APi Group Increases Visibility by 47% and Secures Expanding Attack Surface

In keeping with their merger and acquisition strategy, early on in 2022, APi Group completed its largest acquisition to date with the Chubb fire and safety services organization – effectively making it one of the world’s largest life safety services providers.

As the company continues to grow and acquire new entities, APi Group differentiates itself by delivering top-tier, customer-driven service, using mutual resources and experiences to build a safer environment. As such, their focus on building a more secure environment directly depends on the success of various departments across the business. Their security operations team is one of the most essential of these components, to ensure critical business processes do not experience any disruptions.

Delivering Security Consistency for Existing and Acquired Business Units

APi’s growth strategy includes acquiring companies with varying business models and with different IT security technology stacks. Acquisitions have varied technology stacks that could prove complicated to manage and maintain. APi Group arrived at a strategy for new acquisitions that allows business units to maintain existing technology stacks with a plan for some rationalization. In particular, they leverage Microsoft’s 365 E5 license to meet the diverse IT needs of both existing and acquired companies while driving consistency across the organization. This strategy reduces complexity for their customers and business entities. But as they sought to meet the needs of the business, APi realized they needed a way to increase both visibility and risk management across the ecosystem to better secure a constantly expanding attack surface as new companies are added to their portfolio.

To tackle these security challenges, the security operations team at APi Group is using security tools from their Microsoft 365 E5 license in conjunction with ReliaQuest GreyMatter, to deliver the contextual intelligence, visibility, and real-time insights the team needs to better manage risk across multiple companies.

Through ReliaQuest's agentic AI security operations platform, GreyMatter, brings together telemetry from tools and applications across cloud, on-premises, and hybrid cloud architectures. The platform delivers visibility and manages risk across APi’s heterogeneous security technology stack.

Increase in Visibility Leads to Faster Response Times

One of APi Group’s main objectives is to mature and modernize their security operations program as the organization rapidly evolves, which includes optimizing their Microsoft 365 E5 tools to increase efficiency, visibility, and value. To do this, APi relies on the powerful combination of the Microsoft 365 suite and the unified view ReliaQuest GreyMatter provides.

As a Microsoft 365 E5 and ReliaQuest customer, APi Group has achieved a 47% increase in visibility across their Microsoft 365, Cisco, and Palo Alto security stack. In addition, utilizing GreyMatter has enabled them to perform automated response actions across multiple tools from one console – reducing the complexity of their day-to-day operations. In fact, they have seen a 52% decrease in response times since becoming a customer thanks to automated playbooks. With automation and improved visibility, the team can now execute faster threat detection, investigation, and response, across a diverse set of organizations under the APi umbrella.

Making Sense of a Complex Environment

An essential element of APi Group’s security strategy is to understand their cybersecurity hygiene and gaps in coverage. But they also need to augment the team and avoid burnout at the same time – which is not an easy goal to achieve. To add to the challenge, their Microsoft environment is complicated – they use Azure Sentinel, Defender, Office 365, and a multitude of other tools.

Adding ReliaQuest to their security tool stack has helped APi Group solve these challenges head on.

The integration of tools and increased visibility has reduced complexity across APi’s security program – since becoming a ReliaQuest customer they have increased MITRE ATT&CK coverage by 275%, a game changer for the team. Now, they can more accurately decide where to invest in resources that will better secure their organization.

"The ability of GreyMatter to detect and take automated response actions utilizing that integration with Microsoft Defender and Azure Sentinel is a key component of our security strategy."

Carl Lee, Information Security Lead, APi Group

Better Detection for an Expanding Attack Surface

While APi Group faces the challenge of a continuously expanding attack surface, they know implementing a program providing high-fidelity threat detections for Microsoft environments will help them manage risk.

Lee’s team is working collaboratively with ReliaQuest to tune detection logic and produce solutions for their Microsoft toolset that result in faster, higher fidelity detections.