It seems like every year there is a new category being introduced in cybersecurity, billed as the one tool to finally solve the cybersecurity challenge. First it was SIEM, then came EDR, MDR, XDR, SOAR and the list goes on.

More and more tools, yet the same issues persist: Lack of visibility across an environment, too much noise, endless data storage costs, inability to quantify true risks to the business. Meanwhile, security leaders are under constant pressure to protect their organizations, with data more disparate than ever and AI-powered threats demanding faster response times.

The truth is, all the new “categories” are really just features of what should be a holistic cybersecurity solution– one that will never be solved by just one tool. The only way to make security possible is by making each security team its own platform.

That was the overarching theme of last week’s ReliaQuest EXPONENT customer conference– produced for and by ReliaQuest’s customers.

Against the backdrop of those industry trends, ReliaQuest introduced innovations in its technology-agnostic security operations platform, GreyMatter, which uses AI and automation to enable customers to realize faster and more actionable security outcomes unique to their business. These new innovations make it possible to achieve a mean time to respond of mere minutes, regardless of what tools a customer may have or where the data sits.

The perspectives we heard at EXPONENT pave the way for creating a more effective and flexible approach to security operations.

The Role of Artificial Intelligence for Security Operations

Just as there will never be one tool to rule them all, Artificial Intelligence (AI) is similarly not the silver bullet that initial industry hype may have made it seem. However, there are clear applications for generative AI that can be incorporated into an organization’s security program to complement their existing capabilities and remove the “low brain, high time” activity out of security operations.

Brian Foster, ReliaQuest’s President of Product and Technical Operations, described how ReliaQuest is using AI and automation to help CISOs enhance their security programs with AI while managing risk.

ReliaQuest’s GreyMatter platform, which integrates with over 100 security technologies, now combines a decade of incident response data with AI to transform the way analysts interact with alerts and investigations, from auto-converting detection rules across operating systems to recommending actionable playbooks directly within investigation summaries.

GreyMatter also helps security leaders make sense of the many new AI models and figure out which model best suits their specific outcomes, as CISOs are being asked more and more to enable the use of AI across their businesses, outside of even security use cases.

In addition, AI and automation enable security teams to run playbooks and take critical security actions directly from the GreyMatter mobile app, a first of its kind capability in cybersecurity

Automation to Scale Threat Detection, Investigation and Response

Over the last year, we’ve seen a change in organizations’ risk tolerance for automation. As attackers have begun using automation to more quickly identify and exploit vulnerabilities, organizations are now more willing to adopt more automation to reduce attacker dwell time.

Today’s security leaders see automation as a crucial tool for maturing their security programs and responding more quickly to threats. Security teams should no longer be stuck doing Tier 1 “ticket taker” cybersecurity work, rather– they can use automation to respond to threats quickly and free their teams for more interesting and impactful investigations.

With the adoption of automation, security teams can reduce their mean time to respond to threats from hours to minutes, in some cases less than five minutes. This gives them the ability to not only respond to an incident quickly but step back to fully understand it.


Coming out of EXPONENT, it’s clear that security leaders aren’t looking for one tool to rule them all. What they need is the ability to create their own security platform with modularity and optionality, leveraging different tools for different needs and layering in new innovations like AI and automation.

Working at the enterprise over the past 15 years has given ReliaQuest a unique viewpoint into the most complex issues in cybersecurity. What we know is: today’s security leaders aren’t fooled by marketing buzz or distracted by shiny objects. They are world-class entrepreneurs in their own right who signed up to work on the greatest technical challenge of our generation.

What they’re looking for is the ability to maximize their investments while also leaning into automation and AI. They’re looking for ways to develop world-class security teams who can do interesting and impactful work. Above all, they are focused not on buying new stuff, but on the organizations they serve and the people and brands they protect every day.

Security is a team sport.