Security Outcomes

High fidelity, low volume alerts meet precision response and measured security posture improvements with CX Shield.

THE Resilience PLATFORM

Shield LABS

Security Outcomes Driven By Your Unique Business Risk

Prioritize risks based on their potential impact, align security understanding throughout the organization, and drive cost-effective security outcomes with CX Shield.

• Security outcomes tied to business objectives
• Improved vulnerability risk management
• Improved threat detection and incident response
  

DEDICATED SECURITY TALENT

 CX Shield partners with your SecOps team to drive unique security outcomes.

The Resilience Managed Security Platform is a leading-edge engagement window that brings together your team and  CX Shield experts to understand the unique threats and vulnerabilities that can impact your goals and objectives.

MAINTAIN YOUR DEFENSES

With  CX Shield Experts and our unique dynamic risk scoring engine, see alerts that matter.

Our framework enables advanced correlation and dynamic assignment of risk values to every alert. This unique  CX Shield approach results in an average 98% reduction in alert volume compared to traditional security providers while identifying 10 times more threats.

DEDICATED SECURITY TALENT

Combine automated response, customized playbooks, and your existing security tools.

With proper risk profiling and increased alert fidelity, you and your  CX Shield experts determine the right response at the right time to execute tailored response plans designed to contain threats faster with minimal disruption to your business.

DEDICATED SECURITY TALENT

The Security Index leads you to an improved security posture.

The path to cyber resilience is a journey of continuous improvement.  CX Shield  security index that adapts to your specific environment, guiding you towards an enhanced security posture. By tracking your score over time, you can monitor and demonstrate your progress and compare against industry peers.

WHY CX SHIELD

What are your biggest cloud security challenges?

The cloud brings tremendous benefits but equally complex cloud security challenges. Staying on top of multiple cloud environments (databases, policies, and best practices) can be complex, time consuming, and place a heavy burden on your team.

MAINTAIN YOUR DEFENSES

Optimize your cloud investment with  CX Shield

 CX Shield Managed Detection and Response for Cloud Infrastructure provides automated security operations across your cloud environments for faster incident detection and response.

• Accelerated cloud security operations Expel’s platform provides the people and technology that filters out noise and adds context to each cloud alert, so you know which cloud alerts matter most and can resolve them faster.
• Cloud expertise Let us bring our deep knowledge of Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP) and Kubernetes, and reduce your staff’s workload.
• Expel cloud detections We boost your cloud vendor detection capabilities with Expel-written detection rules, which detected 98% of the cloud incidents in our SOC.
• Out-of-the-box cloud detection and response strategy Don’t hold up your cloud migration because you need to design a detection and response strategy specific to your cloud on your own.
  

WHY CX SHIELD

What is auto remediation anyway?

In broad terms, it entails using tools capable of identifying and resolving cybersecurity concerns such as misconfigurations, threats, vulnerabilities, and the like, all without requiring human intervention.

DEDICATED SECURITY TALENT

Woah. Give up (some) control to automated remediation?

We get it. It’s smart to be cautious of a new approach. A lot of security practitioners who’ve purchased MDR services still want to maintain internal control of remediation steps. Why use Expel to auto remediate?

• Personalized to your org. You decide what resources we’ll remediate on your behalf.
• Stay protected. Coverage across all attack surfaces 24×7.
• Save time. Creates space and time to breathe during an incident.
• Focus on other initiatives. Creates space by automating repetitive tasks so your team can focus on other initiatives.
  

Peace of mind is nice. We tell you what to fix or fix it for you.

Remediation recommendations

provided when …

We don’t have access to the system

We’ll tell you what we find and give you actions to perform

We’re not able to perform the task based on tech

We’ll tell you what we find and give you actions to perform

Leverage automated remediation actions to …

Reduce your time to remediation

Automatically remediate incidents and block threats faster

Create space and time to breathe during an incident

Lessen workload for analysts

We can auto remediate repetitive tasks or alerts so your analysts can focus on other initiatives

WHY CX SHIELD

What can we auto remediate?

From business email compromise, to malicious files, to ransomware, we’ve got you covered. You tell us what you’d like us to remediate and which ones you’d prefer to handle.

With 24×7 coverage, you have the time to plan your next steps…even if that means waiting until Monday morning.

Our approach to automated remediation is personal to your organization and based on the frequency of threats seen in your environment. You’re in control of which users and endpoints you’d like us to immediately take offline after a compromise is confirmed. So you’re involved when you want to be. This means your team can focus on other security initiatives—without spending a ton of time on remediation

Host

containment

Host containment stops current connections and prevents new network connections on a specific host so that threats cannot spread through the network.

Available with:

On-Prem

Block

bad hashes

When our analysts identify hashes to block during an incident, we create a remediation action to add the hash on your “never block” list of files in your EDR.

Available with:

Phishing

On-prem

User account disablement

Similar to host containment, when a user’s activity isn’t normal, we’re able to automatically disable the compromised account.

