The Next Wave of Managed Security

Announcing our investment in Expel

With software now at the heart of every business, securing data and critical information has become one of the top challenges for businesses, but building a comprehensive security program is hard. There’s a massive shortage of cybersecurity professionals on the market. There’s an explosion of security vendors that offer ever-changing new approaches to managing and mitigating risk. There’s an increase in the number, sophistication, and damage of security breaches. We found one company that makes it just a little bit easier.

We are thrilled to announce our Series B investment in Expel, a Herndon, Virginia-based team that has built a transparent, managed security offering for enterprises. Expel helps their customers detect, analyze, and triage threats to combat potentially crippling data breaches and cybersecurity attacks and displace existing managed security service providers (MSSPs) and managed detection and response (MDRs) vendors.

A major challenge of implementing a comprehensive security program is operationalizing the disparate sources and mitigating controls for security threats. All but few very large companies have the internal resources or capital to develop their own security operations center (SOC) as a system of defense. SOCs are also notorious for their demanding work conditions, and amid around-the-clock staffing requirements and increasing workloads, frequent turnover is common. The market for experienced cyber security talent has never been tighter, and many companies struggle to keep pace.

It is for these reasons that an increasing number of businesses are relying on MSSPs or MDRs to monitor the health of their online properties and protect against cyber attacks. The market for managed security services has continued to grow at double-digit percentages year-over-year (2016-2017), and is expected to continue similar growth through 2021. Yet despite strong intrinsic growth, incumbent MSSPs and MDRs still leave a deep void in the market. Managed services have long been criticized for their inflexibility and lack of transparency, and customers often complain that the quality of tools and services being delivered are not well understood. While MDRs try to furnish a more collaborative approach than that of MSSPs, they are often locked in to specific security vendors and do not always provide SLAs that many companies require to satisfy compliance requirements.

Expel fills these gaps in the rapidly expanding managed security market. The team has created a workbench (made available to its customers) that provides clear visibility into the customer’s security operations, with real time situation reports that include alert, performance, and resilience analyses. Expel offers a rapid deployment model, and integrates with dozens of different security tools (e.g. endpoint, SIEM, network security, etc).. Because it is transparent, customers can watch investigations as they are unfolding and take action immediately -- all within a shared interface. The team has also created automation workflows that enable cross correlation, grouping, and enrichment of alerts, which taken together, streamline the team’s operations and strip out the overhead associated with most traditional MSSPs. By using these automation capabilities and massive streams of data, the team is able to proactively hunt for malicious activity within its customers’ environments and make recommendations to improve its customers’ security postures.

Expel’s leadership team is a group of managed security veterans with a deep fund of industry experience. Prior to forming Expel, Dave and the team were senior executives at Mandiant and later Fireye, where they established a deep understanding of the managed security market and all of its nuances. The team has collectively set up and operated more than a dozen security operations centers, and used that background to build a formidable competitor in the managed security market.

We are thrilled to partner with Dave and the rest of the Expel team for the next chapter of their journey, and we welcome them to the ScaleVP family.

Sam Baker contributed to this blog post.