Expel vs Secureworks (a Sophos company)
Expel
Founded in May 2016 by ex-Mandiant/FireEye veterans Dave Merkel, Justin Bajko, and Yanek Korff, Expel takes a deliberate stance: no proprietary agent, full transparency into SOC activity via the Workbench portal, and integration with whatever security tools the customer already owns. The company reached unicorn status in November 2021 and was named a Leader in The Forrester Wave for MDR Services, Q1 2025. Independent and private.
Pros
- Genuinely vendor-neutral: no Expel agent, integrates with existing EDR/SIEM/cloud stack
- Transparent operations via Workbench (customers see every analyst action in real time)
- Strong public commitments such as a 13-minute MTTR for critical threats
- Founding team's Mandiant lineage gives credibility in IR and detection engineering
Cons
- 'Bring your own tech' means customers must already own (and license) suitable EDR/SIEM/cloud tooling
- Premium pricing relative to bundled MSSP offerings
- Limited public pricing; sales-led
Pricing: Custom (contact sales)
Secureworks (a Sophos company)
Secureworks pioneered the modern MSSP model and was majority-owned by Dell before its acquisition by Sophos in an $859M deal that closed February 2025. The Taegis platform (MDR, XDR, NDR, VDR, embedded SIEM) continues as a standalone, vendor-open product line within Sophos with native Sophos Endpoint integration. The Counter Threat Unit (CTU) remains a key differentiator.
Pros
- Counter Threat Unit is one of the longest-running in-house threat research teams
- Taegis remains vendor-open / BYO-EDR even post-Sophos
- Embedded SIEM removes the need for a separate Splunk-class deployment for many customers
- Deep history with regulated industries and global SOC footprint
Cons
- Ongoing integration risk following the Sophos acquisition
- Heritage SIEM/MSSP roots can mean a heavier deployment than newer cloud-native MDRs
- Limited public list pricing
Pricing: Custom (contact sales)