Actu
Expel announced new MDR
May 2024 by Marc Jacob
Expel announced new MDR offerings to meet the varied needs of modern organisations, no matter where they are on their maturity journey. The expanded offerings deliver more flexible ways to adopt Expel technology and services, better addressing its growing partner and customer base’s unique use cases and security needs. The new, flexible offerings make it easier for more organisations to incorporate Expel’s award-winning MDR services into their security strategies, by meeting their current requirements and budgets while also providing the ability to scale over time.
Current Expel MDR customers will not experience any changes to their existing service at this time. They will be migrated to these new, more flexible offerings upon contract renewal starting in 2025. Customers can contact their account team with any questions in the meantime.
IDC recently named Expel a Leader in the 2024 IDC MarketScape for Worldwide Emerging Managed Detection and Response (MDR) Services. In its report, IDC urged organizations of all sizes, with or without established SOC operations, to consider Expel MDR when looking to outsource threat management.
Expel also announced that it’s expanding its automated remediation capabilities across both endpoint and cloud environments. These new response actions reduce the amount of time organizations are at risk from an attack, reducing mean-time-to-remediate (MTTR) and mean-time-to-contain (MTTC). They also help combat the widespread usage and growth of identity-based attacks, which accounted for 61% of all incidents our security operations center (SOC) identified in Q1 2024. The expanded capabilities include the ability to:
• Remove harmful files and registry keys
• Reset compromised cloud and Azure Active Directory credentials
• Disable compromised cloud keys
The new response capabilities are facilitated through existing automation and AI tools in Expel Workbench™, including Ruxie™, which facilitates communications between customers and Expel’s security operations center (SOC) team during incidents and in verifying actions. Expel customers can configure their accounts for these new automated response actions in Workbench. Once configured, the Expel SOC team Nremediates on their behalf whenever an attack is detected in the customer’s environment.
Expel is also expanding support for industry-leading security information and event management (SIEM) solutions with added reporting for Splunk Enterprise Security and Microsoft Sentinel. This added reporting provides customers with evaluations of their SIEM rules configurations to determine supportability and guide customers on which rules to implement to make their environments more secure. And Expel is broadening detection coverage for out-of-the-box rules for CrowdStrike Falcon Logscale and Splunk Enterprise Core.
Finally, Expel is also expanding coverage of its Expel Vulnerability Prioritiation service with a new integration for Qualys VMDR. Customers can now integrate their Qualys vulnerability information into Expel Workbench for fast analysis and prioritisation of their highest-risk vulnerabilities.
