Startups > Expel

Expel

Expel delivers 24/7 managed SOC services with complete operational transparency.
Series E $257.8M total Founded 2016 Herndon, Virginia
Expel is a 24/7 managed SOC (Security Operations Center) that monitors cloud, hybrid, and on-premises environments using its proprietary Expel Workbench platform paired with expert security analysts. Unlike traditional MSSPs, Expel operates with complete transparency—customers see the same interface and investigation details as Expel analysts, eliminating the black box. The company helps organizations stop cyberattacks faster by extracting maximum value from existing security investments through API-based integrations that deploy in hours, not weeks.
Problem solved
Organizations lack visibility into their outsourced SOC operations and struggle to investigate threats quickly across fragmented security tools without hiring expensive internal security teams.
Target customer
Mid-market to enterprise organizations with complex, cloud-native security tool stacks who prioritize transparency and want to maintain control over security operations decisions.
Website LinkedIn Crunchbase
Founders
D
Dave Merkel
CEO & Co-Founder
Former CTO at Mandiant (acquired by FireEye for $1B) and global CTO at FireEye; Air Force Special Agent in Office of Special Investigations.
J
Justin Bajko
Chief Strategy Officer & Co-Founder
Career-long MDR specialist who helped define industry best practices.
Y
Yanek Korff
Co-Founder
Funding history
Series A $7.5M September 2016 Led by Paladin Capital Group · Unknown
Series B $20M April 2018 Led by Scale Venture Partners · Battery Ventures, Greycroft, Lightbank, NEA, Paladin Capital Group, Profile Capital Management
Series C $40M June 2019 Led by Index Ventures · Greycroft, Battery Ventures, NEA, Paladin Capital Group, Scale Venture Partners
Series D $50M May 2020 Led by CapitalG · Unknown
Series E $140.3M November 2021 Led by CapitalG, Paladin Capital Group · Cisco Investments, March Capital, Index Ventures, Scale Venture Partners, Greycroft
Total raised: $257.8M
Industries
Cloud Security Cyber Security Network Security SaaS
Pricing
Custom-quoted based on environment scope and organization size. Positioned at the higher end of the MDR market, though pricing has become more competitive over the past 12 months. Contact for specific pricing.
Notable customers
Delta Air Lines, DoorDash, Esri, GreenSky, CDW, Hogan Lovells International, Better Holdco, Affirm
Integrations
API-based integrations with existing security tools; vendor-agnostic architecture supports cloud-native SIEM platforms and on-premises environments
Website
expel.io/
Competitors
Cybereason
Broader endpoint detection platform; Expel is more focused on transparent SOC outsourcing.
CyberArk
Specializes in identity and privilege access management; Expel focuses on MDR and threat detection.
Secureworks
Larger traditional MSSP with less operational transparency; Expel emphasizes customer visibility into analyst work.
Trustwave
Legacy MSSP model with less integration flexibility; Expel uses vendor-agnostic API approach.
Why this matters: Expel pioneered the transparent SOC model, fundamentally changing how enterprises evaluate and work with MDR providers by eliminating the black-box MSSP experience. With $257M+ in funding backed by Google Capital and enterprise momentum, Expel is reshaping MDR market expectations around operational visibility and vendor flexibility.
Best for: Enterprise and mid-market organizations already invested in cloud-native security stacks that need 24/7 monitoring with full operational transparency and minimal onboarding friction.
Use cases
Reducing Security Engineering Overhead
Security teams use Expel to offload routine threat triage and investigation, freeing engineers to focus on strategic security initiatives. Affirm reduced investigation volume by 50% and avoided hiring 2-3 additional security engineers by partnering with Expel.
Eliminating SOC Visibility Blind Spots
Organizations gain real-time visibility into analyst decisions, investigation methodology, and threat outcomes through the Expel Workbench interface. Customers see exactly what analysts are doing and why, eliminating the black-box MSSP experience.
Fast Deployment Across Complex Environments
Expel connects via APIs in hours rather than weeks, making it ideal for organizations with hybrid cloud/on-premises infrastructure or those running multiple SIEM platforms who need rapid threat monitoring coverage.
Alternatives
Secureworks Traditional MSSP with broader services but less emphasis on transparency and vendor flexibility; better for organizations needing managed services beyond MDR.
Cybereason Endpoint-focused detection platform requiring agent deployment; better for organizations prioritizing endpoint visibility over full environment transparency.
CrowdStrike Falcon Complete Single-vendor endpoint MDR with tighter integration but less flexibility; better for organizations standardized on CrowdStrike infrastructure.
FAQ
What does Expel do? +
Expel is a managed SOC service that provides 24/7 security monitoring, threat detection, and response across cloud, hybrid, and on-premises environments. It combines expert security analysts with a proprietary platform (Expel Workbench) and connects to customer infrastructure via APIs without requiring agents. Customers see the same interface and investigation details as Expel analysts, providing complete transparency into security operations.
How much does Expel cost? +
Expel uses custom pricing based on environment scope, organization size, and monitored assets. Pricing is positioned at the higher end of the MDR market, though rates have become more competitive recently. Contact Expel directly for a quote based on your specific environment.
What are the main alternatives to Expel? +
Secureworks (traditional MSSP with broader service offerings), Cybereason (endpoint-focused detection platform), and CrowdStrike Falcon Complete (vendor-specific endpoint MDR). Expel's strength is operational transparency and vendor-agnostic design, making it distinct from more closed or endpoint-only competitors.
Who uses Expel? +
Mid-market to enterprise organizations including Delta Air Lines, DoorDash, Affirm, Esri, and CDW. Ideal customers are those with complex security tool stacks who want transparent SOC operations, have already invested in cloud-native platforms, and prioritize visibility over cost optimization.
How does Expel compare to Secureworks? +
Expel emphasizes complete operational transparency—customers see analyst work in real-time. Secureworks operates more as a traditional MSSP with a black-box model and offers broader managed services beyond MDR. Expel is better for organizations prioritizing transparency and MDR specificity; Secureworks suits those needing comprehensive managed services.
How fast can Expel deploy? +
Expel deploys via APIs in hours rather than weeks, enabling rapid threat monitoring coverage without requiring agent installation. This speed is particularly valuable for organizations with hybrid or multi-cloud environments.
Tags
managed detection and response SOC threat detection incident response cloud security transparency cybersecurity operations