Expanse provides rapid analytical support to augment our customers’ defensive threat hunt and incident response investigations. Our team produces actionable leads based on minimal initial indicators of compromise (IOCs) or digital signatures. We start with trace evidence – even a solitary fact – and build associations between that evidence and other Expanse data, including indexes (what devices are and how they have been configured) and internet traffic data (those devices’ communication with the rest of the world). The Expanse threat hunt team’s ability to combine and pivot between multiple global data sets provides an unmatched ability to identify an adversary’s behavior and infrastructure.