qoside hunting

Proactively hunt for unexpected activity

(a.k.a. spotting the camouflage)

When you’re looking for attackers and the alarms didn’t go off, it can be difficult to know where to start. In addition to your MDR, you need a multi-layered security approach. With Expel Hunting, we pull data from your security tech, detect attacker activity, fill in your blind spots and tell you how to prevent them.

What you get:

Threat hunts performed by experienced analyst
Hunt techniques aligned to your unique risks
Clear guidance on what to improve
Hunting with the tools you’ve already invested in

Why hunting is more than looking for threats

Join Expel’s Matt Peters, Chief Product Officer, and Bryan Geraldo, Senior Detection and Response Engineer, to learn what we mean when we say hunting.

What we do

Tailor

We pick the hunt technique best suited to your unique risks, your security tech and activity we’ve observed in your environment.

Analyze

Our bots do the tedious work of collecting and enriching data, while our analysts use human judgement to dig into outliers and investigate.

Strengthen

We provide details of each hunting technique along with the data we collect, analyst insights and the final results of the hunt.

How it works

Every month, we pull data we’ve been collecting from your tech and create a hypothesis to determine the hunt. Bots then take on actions that can be automated (think data gathering and clustering) so our analysts can focus on things only a human can track.

Our analysts apply their expertise to investigate things that flew under the radar. We tell you when we find a threat and also share notable activity that looks “abnormal” (like activities a software performed that you and your team didn’t know about … not bad, but strange). And we provide a step-by-step guide on how to investigate.

What we look for

(The hunt is on)

Our techniques map to the MITRE ATT&CK framework with each hunt looking for tactics attackers use during specific stages of the attack lifecycle. We create a hypothesis and then look for activity where you would’ve expected alerts to be generated. The results also help fill gaps in your detection strategy.

Unwanted users
blending in

API calls that are truly
anonymous

IP Address activity to
help spot abnormalities

Misconfigured tools that
could be costing you
money

User activity to help
highlight best practices

Odd configurations
within your
infrastructure

Hunting techniques tailored to your tech

We’re constantly adding to our library of hunting techniques based on the most recent threat activity we see among our clients. Here’s a list of techniques to give you a sense of the things we look for.

Ready to talk to a human?

When you tell us you’re ready, we won’t waste your time. Let us know what you’re looking for and we’ll have someone get in touch who can talk tech.

First Name

Field is required!

Email Address

Field is required!

Job Title

Field is required!

Last Name

Field is required!

Phone Number

Field is required!

Company Name

Field is required!

Message

Field is required!

Talk To Us