Expel, needed a scalable way for its analyst to monitor its growing portfolio of machine learning models. Custom-built, manual monitoring systems were draining engineering resources and leading to inconsistent performance tracking for the cybersecurity experts who review, investigate, and triage alerts from customer environments to identify real world threats.
This means high stakes and tight timelines — where latency and model reliability are crucial. As a managed detection and response (MDR) provider, Expel monitors customer environments for cybersecurity threats and helps customers respond fast.
By adopting Arthur, Expel replaced fragmented tools with a centralized observability platform — cutting monitoring time by 50%, standardizing workflows, and reducing time wasted on false positives.
Arthur now powers real-time alerting, drift detection, and performance metrics across all models, giving Expel confidence in model reliability and freeing up engineers to focus on innovation.
With Expel’s reliance on ML to score alerts and reduce analyst workload, robust MLOps is the backbone for ensuring fast deployment, retraining, monitoring, and governance of those models.
With Arthur, observability has become a strategic advantage — improving analyst efficiency, model trust, and the company’s ability to scale ML responsibly.
The Challenge:
Expel’s machine learning models were growing in number and importance, but its internal monitoring systems weren’t built to scale with that growth. Each model required its own custom-built monitoring setup — often built and maintained manually. Analysts serve as the human-in-the-loop, making critical decisions based on insights generated by Expel's detection and response platform. Over time, these one-off solutions became costly to maintain, difficult to standardize, and inconsistent in surfacing performance issues.
“Any traditional machine learning models we put into production had to be manually monitored through in-house solutions that simply did not scale as our operations grew.” – Tyler Beauregard, Data Science at Expel
This fragmentation meant performance issues could go unnoticed, alerts were hard to trust, and the burden of upkeep was pulling valuable engineering time away from higher-impact projects. Expel needed a solution that could unify and simplify its approach to observability — one that was flexible, scalable, and easy to operationalize.
Why it matters?
The speed and accuracy of ML-driven insights directly impact an analyst’s ability to act quickly on real threats. Well-managed MLOps ensures models stay performant and trustworthy, helping analysts focus on threats that matter rather than noise.
The Impact: Faster Insights = Faster Threat Detection
Adopting Arthur gave Expel the scalable, centralized observability layer it was missing. What was once a patchwork of tools and processes is now a single platform that handles everything from drift detection and performance tracking to alerting and performance metrics — fully adaptable to Expel’s internal workflows.Prior to Arthur, Expel’s analysts often had to investigate alerts triggered by models that were degrading silently — or reacting too sensitively to edge-case data. With no reliable signal for drift or performance breakdown, false positives led to significant operational drag: wasted analyst time, longer decision cycles, and reduced trust in model output.
The results have been transformative:
- 50.3% reduction in API latency from 7.74s to 3.85s after migrating to Arthur.
- Standardized monitoring workflows across all models and teams.
- Faster triage and response to performance degradation and drift.
- 50% reduction in engineering time spent on model-specific monitoring.
- Providing analysts enriched alert data faster, enabling them to triage threats more quickly and efficiently.
With Arthur, Expel can now confidently track model behavior in production, detect subtle shifts before they escalate, and adapt faster — meaning analysts only engage with alerts that actually merit attention.
“Arthur has given us peace of mind — it’s a one-stop-shop for all of our model monitoring needs. [...] Arthur has droped our maintenance workload by ~50%.”
Ultimately, observability isn't just about knowing whether models are up — it's about knowing whether they're right. That confidence directly translates to saved analyst hours, less friction in incident response, and reduced costs tied to inefficiencies in triage. Arthur has made model observability a multiplier — increasing engineering efficiency, analyst effectiveness, and model reliability across the board.
Why Arthur
Arthur stood out for its ease of integration, intuitive platform design, and deep alignment with Expel’s needs — both out of the box and in ongoing collaboration.
From day one, Arthur’s team engaged closely with Expel’s data scientists to tailor the platform to real-world workflows and model constraints. When unique monitoring requirements arose, Arthur didn’t just accommodate — they partnered, co-developing functionality that addressed Expel’s internal data environment and operational priorities.
“Arthur’s engineers are incredibly hands-on, knowledgeable, and more importantly — they care about helping Expel build a solution that works for us.”
This flexibility and responsiveness gave Expel confidence that Arthur could not only meet today’s needs, but continue evolving with them as they grew.
“Arthur has worked with us step by step providing phenomenal support and ultimately building and supporting features we require.”
The Solution in Action
With Arthur now fully integrated, Expel has a scalable foundation for ML observability that supports both internal and customer-facing systems.This was done in accordance with Expel’s security standards. Every new model, regardless of use case, can be onboarded quickly and monitored consistently — with full support for custom metrics, drift detection, and project-specific monitoring needs.
“Now, we have one location that serves all our needs — from monitoring to dashboarding to alerting.”
Arthur powers:
- Real-time alerting for performance anomalies and drift
- Custom monitoring framework tailored to Expel’s internal workflows and data formats
- Central dashboards that provide full visibility across all ML projects
This shift has freed up Expel’s data scientists to focus on innovation, not infrastructure — while giving teams across the organization a reliable window into how models are performing day to day.
In the context of cybersecurity, even seconds can be the difference between catching an intrusion early or facing a breach. This platform shift directly enhances Expel’s ability to protect its customers at scale.
Looking Ahead
Arthur isn’t just helping Expel keep up — it's helping the company lead. With scalable observability now in place, Expel is positioned to build more, iterate faster, and deliver ML that performs — with the visibility to prove it.
Turn Expel’s Wins into Your Wins Talk to a Specialist and discover how continuous evaluation can transform your machine learning strategy.