinbajko
share where we’re going, how we’re getting there, and what more we plan to do:
We have an awesome Lunch-n-Learn program
@expel_io
. Today, we shared ideas for growing our careers. Sometimes, inspiration and learning can be found in unexpected places.
#tomorrowstartstoday
We're proud to be a part of the awesome
#GPTWcertified
community (
@GPTW_US
)!
Visit to see why we believe in "Better When Different," why Expletives love our (their!) culture ... and if you're looking for a job with a mission that matches your skills.
Coming soon: Great eXpeltations, an annual report on the most important
#infosec
threats, what to do about 'em, and
#secops
predictions for the year ahead.
Get a sneak peak - and bit more about *why* we're doing the thing - in this video from
@davemerkel
.
A Beginner’s Guide to Getting Started in Cybersecurity -- One topic that seems to have piqued everyone’s interest lately is this question: is there such a thing as an entry-level security job? It’s a good one. >>
#infosecjobs
A barn ➡️ A whiteboard ➡️ An office ➡️ "Stay calm, make good decisions." ➡️ "Lock arms up the mountain." ➡️ 🦄🦄🦄
... It's been a journey.
If you want to know where we're going, what's next, and how we plan to leverage our new resources, read on:
On
#WomensEqualityDay
, we celebrate the strength & achievements of women throughout history, including those in our own org.
We've seen significant growth in ♀️ representation at
@expel_io
and remain dedicated to our values of diversity/equality/inclusion.
#DEI
#EqualityCantWait
Want to test your analysts’ detection skills in the cloud? Our very own Dan Whalen's got tips and tricks for building your own threat emulation exercise in AWS:
#cloudsecurity
Enough of the cats, dogs & chicken for a moment. We're brining you Sabrina (in the back) & Katrina > an adventure rat who snores! & loves to run up & down arms & shoulders. From time to time we find these girls joining a team video call with
@mjg5772
.
#petrats
#loveyourpetday
If you work in a
#SOC
, and you've worried about measuring the wrong thing, this 📽️ is for you.
@jhencinski
@MoreMorPlease
and our team talk about how to not just take things at face value, but ask the right questions of your
#cybersecurity
data. (🔗 )
Welcome aboard, Chief Revenue Officer
@jennylawrence2
& Chief Marketing Officer
@FiedlerKelly
!
Learn more about their experience/accomplishments, what they'll be up to at Expel, and their thoughts about joining our crew at an exciting time:
#CMO
#infosec
"To each & every SOC analyst, thank you ... I cannot wait to see what Expel the company, & the people that make it what it is, accomplish in the next 4 years."
More
#SOC
-iversary reflections/acknowledgments from
@RpughIII
:
@jhencinski
@The_Real_BenB
#TBT
Detection and response in cloud infrastructure is a relatively new frontier. Our team at Expel is attempting to bridge the gap between theory and practice.
Read more on the blog ➡️
#AWS
#security
#securityresearch
Buckle up twitterverse! Today we're gonna be hit'n you with shout outs to our behind the scenes team for national
#loveyourpetday
... like these two who celebrate
#thatcatlife
while our own Scott Thomas does his sales thing.
#twittertakeover
4 tell-tale signs you’ve lost control of your SIEM:
1. “The SIEM is down again!”
2.
3. You’ve created a SIEM-to-human language lexicon
4. Your analysts are doing the tasks you hired your SIEM to do
🎣 Expel for
#Phishing
🎣
Your one-stop-shop for suspicious email investigations, featuring:
📜 Detailed findings reports
⚕️ Recommendations & remediation actions
📊 Easy-to-understand metrics & trends
Give the gift of 🕑 back to your
#secops
team:
#MDR
"I couldn’t be prouder of our crew. When we started this journey, we set out to be unlike any other cybersecurity vendor ... we continue to push ourselves." (h/t
@davemerkel
)
We're doing some special things here. And we're
#hiring
.
Join us:
#InfoSecJobs
Expel announces $20 million in series B funding ... would you like to help manage our money? Now hiring -- Manager, Financial Operations. Check it out and apply -->
How are food 🌭and
#cybersecurity
🚨related? They’re not. But since
@reefhack
hasn’t eaten breakfast yet … you’re going to hear a little bit about both in this blog.