Expel
Vendor-neutral MDR founded by former Mandiant leaders, known for transparent operations and an API-only bring-your-own-tech model.
Pricing: Custom (contact sales)
Reviewed by the CyberSecTool editorial team against the public sources cited below · Last reviewed June 2026 · How we review listings
What is Expel?
Founded in May 2016 by ex-Mandiant/FireEye veterans Dave Merkel, Justin Bajko, and Yanek Korff, Expel takes a deliberate stance: no proprietary agent, full transparency into SOC activity via the Workbench portal, and integration with whatever security tools the customer already owns. The company reached unicorn status in November 2021 and was named a Leader in The Forrester Wave for MDR Services, Q1 2025. Independent and private.
- ✓ Genuinely vendor-neutral: no Expel agent, integrates with existing EDR/SIEM/cloud stack
- ✓ Transparent operations via Workbench (customers see every analyst action in real time)
- ✓ Strong public commitments such as a 13-minute MTTR for critical threats
- ✓ Founding team's Mandiant lineage gives credibility in IR and detection engineering
- • 'Bring your own tech' means customers must already own (and license) suitable EDR/SIEM/cloud tooling
- • Premium pricing relative to bundled MSSP offerings
- • Limited public pricing; sales-led
Reported in public reviews and vendor documentation. See sources below.
Key Features
Are you Expel? Improve this listing with screenshots, case studies and more.
Sources & references
Where the information on this listing comes from. Always verify pricing and capabilities against the vendor before a purchasing decision.
Spot an error, or do you represent Expel? Request a correction.
Quick Info
| Pricing | Custom (contact sales) |
| Model | Subscription per integrated surface |
| Founded | 2016 |
| Cloud | Yes |
| Self-Hosted | No |
Last updated: Jun 2, 2026
Expel Alternatives
View All AlternativesManaged security operations platform with concierge-delivere...Critical Start
MDR provider built around its Trusted Behavior Registry and ...eSentire
Canadian MDR pioneer delivering 24/7 SOC services on the Atl...Red Canary (a Zscaler company)
MDR provider known for deep Microsoft Defender expertise and...Secureworks (a Sophos company)
Long-established MDR and XDR provider built around the Taegi...