Webinar | Team Burned Out on Phishing Analysis? Here's How to Help.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
July 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
ReliaQuest’s Security Operations Platform – GreyMatter – is powered by Ongoing Enablement. Ongoing Enablement is the security expertise and codified best practices delivered by ReliaQuest personnel through GreyMatter to achieve Customer outcomes. To the extent included in the scope of an Order, the Ongoing Enablement delivered to Customer may include:
1. Implementation
ReliaQuest will assign an implementation specialist who is responsible for managing the implementation process. The implementation process is done remotely and starts with a kickoff call with the Customer. The following will be delivered during implementation:
2. Customer Success Manager
ReliaQuest will assign a Customer Success Manager who is responsible for ensuring customer success. The Customer Success Manager will provide the following:
3. GreyMatter Health Support
4. GreyMatter Detect
GreyMatter Detect provides visibility to Content deployed based upon the agreed scope and subject to the deployment restrictions below. The following will be delivered as part of the Ongoing Enablement:
4.1 Rule Tuning
4.2 Detection
The detection deployment model is determined based on the GreyMatter Integrations included in the Order including:
Supported SIEM and/or EDR Integration Plus line items, include:
To the extent the prior detection deployment model is unsupported, the following will apply:
4.3 Log Source Technologies
The log source technology model is outlined in the Order, including:
All Supported Log Source Technologies Model
Log Source Technologies in Scope Model
5. Incident Analysis and Response
ReliaQuest will provide alert triage and qualification which will include:
Ongoing enablement does not include ReliaQuest performing any of the below:
5.1 Phishing Analyzer
Phishing Analyzer helps investigate user reported emails to identify malicious email threats and campaigns attempting to infiltrate an organization. ReliaQuest will classify user email submissions within a Customer’s abuse mailbox using applicable Email Security technologies, including:
6. Digital Risk Protection
DRP is an add on to GreyMatter Intel to detect data loss, identify brand impersonation, and monitor the Customer’s web and digital attack surface. Post asset collection from Customer, the following will be included:
6.1 Managed Takedown Service
7. Customer Responsibilities
Customer responsibilities are outlined in the following section:
7.1 Connectivity
7.2 Access
7.3 Account Creation
Customer must provide ReliaQuest access to provide Ongoing Enablement, and any such access shall be provided within thirty (30) days of access request.
7.4 Customer Response
If the Customer does not provide feedback/closure communication within seven (7) days from alert escalation, ReliaQuest reserves the right to transition that rule into a tuning state. This means if there is no feedback or response from Customer around alerts escalated, ReliaQuest can move a rule into tuning.
7.5 GreyMatter Integrations
7.6 Automation Right
Customer acknowledges and agrees that ReliaQuest reserves the right to automate, in whole or in part, any of the ongoing enablement as described herein, including, but not limited to, automatic retrieval and temporary storage of data. Customer further acknowledges and agrees that, in connection with the provision of the Ongoing Enablement and the ReliaQuest Platform, ReliaQuest may collect and analyze Customer’s using automatic processing techniques and/or manual (human) review to develop, train, produce, and enhance the automation and analytics models, features, and functionalities of the ReliaQuest Platform. To the extent ReliaQuest holds, stores, or processes any of Customer’s data, such data shall be held in accordance with the requirements as specified in the Order.
7.7 Modification of ReliaQuest Content
RQ Labeled Content should not be modified by the Customer at any time. If any RQ Labeled Content is modified by Customer or any third party, ReliaQuest will not be responsible for any negative repercussions including but not limited to, response times, GreyMatter Integration issues, or other issues caused by the changes. If Customer would like to modify RQ Labeled Content, Customer shall submit a ticket with requested modifications within RQ Portal or make such request directly to a Customer Success Manager in writing.
7.8 Documentation
ReliaQuest recommends Customer provide the following documentation to aid ongoing enablement:
8. Capitalized terms used herein not defined in context have the meanings set out in this Section 7:
8.1 “Content” means the methodology, design, logic, and construction (including all code and scripts) of RQ Labeled Content designed to detect, correlate, and flag actionable activity.
8.2 “Content Artifact” means an alert, rule, report, or a dashboard.
8.3 “Core Component” means any component, or system that is required to normalize, aggregate, store and visualize data for a technology with the exception of agents.
8.4 “Critical Content” means a rule designed to detect a known active threat in the Customer’s environment that existing Content does not provide coverage for, for any Log Source Technologies in scope under the Order.
8.5 “Customer” means the opposite party to ReliaQuest in the Order and the party to which ReliaQuest is providing the ongoing enablement in the Order.
8.6 “Customer Roadmap” means the plan developed by ReliaQuest.
8.7 “Customer Success Manager” means a ReliaQuest dedicated point of contact responsible for customer success.
8.8 “Emergency Content” means a request for Content from the Customer to address an issue that presents an imminent threat to business continuity of Customer.
8.9“EDR” means endpoint detection and response technology.
8.10 “EDR Technology” means EDR Vendor, Product Name.
8.11 “EDR Integration Plus” means EDR Vendor, Product name integrated into GreyMatter for all eligible GreyMatter capabilities and ReliaQuest ongoing enablement.