Available with:

SaaS apps

Cloud infrastructure

Remove

malicious email

If a malicious email is identified from a phishing submission, we’ll automatically remove it from users’ inboxes (and move it to the trash).

Available with:

Phishing

Auto remediation

Reduce time to resolution but still control who, when, and why

24/7/365 SECURITY

Human-led, U.S.-based security experts understand your environment

 CX Shield goes beyond staff augmentation to deliver hybrid security that understands your environment and contributes to your response.

Unified Expertise

CX Defenders brings together threat researchers, elite responders, and security consultants to form a cohesive team dedicated to intelligence-driven cyber risk management.

Excellence in Action

Our commitment translates into delivering top-notch threat intelligence, swift incident response, and a transformative approach to security strategy, ensuring unparalleled protection for our clients.

Proactive Cyber Resilience

CX Defenders stands at the forefront of proactive cyber risk management, providing clients with the tools and strategies needed to navigate the evolving digital landscape with confidence and security.

Resilience Platform

PRODUCTS

ENDPOINT

CLOUD

NETWORK

INTERNET

MANAGED

Securing your Microsoft environment is challenging

Attempting to secure multiple attack surfaces within Microsoft (devices, cloud infra, identity, SaaS apps)

Overwhelmed sifting through large amounts of logs and alerts to identify what matters

Trying to keep up with a constantly changing and growing environment

Wanting to detect, investigate and respond to incidents quickly

WHY CX SHIELD

How does  CX Shield MDR protect your Microsoft environment?

 CX Shield is built with the cloud in mind to support you today and in the future. We understand the Microsoft environment. With so many tools out there, it can be tough to know where to start and what to look for. We apply our detection strategy for each of Microsoft’s top services, so the value from your investments is as clear as the sky is blue. (Did someone say Azure?) Here are just a few of the things we’ll do for you:

• Ingest logs and alerts from your Microsoft environment including O365 audit logs, Azure platform logs, Azure Log Analytics
• Correlate signals and use Microsoft-specific detections to identify anomalous activity, and/or incidents
• Alert and provide you with next steps (via Microsoft Teams if you use it) or auto-remediate for you
• Proactively analyze data to identity weak spots in your environment through threat hunting and suggest mitigation steps
  

WHY CX SHIELD

Protecting your SaaS apps is overwhelming

“Last year, the average number of SaaS apps used per organization stood at 80.” – Exploding Topics, August 2022

These applications house a ton of important data. And as your cloud environment grows and gets more complex, risk increases. Understanding your users’ behavior is critical in securing your SaaS apps. And you can’t assume what’s normal for one role is the same for another—it can change from app to app.

With an increasing number of SaaS apps, users, and access patterns, how can you keep up? How do you know who, what, where and how? We can help.

What are your organization’s SaaS protection challenges?

I want to understand my user’s behavior within my SaaS apps

I want to deal with malicious user activity quickly

I want to prioritize alerts based on key apps and users

I want recommendations to mitigate risk when it comes to my SaaS apps

 CX Shield customized detection and response for SaaS apps

We’ve got you covered when it comes to protecting SaaS apps. And we’ve done it a lot, with Google Workspace, Microsoft 365, Duo, Okta, Dropbox, OneLogin, Github, and Box, to name a few (and with more to come).

We alert on things unique to your business so that you know the first signs of abnormal user activity. Our detection and response strategy is built specifically for each app. Our analysts are trained on how to investigate incidents that originated from there—we look for suspicious user activity, network activity, authentications, file events, and process events. We’ll tell you when we spot risky behavior, investigate and provide you with next steps or we can auto-remediate for you (just say the word).

Alert-to-remediation in 21 minutes. You read that right.

Results. Not more alerts to handle.

WHY CX SHIELD

See  CX Shield SaaS protection in action

Our detection strategies are tailored for each SaaS app. For example, for Microsoft 365 we can apply our detection strategy to detect things like authentication from a suspicious country, authentication via Tor node, MFA bypass, Azure AD conditional access policy update, global admin access to Powershell, and many more. Need to map detections to MITRE ATT&CK tactics? We do that too! This custom strategy means you only get prioritized  CX Shield-treated alerts for the critical SaaS apps in your environment. This way, you, or we, can remediate quickly. Here’s some things you can expect when working with Expel:

• Reduce response times. Use automation for initial triage so our analyst can focus on spotting suspicious behavior.
• Boost visibility. Detections unique to each of your apps like Microsoft 365, Okta and Dropbox.
• Stop threats from spreading. When we identify a compromised user, we’ll automatically disable the account.
• Keep your people secure. Prioritize alerts based on key assets and users.
  

WHY CX SHIELD

Fast, Precise Response

Reduce MTTR to seconds with the automated rapid response across endpoint, network, and identity

Tailored to Your Business

Ensure consistency and completeness using tailored playbooks and existing tools

Exceptional ROI

Realize XDR-delivered outcomes at lower TCO compared to product based approaches

Why Active Response?

 CX Shield Active Response is the answer when traditional detection and response capabilities are not enough. An expanded attack surface increasingly in the cloud expands detection and response challenges. EDR is not enough.