Expel for Microsoft automates safety operations throughout the Microsoft tech stack

Expel announced the launch of Expel for Microsoft. Expel for Microsoft automates security operations across the Microsoft tech stack, including Active Directory, AD Identity Protection, Azure, MCAS, Microsoft Defender for Endpoint, Office 365 and Sentinel. Expel connects via APIs and ingests security signals from Microsoft’s products into Expel Workbench, along with other third-party signals you have in place.

Expel then applies its own detection engine along with threat intelligence gathered from across its broad customer base to quickly find activity that doesn’t look right – like suspicious logins, data exfiltration, suspicious RDP activity or unusual inbox rules.

Specific context and business rules that are unique to your environment enhance these built-in detections as Expel’s detection engine learns what “normal” looks like for your organization.

“Many of our customers invest in Microsoft security tools, and at the end of the day they want to know which incidents they should care about and what to do about them,” said Matt Peters, chief product officer at Expel.

“Most security providers get you part way there – they take your Microsoft signals, comb through them and hand you back a list of alerts to investigate. At Expel, we ingest your signal, our tech filters it down to what might be interesting and our analysts review – based on what’s important to your org and what we’re seeing among our broader customer base – to determine if it requires your attention. We flag only what needs action from you, saving you the time and headaches associated with sifting through piles of alerts.”

With Expel for Microsoft, you’ll get:

  • 24×7 monitoring and response for Microsoft security signals: Expel monitors, detects and responds to alerts across all your Microsoft tech, as well as any third-party security tech you have in place (or plan to invest in).
  • Increased ROI from your Microsoft investments: Expel for Microsoft helps you optimize your current Microsoft security investments, along with those you make down the road.
  • Real-time collaboration with Expel on Teams: Expel makes use of the tools you use every day and the team will message you when something looks suspicious so you can fix it fast. Not a Teams player? Expel’s on Slack, too.

Expel customer Ivanhoe Cambridge, a real estate investment firm, relies on Expel to monitor the organization’s many security signals, including Microsoft Azure, Microsoft Defender for Endpoint and Office 365.

“Expel built a platform that ingests alerts across our vast network, evaluates and weeds out millions of false positives, and then automates the investigative steps so Expel analysts can recommend the right next actions to our team. That’s what Expel does for us; their approach just makes sense,” said Patrick Gilbert, head of security at Ivanhoe Cambridge.

Leave a Comment