U.S. Managed Security Firm Expel Lands In EMEA

U.S. managed security firm Expel has landed in Europe, the Middle East and Africa (EMEA).

Headquartered in Herndon, Virginia, Expel offers managed detection and response (MDR), phishing support, threat hunting and remediation.

The firm said 100% of sales will go through channel partners across the region. This diverges from its U.S. go-to-market strategy, said Chris Waynforth, general manager & VP of Expel’s international business.

Expel’s Chris Waynforth

“We’re approaching the market a bit differently in EMEA than we do in the U.S.,” he said. “We’re employing a channel-first approach in EMEA, in contrast to the U.S., where we go to market with a mix of direct and channel-driven sales.”

The company has established an EMEA go-to-market team, based in the U.K., to support channel partners. This includes sales and pre-sales experts, marketing, channel management and customer success. An additional technical support team in Ireland will support that group.

Waynforth said Expel wants to leverage resellers’ regional and industry-specific expertise in EMEA. This will enable it “to hit the ground running and execute at scale.” However, the firm is being selective in choosing partners.

“We’re focused on recruiting a small number of partners to ensure that we’re ‘revenue relevant’ to each other. We don’t want hundreds of partners all fighting over the same opportunities. But rather a small number of key partners who are committed to Expel. By doing this, our partners can build a sustainable business around the Expel proposition without fear that another partner (or Expel) will come along and try to undercut them.”

The firm is first up signing security specialist partners. That will be followed by a small number of managed security partners that see Expel as a complementary fit to their existing service offerings.

It has already signed its first wave of security specialist resellers. Waynforth said Expel expects to announce the full set of partners at its company kick off later in February.

Cybersecurity Industry Lacks Transparency

Waynforth said that the cybersecurity industry, for too long, has lacked transparency.

“It has hidden behind nonsensical jargon that most people cannot understand and offered too many confusing security products delivering reams of alerts,” he said.

This take on transparency tracks back to when the company founded in 2015. Expel founders Dave “Merk” Merkel, Yanek Korff, and Justin Bajiko saw a tweet claiming most players in the managed security space provided the customer service equivalent to that of taxi drivers. They saw the industry as ripe for disruption.

“From that day, Expel has been on a mission to make the cybersecurity industry more transparent, and easier to understand and use,” said Waynforth.

“Expel’s technology and people work together, each doing what they do best to detect, understand, and fix issues fast. We base our activity in transparency and collaboration so that customers can choose how to run their security operations. Whether that’s following along with live investigations or receiving alerts at every step from when an investigation starts until it’s done.”

The company attracted the interest of investors, raising a $7.5 million Series A round in September 2016. Then, last November, Expel closed $140.3 million in Series E funding. This was co-led by CapitalG, Alphabet’s independent growth fund, and Paladin Capital Group, which valued the company as a “unicorn” at more than $1 billion. Just recently, Expel, which has more than 500 employees in the U.S., announced additional funding from the Series E round of $30 million.

Regardless of funding, the plan was always to expand internationally, said Waynforth.

“Prior to formally launching in EMEA, we already counted Esri UK, The Economist Group, Virgin Atlantic and others as customers. The recent funding extension in October is obviously very satisfying, but our move into EMEA would have taken place regardless.”

Tackling Cyber Challenges in EMEA

The company’s launch in Europe comes as both the sophistication and frequency of cyberattacks continue to grow. Recent statistics from the U.K.’s Department for Digital, Culture, Media and Sport (DCMS) revealed that 31% of businesses now experience incidents on a weekly basis.

Waynforth said companies in EMEA are struggling with the same cybersecurity challenges as those in the U.S. These include hiring cybersecurity talent, the ever-expanding threat landscape, proving the return on investment (ROI) of their cybersecurity investments, and dealing with a constant stream of alerts.

“We saw this a lot with some of our EMEA customers before we opened operations here,” he said. “The success we had with them proved that we could help transform cybersecurity operations for more organizations across the continent.”

Waynforth pointed to Expel’s “bring-your-own-technology” approach. This is where it connects via API with customers’ existing security tools. This helps them “get more value and unlock unknown capabilities from their previous investments – an approach that’s more relevant than ever given the current economic conditions.”

He also said being tech-agnostic “aligns to the often unspoken desire for a partner to appear agnostic to their customers.”

“This aligns well with Expel and allows the partner to use data – around the tech that’s adding value – to help advise customers how they can mature their cybersecurity strategy. Expel’s approach and our close collaboration with partners helps them add value to relationships and unlock potential new revenue opportunities.”