It started with a Tweet claiming that most players in the cybersecurity industry provide customer service comparable to that of taxi drivers. When David Merkel saw it, he kept thinking about it and the idea for a company quickly took shape.
Merkel, along with his partners Yanek Korff and Justin Bajko, started creating drive out, which develops managed detection and response (MDR) solutions that provide businesses with 24/7 protection for their cloud applications, infrastructure networks, and endpoints. Launched in 2016, the company has raised more than $250 million in five rounds and reached a valuation of more than $1 billion.
“The three of us worked for FireEye and we all left in 2015, about 18 months after it acquired Mandiant for just over $1 billion,” Merkel said. “We had no idea what we were going to do next, but one thing was certain: we all felt like our startup days were over. We took some much-needed time off and vowed never to do a cyber startup again.”
The trio broke their vow almost immediately when they saw a tweet from their friend and industry peer Rick Holland. Working for Forrester Research at the time, Holland noted that Managed Security Services Providers (MSSPs) customers had endured “the customer service equivalent of taxi drivers” and the market was ripe for disruption.
“Rick’s tweet was a groundbreaking moment,” Merkel said. “Not offensive to taxi drivers, but we knew from experience that he was 100% right. The market knew. The customers knew. Even the MSSPs knew. This inspired us to reunite the band, this time as entrepreneurs, own and grow the business, and create a distinct culture not only for our employees, but also for our customers and partners.”
They spent the better part of a week kicking ideas around by email before finally meeting in person to work out their plans on napkins. “We were convinced that MSSPs were taking the wrong approach,” Merkel says. “Moreover, there was no real disruptor. We were convinced that the barrier to entry was low and that we had the opportunity to start a company that could easily differentiate itself by adopting a new approach.”
Some of the key cybersecurity issues have been transparency. Expel wanted to show its clients exactly what its analysts see and make sure they know what they’re looking at. “When we identify attack activities, we inform our customers about the cause and how they can protect themselves against it in the future,” Merkel said. “Because we manage a wide range of clients across multiple industries, we can identify trends as they happen and let our clients know how to defend themselves against them before they even hit the target.”
Another problem for cyber companies is that as they grow, the quality of their security often begins to decline. “Companies don’t need hordes of security personnel,” Merkel explains. “They need a (SaaS) technology platform that hyperscales people. People are still needed in ‘the last mile’ of computer networks, but with Expel you don’t need that many people because the technology does the work.”
One of the main differentiators of Expel is the average time, from warning to full resolution, of 21 minutes, including the ability to detect a ransomware threat. “No one else can match the speed and effectiveness of threat detection and mitigation,” Merkel said.
The company attracted early investor interest, raising a $7.5 million Series A round in September 2016 led by Paladin Capital Group, with participation from New Enterprise Associates, Battery Ventures, Greycroft Partners, Lightbank and other individual members. investors. Last November, Expel closed $140.3 million in Series E financing, co-led by CapitalG, Alphabet’s independent growth fund, and Paladin Capital Group, which valued the company at more than $1 billion.
In November, Expel was ranked as the 18th fastest growing company in North America at the 2021 Deloitte Technology Fast 500. Expel now has 400 employees and since 2020 has scaled its technology platform to handle an 82% increase in security events per day , double the number of technology partners and more than double the number of security investigations it handles. There are plans for more aggressive growth outside the US, with a particular focus on EMEA.
Merkel says: “We continue our mission to make security easy to understand, use and continuously improve. We aim to be at the top end of performance for VC growth-backed startups in our industry and aim to close 2022 at just over double where we started the year in terms of revenue. As we continue to scale, it’s great to hear the same feelings from employees when we were a smaller company, about positive experiences and how we’ve kept the culture, stayed irreverent but effective, having fun and creating an overall great workplace. We are recruiting by the way!”