Expel
Vendor-neutral MDR founded by former Mandiant leaders, known for transparent operations and an API-only bring-your-own-tech model.
CompanyManaged Security Service ProvidersCloud
Pricing: Custom (contact sales)
Updated June 2026.
What is Expel?
Founded in May 2016 by ex-Mandiant/FireEye veterans Dave Merkel, Justin Bajko, and Yanek Korff, Expel takes a deliberate stance: no proprietary agent, full transparency into SOC activity via the Workbench portal, and integration with whatever security tools the customer already owns. The company reached unicorn status in November 2021 and was named a Leader in The Forrester Wave for MDR Services, Q1 2025. Independent and private.
Best for: Teams that already own a quality EDR/SIEM/cloud stack and want a transparent, vendor-neutral SOC layered on top
Pros
- ✓ Genuinely vendor-neutral: no Expel agent, integrates with existing EDR/SIEM/cloud stack
- ✓ Transparent operations via Workbench (customers see every analyst action in real time)
- ✓ Strong public commitments such as a 13-minute MTTR for critical threats
- ✓ Founding team's Mandiant lineage gives credibility in IR and detection engineering
Cons
- ✗ 'Bring your own tech' means customers must already own (and license) suitable EDR/SIEM/cloud tooling
- ✗ Premium pricing relative to bundled MSSP offerings
- ✗ Limited public pricing; sales-led
Key Features
→MDR across endpoint, cloud, SaaS, identity, Kubernetes, and network
→Managed SIEM
→Phishing investigation and response
→Threat hunting
→Auto-remediation / automated containment with customer approval
→Expel Intel threat intelligence
→24/7 SOC monitoring with named MTTR commitments
What People Are Saying
Real discussions and resources from the community.
Quick Info
| Pricing | Custom (contact sales) |
| Model | Subscription per integrated surface |
| Founded | 2016 |
| Cloud | Yes |
| Self-Hosted | No |
Last updated: Jun 2, 2026
Expel Alternatives
View All AlternativesArctic Wolf
Managed security operations platform with concierge-delivere...Critical Start
MDR provider built around its Trusted Behavior Registry and ...eSentire
Canadian MDR pioneer delivering 24/7 SOC services on the Atl...Red Canary (a Zscaler company)
MDR provider known for deep Microsoft Defender expertise and...Secureworks (a Sophos company)
Long-established MDR and XDR provider built around the Taegi...
Managed security operations platform with concierge-delivere...Critical Start
MDR provider built around its Trusted Behavior Registry and ...eSentire
Canadian MDR pioneer delivering 24/7 SOC services on the Atl...Red Canary (a Zscaler company)
MDR provider known for deep Microsoft Defender expertise and...Secureworks (a Sophos company)
Long-established MDR and XDR provider built around the Taegi...
Certifications
SOC 2 Type II