8.12 “GreyMatter” means ReliaQuest’s security operations platform developed by ReliaQuest and consisting of GreyMatter Respond, Detect, Health, Intel, and Investigate capabilities, and any other related ReliaQuest software tools, programs, or platforms, whether existing now or developed by ReliaQuest during the Order, including any enhancements, derivatives, or developments.
8.13 “GreyMatter Additional Integration” means Technology Vendor, Product Name, Function integrated into GreyMatter for limited GreyMatter capabilities.
8.14 “GreyMatter Respond” (formerly GreyMatter Automate) means the GreyMatter capability which supports the actions to enrich data and/or contain or remediate threats.
8.15 “GreyMatter Detect” means the GreyMatter capability which supports the overall content methodology and lifecycle to accelerate Customer’s detection visibility and facilitate evolution of Customer’s capabilities.
8.16 “GreyMatter Digital Risk Protection” means an add on to GreyMatter Intel to detect data loss, identify brand impersonation, and the Customer’s web and digital attack surface.
8.17 “GreyMatter Health” means the GreyMatter capability which supports the overall health of the GreyMatter Integration.
8.18 “GreyMatter Hunt” means the GreyMatter capability which supports threat hunting potentially leveraging data from Customer’s GreyMatter Integration.
8.19 “GreyMatter Integration” means the Technology Vendor, Product Name, Function to be integrated or integrated into GreyMatter.
8.20 “GreyMatter Intel” means the GreyMatter capability which supports threat intelligence automation, aggregation, normalization, and dissemination of machine-readable threat intelligence.
8.21 “GreyMatter Investigate” means the GreyMatter capability which supports the triage and analysis of ReliaQuest Labeled Content.
8.22 “GreyMatter Verify” means the GreyMatter capability which allows Customer to test the effectiveness of Customer’s cybersecurity tools and content by simulating malicious and/or anomalous activity, within Customer’s environment.
8.23 “HIPAA” means the Health Insurance Portability and Accountability Act of 1996.
8.24 “IP” means internet protocol.
8.25 “IT” means information technology.
8.26 “Log Source” means a data source that creates and sends logs to a SIEM technology.
8.27 “Log Source Technology” means Log Source Vendor, Product Name, Function integrated in the SIEM.
8.28 “Managed Takedown Service” means an add on to GreyMatter Digital Risk Protection for enhanced monitoring of the Customer’s online footprint and removal of impersonating domains.
8.29 “OEM” means original equipment manufacturer.
8.30 “Ongoing Enablement” means the activities described in this Ongoing Enablement description, which activities may be performed remotely or from the ReliaQuest Service Locations.
8.31 “PAM” means a privileged access management tool provided to simplify and secure access to the Customer environment. Customer consents to ReliaQuest’s use of a PAM of its choosing during the performance of Ongoing Enablement. The PAM shall be determined by ReliaQuest, in ReliaQuest’s sole discretion, and may be changed at any time. The current PAM used by ReliaQuest is Delinea.
8.32 “Parser” means code used to assist in the processing of log events.
8.33 “PCI” means payment card industry.
8.34 “Phishing Analyzer” means investigating user reported emails within a Customer’s abuse mailbox to identify malicious email threats and campaigns attempting to infiltrate an organization.
8.35 “RQ” means ReliaQuest, LLC.
8.36 “ReliaQuest Service Locations” means any ReliaQuest facility currently held or opened by ReliaQuest during the term of the Order. Customer consents to the performance of Ongoing Enablement activities under an Order from each ReliaQuest Service Location at any time as determined by ReliaQuest, in ReliaQuest’s sole discretion.
8.37 “RQLabs” means ReliaQuest lab environment.
8.38 “RQ Labeled Content” or “ReliaQuest Labeled Content” means Content created by ReliaQuest or content that ReliaQuest has agreed to manage.
8.39 “RQ Portal” means the portal where ReliaQuest provides alert data reporting to Customer. The RQ Portal is currently hosted by ServiceNow and Customer consents to the use of RQ Portal for the provision of Ongoing Enablement under an Order.
8.40 “SIEM” means security, information, and event management technology.
8.41 “SIEM Integration Plus” means SIEM Vendor, Product name integrated into GreyMatter for all eligible GreyMatter capabilities and ReliaQuest ongoing enablement.
8.42 “SOC” means security operation center.
8.43 “SOX” means Sarbanes Oxley act of 2002.
8.44 “SSH” means secure socket shell.
8.45 “Term” means the period of time set forth in the applicable Order during which Customer is authorized by ReliaQuest to access and use GreyMatter and entitled to receive Ongoing Enablement support.
8.46 “Third Party Platform Providers” means the third party platform providers, as designated by ReliaQuest from time to time, who support or enable ReliaQuest to provide GreyMatter and the Ongoing Enablement to Customer, as set forth and updated from time-to-time at: https://www.reliaquest.com/platform-sub-processors/. For the avoidance of doubt, ReliaQuest may nominate or withdraw Third Party Platform Providers upon notice to Customer (notice through GreyMatter, the RQ Portal, or other electronic means being sufficient).
8.47 “VPN” means virtual private network.