Unify Security Operations
Go Back

Unify Security operations

Reduce Alert Noise and False Positives

Automate Security Operations

Dark Web Monitoring

Maximize Existing Security Investments

Beyond MDR

Secure Multi-Cloud Environments

Secure Mergers and Acquisitions

Secure Operational Technology

Eliminate Mundane SecOps Tasks

Unify Your Security Operations

Whether you’re starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Explore Our Solutions
Why ReliaQuest
Go Back

The ReliaQuest GreyMatter Platform

Detection Investigation Response

Threat Hunting

Threat Intelligence

Model Index

Automated Response Playbooks

Breach and Attack Simulation

Digital Risk Protection

Phishing Analyzer

Technology Partners

AI Agent for SecOps

Why ReliaQuest?

Whether you’re starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Explore the GreyMatter Platform
Learn
Go Back

Learn

Blog

Threat Research

Case Studies

Data Sheets

eBooks

Industry Guides

Research Reports

ShadowTalk Podcast

Solution Briefs

White Papers

Videos

Events & Webinars

ReliaQuest Resource Center

From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Resource Center
Company
Go Back

Company

About ReliaQuest

Leadership

No Show Dogs Podcast

Make It Possible in the Community

Careers

Press and Media Coverage

Become a Technology Partner

Contact Us

A Mindset Like No Other in the Industry

Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Search
Go Back

APi Group Increases Visibility by 47% and Secures Expanding Attack Surface Across their Microsoft 365 E5 Suite

APi Group partners with ReliaQuest to gain a unified view of their Azure Sentinel and Microsoft E5 security suite, streamlining operations to better secure their global organization.

Watch the Video

47 %

Increase in Visibility

52 %

Decrease in response times

275 %

Increase in MITRE ATT&CK covarage

Overview

Building a Safer Environment

In 1926, a company formed with an impactful mission to build great leaders. What started as an insulation contracting and distribution business, would later be known as the APi Group, a multibillion-dollar organization that operates today as a holding company for independently managed safety and special services related businesses. In keeping with their merger and acquisition strategy, early on in 2022, APi Group completed its largest acquisition to date with the Chubb fire and safety services organization – effectively making it one of the world’s largest life safety services providers.

As the company continues to grow and acquire new entities, APi Group differentiates itself by delivering top-tier, customer-driven service, using mutual resources and experiences to build a safer environment. As such, their focus on building a more secure environment directly depends on the success of various departments across the business. Their security operations team is one of the most essential of these components, to ensure critical business processes do not experience any disruptions.

Delivering Security Consistency for Existing and Acquired Business Units

APi’s growth strategy includes acquiring companies with varying business models and with different IT security technology stacks. Acquisitions have varied technology stacks that could prove complicated to manage and maintain. APi Group arrived at a strategy for new acquisitions that allows business units to maintain existing technology stacks with a plan for some rationalization. In particular, they leverage Microsoft’s 365 E5 license to meet the diverse IT needs of both existing and acquired companies while driving consistency across the organization. This strategy reduces complexity for their customers and business entities. But as they sought to meet the needs of the business, APi realized they needed a way to increase both visibility and risk management across the ecosystem to better secure a constantly expanding attack surface as new companies are added to their portfolio.

To tackle these security challenges, the security operations team at APi Group is using security tools from their Microsoft 365 E5 license in conjunction with ReliaQuest GreyMatter, to deliver the contextual intelligence, visibility, and real-time insights the team needs to better manage risk across multiple companies.

ReliaQuest GreyMatter security operations platform is built on an XDR architecture and brings together telemetry from tools and applications across cloud, on-premises, and hybrid cloud architectures. The platform delivers visibility and manages risk across APi’s heterogeneous security technology stack.

