If you’re in security, you may be confused by the complexity of managed security products or drowning in their endless alerts. Or, perhaps you’re in an organization challenged with hiring talent and sourcing technology to prioritize those alerts and manage the risk.
A security talent gap has been on the minds of many CISOs for years – it’s a worldwide problem that pervades all security technologies.
So, when I first met the Expel team back in late 2019, I was immediately impressed by their product- and security operations center (SOC)-centric mindset in an industry dominated by manual, consultant-driven playbooks.
While other managed security architectures demand a high people quotient, Expel is vested in “creating space” for existing talent – which means using technology to automate and simplify security so that security teams can focus on more high-priority items.
Today, I’m truly stoked to announce that Cisco Investments has joined CapitalG, March Capital, Greycroft, Index Ventures, Paladin Capital Group and Scale Venture Partners in Expel’s Series E round.
Recently, I sat down with Co-Founder and CEO David Merkel, or “Merk” as he’s better known, to discuss how Expel has captured the leading role in the Managed Detection and Response (MDR) sector and what’s next on the horizon.
Transforming Talent Through Technology
Before they founded Expel in 2016, Merk, COO Yanek Korff and VP Strategy and Business Development Justin Bajko were pivotal in establishing the gold standard for incident response at Mandiant. Solving hard problems and making mistakes together at Mandiant helped the team set the foundation for their new venture.
But it wasn’t until Merk read a tweet in 2015 by Digital Shadows CISO Rick Holland that he identified a business worth disrupting. Holland had proclaimed that Managed Security Service Providers (MSSP) customers had to endure “the customer service equivalent of taxi drivers.” Merk knew they could do better.
“The funny thing is, I don’t really like security vendors – and a lot of that has to do with how they market their products,” Merk says. “Security tends to be very fear-based versus value-based. So with Expel, we knew we had a chance to do something radically different. When technology is done right, it can do so much of the heavy-lifting for your people.”
Knowing that talent is on the minds of every industry CISO, the founders focused on humanizing security and letting technology help security teams optimize their talent with scalable efficiency.
“We didn’t come in trying to sell customers with, ‘You don’t need humans.’ Instead, we focused on how we can help their teams produce high quality at scale,” Merk says. “Instead of hiring dozens more analysts and having your quality disappear, we’re focusing on how we can take that small number of analysts and massively magnify their output with technology.”
Through its core Workbench TM offering, Expel is able to hook into customers’ security infrastructure and significantly automate security operations. The data gathered on the platform — both about how their customers behave as well as their own security analysts — offers an amazing level of operational maturity that has created a ready pipeline for future innovation.
In the five years since Expel’s founding, the company has seen exponential growth in customer traction with industry leading NPS. So, when Forrester Wave’s Managed Detection and Response report named Expel a breakaway leader in a space crowded with entrenched competitors, it was essentially preordained.
Cloud-Native, Accessible and Transparent
The beauty of Expel is it doesn’t matter where the customer is in their cloud journey. Whether a startup, a highly mature company, or a hybrid with some on-prem infrastructure, Expel is cloud-agnostic, working seamlessly across GCP, AWS and Azure, bringing value to the table on day one.
The product gets deep into cloud workloads and extracts telemetry for high-fidelity detection and accelerates response with automation. Unlike the on-premise and endpoint security market, where detection technology is well established, the cloud initially posed a significant opportunity for Expel, which stood alone in this new frontier. The team heavily invested in event processing for the types of things that come out of Azure, GCP and AWS, like CloudTrail and GuardDuty.
“Ninety-eight percent of the incidents we find in customer cloud environments is because of our detection technology being added onto their existing data. These are things the customer would have missed otherwise,” says Merk.
Another point of distinction is the brand’s focus on making security accessible. “No one should have to lower their expectations when it comes to security and providing protection across technology,” he says.
And while the company’s approach is all about accessibility — making security as simple and ubiquitous as the internet — it’s also about transparency. Rather than hiding “a bunch of stuff in jargon,” Merk says they prefer to educate their customers.
What’s Next on the Horizon for Expel
As a company that shares many of the same philosophies, Cisco is excited to invest in Expel. We are also committed to simplifying and humanizing security, knowing it’s essential to deployment.
With Expel already supporting the vast majority of our security portfolio, in the future, we look forward to further opportunities to collaborate and enhance.
As the next move on the roadmap, Merk sees Expel moving further up the stack to the “money-making custom applications.”
“We see opportunities for us to connect further up at the application layer and get the customer what they need in what would traditionally be viewed as a very custom sort of thing,” says Merk.
Although Expel is breaking out in security operations MDR, the potential adjacencies are far and wide. “There’s just so many problems that are not well solved that, actually, if you look at them the right way, we can make them fit through the optimization layer of our platform and dramatically reduce the required time and energy customers have to spend on them,” Merk notes.
When the Expel team talks about their vision to make security as accessible as the internet, it’s a philosophy that begins at home with Expel’s own workforce. People often ask Merk how he gets the expert talent that he needs. It’s simple. Expel creates them.
“I have a level of service where I can take a non-security person and convert them into an effective operator on Workbench, providing part of our service in a few weeks. And then I can move that person into our actual SOC doing everything that we do today in probably a few months. Everywhere we can think about making security accessible, even if that means our own ability to make security careers accessible to those outside the industry and deliver to our customers, it’s part of our identity. It’s who we are.”