Expel

You could have the greatest thing since sliced bread but if you're not listening to your customers and meeting them where they are, then you're not providing any value. Dave Merkel lays out the approach he takes as a leader to create real customer value in this straight-shooting conversation with Michael Linton and Josh Linton on the Tech 2 Exec podcast: https://lnkd.in/gyAditqE

The MDR market is having a moment. And it's...a lot. 40+ "AI SOC" companies (and counting). Platform consolidation happening weekly. Vendors slapping "autonomous" on everything that moves. Meanwhile, security teams are just trying to figure out what they actually need. So we're talking about it. Join Expel's Rueben Rodriguez (VP of Product Marketing) and Justin Bajko (Chief Strategy Officer) for a frank conversation about what's really happening in MDR: ✅ The AI SOC explosion – can 40+ companies really solve a problem MDR wasn't already addressing? ✅ Why everyone's suddenly acquiring everyone (and what it means for you) ✅ Platform vs. best-of-breed: which way is the pendulum swinging now? ✅ Much more... Grab your popcorn 🍿 This isn't a product pitch. It's two people who've been in MDR for years, talking honestly about market dynamics that affect your security strategy.

Part two of our Quarterly Threat Report, Q3 2025, is live—and it's about malware that's been hiding as Potentially Unwanted Programs (PUP) for years. - BaoLoader hides backdoors in functional PDF editors, browsers, and manual finders. - TamperedChef is a recipe app with hidden characters that decode commands. - Calendromatic passes malicious instructions through calendar entries using homoglyphs. These apps do what they promise, which is why users don't suspect anything. Meanwhile, they're executing arbitrary commands, enumerating antivirus, and dropping additional files. We tracked BaoLoader through code-signing certificates across dozens of companies. It made up 13% of all commodity malware we identified this quarter. TamperedChef? 34,000+ downloads. Those backdoors create unquantified risk you can't ignore. Read our threat intel recap here: https://lnkd.in/gp39rhGP

Identity is the new perimeter (all security practitioners that use this phrase must take a shot—water, espresso, adult beverage—I don’t make the rules), and Expel’s latest Quarterly Threat Report for Q3 2025 continues to validate that. Here’s what you need to know. Out of all the incidents that our SOC investigated from July to September 2025, identity-based attacks made up 73.9% of them, up from 67.6% last quarter. It’s clear that attackers are prioritizing identity as a means to entry. But here’s the slightly better news for both our customers and other orgs: over the last three quarters, we’ve watched the percentage of successful attack attempts decline. In 54.9% of these incidents, threat actors were prevented from accessing the account due to various controls in place, meaning despite an increase in volume of attack attempts, initial attack success went down. Another important takeaway I need to highlight is just how different each attack surface is from one another. Attackers use stolen credentials to gain access to cloud-based services. Malware and compromising public-facing systems and applications dominate the endpoint/end-system surface. Misconfigurations tend to be common in the case of cloud infrastructure. So when you’re coming up with a defense strategy, you need to create one for each attack surface. One size does not fit all. This report covers real attacks against real orgs, not lab-generated hypotheticals or vendor fear-mongering (I promise). We analyzed incidents across hundreds of customers in different industries with wildly different security setups, so these patterns reflect what attackers are doing right now and what’s working to stop them. Our team built this from thousands of hours in the trenches. Read it, steal what’s useful, and let me know what you’re seeing out there—we can compare notes. https://lnkd.in/edXQVAvS 

AI in security isn't the question anymore. Everyone's using it. The real question is whether it's actually enabling your security program or just marketing fluff. 😶🌫️ Our CEO Dave Merkel breaks down what to ask before buying AI-enabled security services: • Does it integrate with your existing stack? • Does it provide actionable insights aligned to business risks? • Is there a human in the loop for auditable decisions? • What's the impact on team headcount and efficiency? AI alone isn't a differentiator. It's how it enables teams to achieve business goals. Get merk's full framework for evaluating AI-enabled security via Forbes: https://lnkd.in/gri5S4qS

Imagine searching for Microsoft Teams, seeing a text link at the top of the results, visiting it, and then getting hit with malware. That's the malvertising campaign that the Rhysida ransomware gang has been running. Expel Intel is tracking this campaign and sharing IOCs on GitHub. Read what we've uncovered so far via The Register: https://lnkd.in/gzRhJYJH

Identity attacks aren't slowing down, they're accelerating. Our Q3 2025 Quarterly Threat Report analyzed thousands of real incidents across customer environments. The data tells a clear story 📊 73.9% of all incidents were identity-based attacks. Up from 67.6% last quarter. But here's the positive trend buried in the numbers: 54.9% of identity attacks were stopped when compromised credentials were entered, meaning controls blocked access before account takeover occurred. That's up from previous quarters. Other patterns from Q3: • Manufacturing overtook financial services for highest incident volume • Healthcare saw disproportionate non-targeted malware activity • Pharma & chemical faced the highest proportion of identity attacks • Cloud infrastructure attacks remain low volume (1.1%) but increasingly diverse The attack surface matters. Attackers use stolen credentials for cloud services, traditional malware for endpoints, and exploit misconfigurations in cloud infrastructure. One defensive strategy doesn't cover all three. You need different plans for each surface. The bottom line: identity is the battleground. The customers seeing success with defending against identity attacks are the ones treating it as the primary battleground—with actual budget, priority, and controls that block attackers before compromise. Full Q3 data breakdown: https://lnkd.in/gU3yH8nh

The complimentary 2025 Gartner® Market Guide for MDR is out, and Expel is recognized as a Representative Vendor for the seventh consecutive year! This year's report shifts focus from "how many MDR vendors exist" to "what defines quality in MDR." Gartner shares insights on human-led detection, immediate mitigation response, and turnkey delivery—not just alert generation. At Expel, we believe we offer all of that (and more). 🎯 Gartner's take on AI? "MDR is a human-led service that engages daily with individual customer data, and has skills and expertise in threat monitoring. It is incomparable to position a technological solution against the dynamic innovation expected by consumers of a human-led service." We agree. Technology detects. Humans interpret. Read the full report: https://lnkd.in/gfWEzyXU

No better sight than this. 👓✨ One customer put it simply: "We completely cut out unnecessary alerts. If Expel flags something, we know it's worth reviewing. We're saving 10-15 hours every week." That's equal to 25% of their team's time back for work that actually matters. Cybersecurity is a team sport, and it's a game of inches, not yards. See how our customers built resilience with us backing them up: https://lnkd.in/g5MwEsB8

You’re chasing endless alerts, hunting threats, tuning tools (that promised to tune themselves), and fighting against your MDR vendor. If this sounds all too familiar to you, let's chat at Cybersecurity Summit. 👋 Talk security operations with people who've actually built and run them, and hear how we help organizations stop real attacks every day. We'll see you there. 📌 Houston, TX: https://lnkd.in/g2eZzxTZ 📌 Jacksonville, FL: https://lnkd.in/giPfBEu2