Blog Archive
5 pro tips for detecting in AWS
Practical detection engineering advice for AWS environments — from CloudTrail tuning to the queries that surface real attacker behavior.
Read Article
Fog in the sky: logging & visibility issues in the cloud
Cloud environments present unique logging challenges that leave security teams flying blind. A look at the gaps attackers exploit and how to close them.
Read Article
How to navigate five common security challenges in a multi-cloud environment
Multi-cloud environments introduce visibility gaps, inconsistent controls, and complex identity sprawl. Here's how to tackle the five most common security challenges.
Read Article
Cutting Through the Noise: RIOT Enrichment Drives SOC Clarity
How RIOT enrichment helps SOC analysts distinguish signal from noise, reducing alert fatigue and improving investigation quality.
Read Article
How Expel goes detection sprinting in Google Cloud
A behind-the-scenes look at Expel's detection sprint methodology for Google Cloud — how we systematically build, test, and ship new detections at speed.
Read Article
Incident report: stolen AWS access keys
A post-mortem on how attackers used stolen AWS access keys, what they did once inside, and how to detect and respond to this class of incident.
Read Article