Expel is a managed detection and response security provider focused on helping organizations move faster from detection to action. The company combines 24×7 security operations with AI-assisted automation and analyst-led investigations delivered through Expel Workbench™. Its operating model is built to work with customers’ existing security stack rather than force a rip-and-replace approach, giving teams direct visibility into investigations, response activity, and recommendations as work happens.
Expel extends that foundation with managed SIEM, phishing detection and response, hypothesis-based threat hunting, and security data retention options. Its services are designed for cloud, endpoint, identity, email, SaaS, network, and SIEM environments, with a strong emphasis on transparent collaboration and cloud-first security operations.
Offerings, Capabilities, and Integrations
Expel centers its delivery on API-based integrations, shared workflows, and human-led decision-making supported by automation. Expel Workbench™ correlates telemetry across environments and gives customers a live operational view into investigations, while Ruxie™ accelerates evidence gathering, enrichment, prioritization, and selected response actions.
The company supports security operations across cloud control planes, workloads and Kubernetes, endpoints, identity systems, email, SaaS applications, networks, and SIEM environments. Expel integrates with a broad set of technologies across AWS, Microsoft, Google Cloud, CrowdStrike, Okta, Splunk, Sumo Logic, Microsoft Sentinel, Google SecOps, Slack, GitHub, and other commonly used platforms, helping customers keep their existing tools while adding managed coverage and response expertise.
Products and Services
- Expel Managed Detection and Response (MDR): Flagship 24×7 managed detection, investigation, and response service for cloud, hybrid, and on-premises environments that uses customers’ existing tools and Expel analysts to identify and remediate threats.
- Expel Managed SIEM: Co-managed SIEM service that brings Expel detection engineering into existing SIEM deployments, including Microsoft Sentinel and Splunk Enterprise Security, covering rule tuning, coverage assessment, pipeline health, and integration into Expel MDR workflows.
- Expel Phishing: Phishing detection and response service that integrates Microsoft 365 or Google Workspace with Expel Workbench™ so Expel can triage reported emails, investigate malicious content, and guide remediation.
- Expel Threat Hunting: Hypothesis-based threat hunting service that runs structured hunts across cloud, on-premises, and SaaS environments to uncover missed attacker activity, identify gaps, and share findings with customer teams.
- Expel Workbench™: Security operations platform that serves as the shared workspace for Expel analysts and customers, providing investigation visibility, correlation across tools, collaboration, and a full operational audit trail.
- Ruxie™: AI and automation engine that gathers evidence, enriches alerts, matches patterns, and supports response steps so analysts can focus on higher-confidence decisions and remediation guidance.
- Security Data Lake: Lower-cost security data storage offering paired with Expel MDR that helps customers retain logs for investigations and compliance, offload data from expensive SIEM storage, and expand into broader SIEM capabilities when needed.
Target Customers
Expel targets organizations that need 24×7 detection and response without replacing the tools they already own. It fits both security teams that want to extend a small or growing program and mature internal teams that need more analyst capacity, stronger detection engineering, or cloud-focused operational support.
The company is well aligned to organizations running complex environments across AWS, Microsoft, Google Cloud, SaaS, endpoint, identity, and SIEM platforms. Its customers span sectors such as software and SaaS, financial services, retail, healthcare, transportation and logistics, and travel, as well as organizations with phishing risk, compliance-driven log retention needs, or pressure to improve security outcomes without adding major operational overhead.
Cloud Integrations and Marketplace
- AWS Marketplace: Expel Managed Detection and Response is available through AWS Marketplace, supporting procurement of Expel’s MDR service for AWS and hybrid environments.
- Microsoft Azure Marketplace: Expel has marketplace presence for Microsoft environments through its Expel for Microsoft offering, aligned with coverage across Azure, Microsoft 365, Defender, Entra ID, and Sentinel use cases.
- Google Cloud Marketplace: Expel offers a solution through Google Cloud Marketplace and supports Google Cloud environments through direct integrations with Google Cloud, Google Kubernetes Engine, Google Workspace, and Google SecOps.
Key People
- Dave Merkel: Chief Executive Officer
- Yanek Korff: Chief Operating Officer
- Justin Bajko: Chief Strategy Officer
- Greg Notch: Chief Technology Officer
- Zach Blaine: Chief Financial Officer
- Scott Fuselier: Chief Revenue Officer
- Yonni Shelmerdine: Chief Product Officer
- Jessica Dodson: Chief Marketing Officer
Key Facts
- Headquarters: Herndon, Virginia, United States
- Employees: Approximately 477
- Annual Revenue: $100M+ annual recurring revenue
- Parent Company: None
- Subsidiaries: None
- Publicly Listed: No (privately held)
Analyst Recognitions
- Gartner: Representative Vendor in Gartner Market Guide for Managed Detection and Response Services, 2025.
- Forrester: Leader in The Forrester Wave: Managed Detection and Response Services, Q1 2025.
- IDC: Leader in IDC MarketScape: Worldwide Emerging Managed Detection and Response Services 2024 Vendor Assessment.
