Financing Institute Case Study
Victory:10k Monthly Alerts With Only 2 Analysts
With Radiant Security’s Agentic AI SOC, 10,000 monthly false positives meant only 40 real threats were escalated to humans
Challenges
Expanding detection with a lean SOC would drown analysts in noise
Onboarding new and
unknown types of alerts
Results
100% of alerts covered,
99% of noise reduced
Dozens of monthly
analyst hours saved
MTTD decreased to minutes
How to tell your 2 analysts
about 10x more alerts
It’s 9 am, and Andrew O’Brien walks into his office with news that would typically drive analysts to update their resumes. “Our new detection tools go live in the next few weeks. We’ll be covering about 10x more than we are today,” he tells his two analysts at the morning standup.
In most SOCs, this announcement lands like a bomb. However, Andrew’s team barely flinches. Before scaling detection, they’d already scaled their SOC with a fleet of AI SOC analysts.
“Having built these types of programs in the past, I knew that when we go down the detection route, there’s going to be a day where we are going to quickly strengthen our SOC as we onboard alerts that are going to be very noisy.”
Andrew O’Brian
Forward Financing
Andrew O’Brian
- Senior Security Manager
- Veteran SOC builder
- Team empowerment through AI strategy
Boston, USA
500 employees
Revenue Based Financing
Challenges
Getting ready for noise:
400 daily alerts on their way
Andrew joined Forward Financing, and he aimed to expand its detection surface by onboarding new. The mission was clear, but the execution posed a mathematical problem. He had only two analysts and anticipated 400+ daily alerts from the new tools. As an experienced SOC leader, he’d seen this vicious cycle before. Onboarding more tools means more noise while analysts drown and real threats slip through.
So what could O’Brien do to keep their head above the water? Bigger SOC? SOAR? Outsource? He knew the old-school solutions wouldn’t solve his problem effectively. He understood that each of these alternatives came with its own poison: blind spots, unbearable manual effort, or a huge bill.
He wanted a modern force multiplier that would give his analysts speed. One of the things he cared most about was freeing up analyst time. He needed a solution that would generate value quickly and wouldn’t add complexity to their current processes.
“Having built these types of programs in the past, I knew that when we go down the detection route, there’s going to be a day where we are going to quickly strengthen our SOC as we onboard alerts that are going to be very noisy.”
Andrew O’Brian
Forward Financing
2 SOC analysts
400+
daily alerts
No MSSP
No SOAR
Goals & limitations
at a glance
Goals
- Accelerate investigation speed
- Free up analyst time
Limitations
- Budget
- Workforce
- Time
Solution
The tipping point
That’s when Andrew partnered with Radiant, an agentic SOC AI platform built to cut through the noise and empower lean SOC teams to focus only on real threats. Radiant operates hundreds of AI analysts simultaneously, triaging, investigating, and responding to any type of alert, known or unknown, at machine speed.
“We wanted to have human time be as little as possible. We were looking for solutions that we could throw alerts at, and it could do an auto triage putting only real threats in front of our resources to not waste their time.”
The timing : a storm that never hit
At forward Fascinating, there wasn’t a defined triage process to separate false positives from genuine threats; however, with little alert volume, the team coped efficiently. Most SOC leaders wait until they’re drowning to look for a lifeline. However, Andrew decided they would not wait for the fire to spread.
When O’Brien began building Forward Financing’s detection program, Radiant Security became a cornerstone of the strategy. Each time a new tool was onboarded, the analysts were amazed by the silence, as if nothing had changed. Behind the scenes, A fleet of AI analysts on the front line was slashing 99% of alert noise. When a real threat emerged, his human analysts could engage it with calm precision.
“Having built these types of programs in the past, I knew that when we go down the detection route, there’s going to be a day where we are going to quickly strengthen our SOC as we onboard alerts that are going to be very noisy.”
2 SOC analysts
400+
daily alerts
No MSSP
No SOAR
Responsibilities within the team redefined: analysts experienced a natural promotion
Before Radiant, every incident hit Andrew’s calendar. The partnership with Radiant gave analysts the complete independence to trust AI, just as they would trust the input of their experienced superior.
Andrew explains how, pre-Radiant, he had to be on every call. His analysts were capable, but the sheer complexity of modern security meant every investigation needed his sign-off. Today, instead of being weighed, Andrew is reassured that his team is equipped to make confident decisions anchored in Radiant’s uniquely transparent AI.
For the analysts, it felt like an instant promotion. The mundane work of phishing triage, false-positive investigations, and repetitive alert validation disappeared into Radiant’s automated workflows. What remained was pure strategic work
Phishing response:
minutes to onboard, seconds to Triage
With Radiant’s existing API, phishing alerts were onboarded in minutes without requiring any custom connectors. All phishing alerts were triaged, filtering out hundreds of false positives.
For escalated threats, analysts reviewed Radiant’s reasoning and conclusion and, when needed, executed fast queries. In one click, responses were executed – malicious emails could be deleted, IPs blocked, and warning emails sent, directly from radiant. In a matter of days, the team chose to fully automate the response, after learning to trust Radiants’ AI.
“I’ve worked with resources dedicated to phishing response before, so I was able to see a lot of value in getting that off our plate as quickly as possible.”
Impact on Daily operations at a glance
- Accelerate investigation speed
- Free up analyst time
Results
Responsibilities within the team redefined: analysts experienced a natural promotion
Before Radiant, every incident hit Andrew’s calendar. The partnership with Radiant gave analysts the complete independence to trust AI, just as they would trust the input of their experienced superior.
Andrew explains how, pre-Radiant, he had to be on every call. His analysts were capable, but the sheer complexity of modern security meant every investigation needed his sign-off. Today, instead of being weighed, Andrew is reassured that his team is equipped to make confident decisions anchored in Radiant’s uniquely transparent AI.
For the analysts, it felt like an instant promotion. The mundane work of phishing triage, false-positive investigations, and repetitive alert validation disappeared into Radiant’s automated workflows. What remained was pure strategic work
Phishing response:
minutes to onboard, seconds to Triage
With Radiant’s existing API, phishing alerts were onboarded in minutes without requiring any custom connectors. All phishing alerts were triaged, filtering out hundreds of false positives.
For escalated threats, analysts reviewed Radiant’s reasoning and conclusion and, when needed, executed fast queries. In one click, responses were executed – malicious emails could be deleted, IPs blocked, and warning emails sent, directly from radiant. In a matter of days, the team chose to fully automate the response, after learning to trust Radiants’ AI.
2 SOC analysts
400+
daily alerts
No MSSP
No SOAR
“Having built these types of programs in the past, I knew that when we go down the detection route, there’s going to be a day where we are going to quickly strengthen our SOC as we onboard alerts that are going to be very noisy.”
Results at a glance
- Accelerate investigation speed
- Free up analyst time
