Expel Intel launches to deliver actionable threat intelligence insights

Expel has launched Expel Intel, a formalisation and acceleration of its threat intelligence function into a dedicated research team and programme, with the intention of providing actionable defence strategies from real-world cybersecurity incident data.

Expel Intel is designed as a strategic resource, turning operational intelligence into practical recommendations that security operations centres (SOCs) can use to improve response and mitigate threats. The programme is also expected to provide transparent analysis, insights, and community contributions to raise standards across the industry.

Focus on action

According to Expel, its intelligence team will prioritise findings that originate from direct operational experience with customers. The aim is to move beyond the typical industry practice of delivering abstract or theoretical threat data, and instead offer actionable advice that can be readily implemented by security teams.

Greg Notch, Chief Security Officer at Expel, said, "The security industry is drowning in threat feeds that sound impressive but don't actually help you stop attacks. This evolution builds on Expel's established foundation of integrating actionable threat intelligence into daily operations. Expel Intel delivers the critical context that turns signals into decisions, helping our customers focus their energy where it counts."

The company has stated that its approach is rooted in an understanding that intelligence without corresponding action is simply an expense, not a benefit. By focusing on intelligence derived from actual incidents, analysts are provided with context and tools intended to enhance their performance and, consequently, customer outcomes.

Collaboration with Marcus Hutchins

As part of the new initiative, Expel has announced a close working relationship with Marcus Hutchins, known worldwide for his role in halting the spread of the WannaCry ransomware attack. Hutchins will contribute expertise in malware analysis, reverse engineering, and threat hunting, supporting Expel's broader ambitions to improve the accessibility and effectiveness of cybersecurity defences.

"Marcus embodies the diverse experience and insatiable curiosity that drives world-class security professionals," said James Shank, Director, Threat Operations at Expel. "His unique background-from understanding how threats are created to becoming one of the world's leading defenders against them-gives our customers and the community insights you simply can't get from academic research or vendor marketing."

In his own statement, Hutchins explained his approach to threat intelligence, stating, "Cybersecurity is a fluid and fast-evolving field. Having seen the threat landscape from many different perspectives, I find that the most effective defence comes from understanding the capabilities, intentions, and evolution of different threat actors. It's not just about looking at what they're doing today, but their current trajectories and how they may pivot in the near future."

Programmeme delivery

Through Expel Intel, the team will provide transparent, operationally relevant analysis that can inform decision making for SOCs. The programme also aims to share community-oriented resources and deliver customer-focused insights intended to directly improve security posture and reduce risks for organisations.

Expel's enhanced team, which includes analysts with substantial operational experience, will now focus on converting SOC observations and real-world incidents into protection strategies. With Hutchins' involvement, Expel believes its team's capabilities to proactively identify and respond to evolving threats will be further strengthened.

Expel Intel has pledged to emphasise actionable recommendations, providing security teams with the means to implement defences and protections as soon as threats are identified in the field.