Case Study

Expel

Expel offers 24x7 security monitoring and response for cloud, hybrid and on-premises environments. The company uses the security signals customers already own so organizations can get more value from their existing security investments. Expel connects to customer tech remotely through APIs, not agents, so its SOC can start monitoring a customer’s environment in a matter of hours, letting their internal teams get back to focusing on the most strategic security priorities that are unique to their business.

Challenge

Expel sought to give its customers an easier way to enter and track their National Institute of Standards and Technology (NIST) scores. To date, customers had tracked their progress in an Excel spreadsheet with plenty of manual support from folks at Expel. This new system would allow users to enter their scores into a step-by-step wizard right in Expel Workbench™, and explain what each score meant. It would also provide informative charts and graphs for a quick glance at a customer’s NIST progress.

An overview of NIST scores, broken down by category and visualized in a radar graph.

Solution

The most important feature for customers would be the ability to see at a glance which NIST categories they’re doing well in, and which require more attention. To achieve this, we created a custom chart and progress bars per category. We heavily leveraged Chart.js and the radar chart type it provides, and pushed it outside of the confines of its typical API to create an entirely new type of chart.

This new chart allowed customers to easily select different NIST categories and highlight them in the radar chart. To achieve this, we had to essentially input data for five separate radar charts, as there was no mechanism to have five distinct areas as part of one radar chart out of the box. This really shows the flexibility of Chart.js to create seemingly endless chart types, only limited by your imagination.

The protect NIST category is selected and scores are filtered to that category.

Another feature extremely important to the success of the NIST dashboard was making a user-friendly, step-by-step wizard to walk users through NIST scoring. The tool provides scoring guidance and questions to drive discussion, so each user receives the same written guidance and support as they decide on a score for each category.

The edit mode for scores, showing a simple user interface with scoring criteria for guidance.

Outcome

Customers can now easily enter and monitor their NIST scores right in Expel Workbench™, which helps to streamline the process for customers and tracks their progress in one place, eliminating the need for a CISO and their team to keep track of data entry in multiple Excel spreadsheets. Reimaging old, complex workflows and adding them into Expel Workbench™ continues to make it a one-stop shop for all things security.

Graphs indicating the progress made in various NIST categories.

In addition to the NIST work we completed, we also worked heavily on updating Expel's large Ember app to Ember Octane. We assisted with updating Ember components to Glimmer components, using angle bracket component invocations, removing mixins, refactoring away from string based actions, and much, much more.