Detection & Response

Managed detection and response (MDR).

Managed security that gives you what MSSPs promised … but didn’t deliver.

Detection

Proactive threat hunting We go find the attacks your products don’t alert on and which only a human can find
Advanced data analytics We spruce up your alerts with context from your business and from our experience
24x7 monitoring Yup, analysts in our SOC keep a constant eye on your business (they get free snacks too!)
Alert triage Triaging alerts and weeding out false positives is our bread and butter (one analyst is even CPR-certified)
Endpoint analysis API-integration to your EDR tools gives us alerts and lets us investigate as if we were in your office
Network analysis We take alerts from your network security tools (also via APIs); they also help us investigate
Log analysis We plug into your SIEM using APIs (see a pattern?) … not so much for alerts … but to investigate
Expel detection rules High fidelity alerts from Expel-curated rules can go beyond host and network detection

Response

Incident validation and notification One click gets you detailed analysis including answers to what happened, where, when, why and how
Remote response Our analysts investigate and give you detailed reports (written in plain English!) with clear actions
Containment and remediation We go as far as you want … from telling you what to do … to pushing the button to contain threats
Resilience recommendations We’ll give you detailed guidance on how to improve and get at the root cause of repeated incidents

How we work with you

Use your security tech We’ll use the security tools you already invested in, not make you buy ours (and we don’t sell tools)
See what our analysts see We like company, so you get to share the same view as our analysts via the Expel Workbench
Metrics, reporting and summaries We show you what we’re doing as we do it, and calculate metrics so you can hold us accountable
Direct interaction with analysts Talk live with our analysts any time via a dedicated Slack channel
Security device monitoring While we don’t patch and upgrade your tools, we make sure they’re configured right … and stay that way
Transparent pricing We love a good time, but playing pricing games isn’t our thing; our real prices are on our website