Learn how to defend against a ransomware attack in our upcoming webinar series. Register Now ➞

APi Group Increases Visibility by 47% and Secures Expanding Attack Surface Across their Microsoft 365 E5 Suite

APi Group partners with ReliaQuest to gain a unified view of their Azure Sentinel and Microsoft E5 security suite, streamlining operations to better secure their global organization.

Building a Safer Environment

In 1926, a company formed with an impactful mission to build great leaders. What started as an insulation contracting and distribution business, would later be known as the APi Group, a multibillion-dollar organization that operates today as a holding company for more than 32 independently managed safety and special services related businesses. In keeping with their merger and acquisition strategy, early on in 2022, APi Group completed its largest acquisition to date with the Chubb fire and safety services organization – effectively making it one of the world’s largest life safety services providers.

As the company continues to grow and acquire new entities, APi Group differentiates itself by delivering top-tier, customer-driven service, using mutual resources and experiences to build a safer environment. As such, their focus on building a more secure environment directly depends on the success of various departments across the business. Their security operations team is one of the most essential of these components, to ensure critical business processes do not experience any disruptions.

APi-group Case Study Image
Delivering Security Consistency for Existing and Acquired Business Units

APi’s growth strategy includes acquiring companies with varying business models and with different IT security technology stacks. Acquisitions have varied technology stacks that could prove complicated to manage and maintain. APi Group arrived at a strategy for new acquisitions that allows business units to maintain existing technology stacks with a plan for some rationalization. In particular, they leverage Microsoft’s 365 E5 license to meet the diverse IT needs of both existing and acquired companies while driving consistency across the organization. This strategy reduces complexity for their customers and business entities. But as they sought to meet the needs of the business, APi realized they needed a way to increase both visibility and risk management across the ecosystem to better secure a constantly expanding attack surface as new companies are added to their portfolio.

To tackle these security challenges, the security operations team at APi Group is using security tools from their Microsoft 365 E5 license in conjunction with ReliaQuest GreyMatter, to deliver the contextual intelligence, visibility, and real-time insights the team needs to better manage risk across multiple companies.

ReliaQuest GreyMatter security operations platform is built on an XDR architecture and brings together telemetry from tools and applications across cloud, on-premises, and hybrid cloud architectures. The platform delivers visibility and manages risk across APi’s heterogeneous security technology stack.

Increase in Visibility Leads to Faster Response Times

One of APi Group’s main objectives is to mature and modernize their security operations program as the organization rapidly evolves, which includes optimizing their Microsoft 365 E5 tools to increase efficiency, visibility, and value. To do this, APi relies on the powerful combination of the Microsoft 365 suite and the unified view ReliaQuest GreyMatter provides.

Carl Lee, Information Security Lead at APi Group shares, “The ability of GreyMatter to detect and take automated response actions utilizing the integration with Microsoft Defender and Azure Sentinel, is a key component of our security strategy.”

As a Microsoft 365 E5 and ReliaQuest customer, APi Group has achieved a 47% increase in visibility across their Microsoft 365, Cisco, and Palo Alto security stack. In addition, utilizing GreyMatter has enabled them to perform automated response actions across multiple tools from one console – reducing the complexity of their day-to-day operations. In fact, they have seen a 52% decrease in response times since becoming a customer thanks to automated playbooks. With automation and improved visibility, the team can now execute faster threat detection, investigation, and response, across a diverse set of organizations under the APi umbrella.

Making Sense of a Complex Environment

An essential element of APi Group’s security strategy is to understand their cybersecurity hygiene and gaps in coverage. But they also need to augment the team and avoid burnout at the same time – which is not an easy goal to achieve. To add to the challenge, their Microsoft environment is complicated – they use Azure Sentinel, Defender, Office 365, and a multitude of other tools.

Adding ReliaQuest to their security tool stack has helped APi Group solve these challenges head on. As Lee states, “The integration between ReliaQuest GreyMatter and our security tools has become a force multiplier for the team. ReliaQuest uses a risk-based approach and the MITRE framework, driving our implementation of detections and automations, which provides the most value for our overall security.”

The integration of tools and increased visibility has reduced complexity across APi’s security program – since becoming a ReliaQuest customer they have increased MITRE ATT&CK coverage by 275%, a game changer for the team. Now, they can more accurately decide where to invest in resources that will better secure their organization.

Better Detection for an Expanding Attack Surface

While APi Group faces the challenge of a continuously expanding attack surface, they know implementing a program providing high-fidelity threat detections for Microsoft environments will help them manage risk. Lee explains, “The Microsoft stack is great, but one of the challenging things is that people cannot easily pick up the query language. So, when it comes to making accurate detections, you really need solid detection content – and that’s where ReliaQuest comes into play for us.”

Lee’s team is working collaboratively with ReliaQuest to tune detection logic and produce solutions for their Microsoft toolset that result in faster, higher fidelity detections. He shares, “One time we had Malware hit the endpoint, my team thought it was contained, then we get a call from the analyst at ReliaQuest who is seeing strange activity. He ended up executing an isolate play for us. They do analysis, give us context and recommendations on what to do. The second set of eyes, the quick automated plays, and higher fidelity detections have been crucial for us to have.”

APi Group Logo
Share this story
  • ReliaQuest Twitter Icon
  • ReliaQuest LinkedIn Icon
  • ReliaQuest Facebook Icon
  • ReliaQuest YouTube Icon
The ability of GreyMatter to detect and take automated response actions utilizing that integration with Microsoft Defender and Azure Sentinel is a key component of our security strategy.

Carl Lee

Information Security Lead, APi Group

Discover how ReliaQuest GreyMatter can help improve the efficiency of your Security Operations program.