Headquarters: NYC
Industry: Managed Security Services
Employees: 600
Company profile
RFA, headquartered in NYC, is a managed IT and security provider that’s been in business for over 30 years. With a combined cybersecurity and compliance practice that handles both policy and technical control issues, RFA supports over 800 financial services and other organizations operating in highly regulated industries and regions.
The challenge – reducing phishing email triage time and employee frustration
As a premier provider of managed security services, RFA operates a 24/7 SOC that supports hundreds of financial services clients—an industry segment heavily targeted by phishing attacks. With thousands of alerts flooding in every month, RFA’s SOC analysts faced the challenge of triaging potentially malicious emails in a timely fashion.
Phishing campaigns had grown in both volume and sophistication, leveraging AI to craft emails that easily bypassed traditional training-based defenses. Indicators that employees had previously been taught to recognize—such as misspellings, strange formatting, or unfamiliar sender addresses—were no longer reliable. Worse yet, many phishing attempts originated from trusted business partners whose accounts had been compromised, lowering employees’ guard even further.
For MSSPs, phishing presents an especially complex challenge. Unlike malware signatures or firewall logs, the analysis of phishing emails often requires deep contextual understanding of the customer’s organization—its people, vendors, and normal communication patterns. Automating this process at scale is difficult because what may seem suspicious in one context could be completely normal in another. This subjectivity makes it hard to rely solely on rigid rules or traditional detection engines. Additionally, alert fatigue and false positives are common, putting further strain on SOC resources and increasing the risk of missed threats.
Slow triage of suspicious emails not only increased the risk of a breach but also increased the likelihood that end-users would click on risky email links.
The difficulty in keeping pace with the volume of suspicious emails had two major consequences:
Delayed response to true incidents: When a phishing email was indeed malicious, the lengthy triage process often meant that by the time a conclusion was reached, the attack had already succeeded—potentially resulting in data exfiltration, reputational damage, and costly incident response efforts.
User frustration and risk amplification: Despite security awareness training, end users were still prone to risky behavior. Presented with a suspicious email, many employees found themselves weighing two poor options: report it and wait an hour or more for a response from the SOC—or just click and see what happens. Too often, they chose the latter. The cumbersome process for verifying suspicious emails discouraged caution, directly contributing to successful phishing incidents.
RFA recognized that the traditional SOC approach wasn’t sustainable. They needed a way to remove the friction from the triage process, empower users with immediate feedback, and give their analysts the bandwidth to focus on the true threats.
The solution – AI powered SOC that delivers self-serve triage and a massive reduction in phishing incidents
To address the growing volume of phishing alerts and reduce the SOC’s triage burden, RFA chose and deployed Radiant’s adaptive AI SOC platform across many of their clients. With Radiant’s responsive support team and a direct communication channel in place, provisioning a new client is as simple as requesting a tenant and connecting the relevant data sources which in RFA’s case is Microsoft 365 and Mimecast. This process typically takes under an hour from start to finish.
Once live, Radiant transformed the email investigation workflow into a seamless, self-service experience. Instead of submitting a ticket and waiting for SOC feedback, employees now simply click the native “Report Email” button in Outlook. Radiant immediately acknowledges receipt, begins automated triage, and delivers a verdict within minutes. This eliminates the uncertainty that had previously led many users to take risky actions, such as clicking on suspicious links out of frustration.
From the SOC team’s perspective, Radiant’s integrated platform for triaging and responding to incidents, brings dramatic improvements over SOAR tooling and other solutions. Radiant reviews headers, attachments, URLs, files and other relevant telemetry data, dynamically performing additional inspections to determine if a message is malicious. This triage is completely transparent so human analysts can review the finding to understand why an alert has been deemed benign or malicious. Human analysts can instantly see who else has received a malicious email and execute remediation actions directly through the Radiant platform—either with 1-click or automatically.
This dual effect of Radiant’s AI—enabling fast, confident decision-making for both end users and analysts—delivered tangible impact. Across clients where Radiant was deployed, RFA observed an 80% reduction in phishing-related incidents, underscoring the solution’s effectiveness in changing user behavior and mitigating risk at scale.
With Radiant powering this self-serve approach, psychologically, there is far less temptation for the employee to take the dangerous click-and-see path.
Beyond email, Radiant also significantly increases the SOC team’s ability to respond to other security events. Previously, investigating these alerts required time-consuming manual analysis across client environments. With Radiant, the SOC team can access relevant telemetry and contextual insights directly, cutting triage time from 45 minutes to as little as 10–15 minutes. This acceleration is critical as the faster the SOC confirms malicious activity, the sooner it can interrupt or contain a threat—often making the difference between a routine incident and a major breach.
Results – faster triage, fewer incidents and happier employees
With Radiant Security fully integrated into its SOC workflow, RFA realized immediate and measurable improvements across both operational efficiency and threat mitigation:
- 80% reduction in phishing-related incidents among clients using Radiant, driven by faster user reporting and automated triage.
- Client onboarding time reduced to under one hour, enabling rapid and scalable deployment across RFA’s managed client base.
- Triage time for identity-related incidents cut ~45 minutes down to as little as 10–15 minutes—allowing faster containment and reduced impact.
- End-user empowerment through self-service investigation, with verdicts delivered in minutes via native Outlook reporting.
- Improved SOC analyst efficiency and morale, with automation removing repetitive tasks and enabling broader, faster response to threats across organizations.
- Enhanced client satisfaction and trust, with a more responsive, proactive security posture and fewer incidents.
Radiant’s adaptive AI SOC platform for MSSPs
The managed security services market is undergoing a major transformation—driven by rising client expectations, evolving threat landscapes, and the accelerating influence of AI. For MSSPs seeking to stay competitive and deliver high-value outcomes, Radiant Security represents a strategic advantage.
As much as I would like to keep Radiant a secret for my own competitive advantage, I would definitely recommend it to any MSSP who is serious about their cybersecurity.
Stay ahead of SLA compression and automation demands
The MSSP space is experiencing increasing pressure to compress SLAs and deliver faster triage, investigation, and response times. Traditional tooling and manual processes are no longer sufficient. Radiant equips MSSPs with AI-driven triage and investigation capabilities that dramatically reduce response times—keeping pace with client expectations and market evolution.
Meet the psychological shift toward self-service
Today’s end users, especially in newer generations, expect intuitive, self-service experiences. This is as true in cybersecurity as it is in consumer tech. Radiant enables MSSPs to offer clients modern user-facing capabilities—like email triage verdicts delivered directly to employees in minutes—empowering users while lightening the SOC workload.
We see self-service as a differentiating component.
Adaptive AI for a rapidly evolving security landscape
AI is reshaping cybersecurity. From detection to response, MSSPs need to handle endless types of security alert types and Radiant is uniquely positioned with its adaptive AI to triage both known and unknown alert types. This not only enhances SOC performance and alert coverage, but positions MSSPs using Radiant as forward-thinking partners to their clients. In a market where agility and innovation are key, Radiant helps MSSPs deliver next-generation service—today.
Back