Acquisitions have varied technology stacks that could prove complicated to manage and maintain

APi realized they needed a way to increase both visibility and risk management across the ecosystem

To tackle these security challenges, the security operations team at APi Group is using security tools from their Microsoft 365

Increase in Visibility Leads to Faster Response Times

One of APi Group’s main objectives is to mature and modernize their security operations program as the organization rapidly evolves, which includes optimizing their Microsoft 365 E5 tools to increase efficiency, visibility, and value. To do this, APi relies on the powerful combination of the Microsoft 365 suite and the unified view ReliaQuest GreyMatter provides.

Carl Lee, Information Security Lead at APi Group shares, “The ability of GreyMatter to detect and take automated response actions utilizing that integration with Microsoft Defender and Azure Sentinel is a key component of our security strategy.”

As a Microsoft 365 E5 and ReliaQuest customer, APi Group has achieved a 47% increase in visibility across their Microsoft 365, Cisco, and Palo Alto security stack. In addition, utilizing GreyMatter has enabled them to perform automated response actions across multiple tools from one console – reducing the complexity of their day-to-day operations. In fact, they have seen a 52% decrease in response times since becoming a customer thanks to automated playbooks. With automation and improved visibility, the team can now execute faster threat detection, investigation, and response, across a diverse set of organizations under the APi umbrella.

Making Sense of a Complex Environment

An essential element of APi Group’s security strategy is to understand their cybersecurity hygiene and gaps in coverage. But they also need to augment the team and avoid burnout at the same time – which is not an easy goal to achieve. To add to the challenge, their Microsoft environment is complicated – they use Azure Sentinel, Defender, Office 365, and a multitude of other tools.

Adding ReliaQuest to their security tool stack has helped APi Group solve these challenges head on. As Lee states, “The integration between ReliaQuest GreyMatter and our security tools has become a force multiplier for the team. ReliaQuest uses a risk-based approach and the MITRE framework, driving our implementation of detections and automations, which provides the most value for our overall security.”

The integration of tools and increased visibility has reduced complexity across APi’s security program – since becoming a ReliaQuest customer they have increased MITRE ATT&CK coverage by 275%, a game changer for the team. Now, they can more accurately decide where to invest in resources that will better secure their organization.

Better Detection for an Expanding Attack Surface

While APi Group faces the challenge of a continuously expanding attack surface, they know implementing a program providing high-fidelity threat detections for Microsoft environments will help them manage risk. Lee explains, “The Microsoft stack is great, but one of the challenging things is that people cannot easily pick up the query language. So, when it comes to making accurate detections, you really need solid detection content – and that’s where ReliaQuest comes into play for us.”

Lee’s team is working collaboratively with ReliaQuest to tune detection logic and produce solutions for their Microsoft toolset that result in faster, higher fidelity detections. He shares, “One time we had Malware hit an endpoint. My team thought it was contained, then we get a call from the analyst at ReliaQuest who was seeing strange activity. He ended up executing an isolate play for us. They do analysis, give us context, and recommendations on what to do. The second set of eyes, the quick automated plays, and higher fidelity detections have been crucial for us to have.”

ATT&CK coverage by 275%
APi Group has achieved a 47% increase in visibility across their Microsoft 365
ReliaQuest GreyMatter security operations platform is built on an XDR architecture

The ability of GreyMatter to detect and take automated response actions utilizing that integration with Microsoft Defender and Azure Sentinel is a key component of our security strategy. Carl Lee Information Security Lead, APi Group

Unified Visibility Across Security Technologies, Improving Risk Awareness and Enabling More Efficient Workflows

Enriched Data Sets, Providing Additional Context and Insights for More Accurate Threat Detection and Faster Response

20% Time Gains Each Month, Allowing APi to Focus on Proactive Anitiatives

Explore Other Resources

Security Operations Made Possible with ReliaQuest GreyMatter

Increase visibility, reduce complexity, and manage risk across your existing tools with comprehensive protection unified under a single security operations platform.

Request a demo

GreyMatter's security operations platform dashboard