RFA Case Study
Grigoriy Milis’ story: 80% fewer phishing incidents for tenants using Radiant
Facing AI-powered phishing attacks targeting hundreds of financial clients, an MSSP’s CIO onboards a self-serve AI-powered solution for triage
Challenges
Thousands of alerts flooding the SOC
Sophisticated phishing attacks bypassing traditional defenses
Slow triaging increases the window for end users to click on phishing emails
Results
80% fewer phishing incidents for clients that use radiant
77% decrease in triage time
Increased capacity to handle additional types of use cases (i.e., IAM)
Impeccable security no longer depends on having experienced employees 24/7
Grigoriy Milis, CIO at the MSSP RFA, oversees cybersecurity operations for over 800 financial services organizations, an industry segment heavily targeted by phishing attacks. For the past 30 years, RFAs’ SOC team has worked 24/7, processing thousands of alerts monthly with excellence, yet now breach risks are lurking around every corner. Milis wasn’t going to let their reputation sink under his watch.
With phishing campaigns evolving dramatically, impeccable security no longer depended on having experienced employees 24/7; new vulnerabilities across the entire detection workflow needed to be addressed.
First, relying on employee training as a first layer of defense was failing. The indicators employees had been taught to recognize, such as misspellings, formatting, and unfamiliar sender addresses, were no longer reliable. Even when employees did spot a suspicious email, they faced two poor options: report it and wait an hour or more for a SOC response, or simply click and see what happens. Too often, they chose the latter.
Second, traditional detection tools were failing for the same reasons: the indicators determined to detect malicious cases were easily bypassable when it came to sophisticated AI attacks.
As a result, RFA’s SOC became the bearer of the entire load: detecting, investigating, and remediating threats, all while drowning in alerts.
“Slow triage of suspicious emails not only increased the risk of a breach but also increased the likelihood that end-users would click on risky email links.”
Grigoriy Milis
RFA
Grigoriy Milis
- CIO
- MSSP leadership
- AI for phishing
New York, USA
300 employees
Managed Security Services
Challenges
Contextual intelligence: separating a successful MSSP from the rest
One key factor that separates top MSSPs from others is their understanding of their customers’ unique environments. Within any security use case, what seems abnormal in one organization can be completely normal in another. Consequently, MSSPs often escalate too many or too few alerts. In these cases, MSSPs observe low client satisfaction because nuances are either misunderstood or lost in communication.
Milis understood this very well and sought specific requirements from his triage solution:
- Contextual understanding: Capability to understand nuanced context from 800+ organizations
- Speed: Needs to boost both investigation and response
- Breadth of coverage: Needs sophisticated alerts that have never seen before alerts
Milis understood that increasing headcount or relying on static SOAR automations were not options; therefore, his attention was focused on AI automation tools.
Goals & limitations
at a glance
Goals
- Introduce a speedy workflow for phishing triage and response
- Introduce a triage tool that can handle complex and unknown alerts
- Improve capabilities to understand the organizational context of clients
Limitations
- Complexity to understand 800+ unique client environments
Solution
The tipping point
Assessing AI automation tools, the one tool that stood out for speed, contextual understanding, and breadth was Radiant Security. Radiant is uniquely positioned with an adaptive AI that triages sophisticated and unknown alerts with full context. It delivers investigations that are fully transparent and auditable.
“Radiant’s biggest strength is its ability to pull data from multiple sources and assemble a full incident picture in seconds.”
Surprising time to onboard: one new tenant = one hour max
Milis was surprised by Radiant Security’s speed and simplicity of provisioning a new client. For every new tenant, data sources were connected in a single click and went live in less than an hour.
Once deployed, Radiant transformed the email investigation workflow into a seamless, self-service experience for the tenant. Instead of submitting a ticket and waiting for SOC feedback, employees could now simply click the native “Report Email” button in their Outlook or Gmail. Radiant immediately acknowledges the email, triages it, and delivers a fully automated or 1 click executable remediation within minutes.
“Radiant allows us to triage a phishing incident with a single click: remove the email from inboxes, block the sender, and see instantly whether anyone clicked.”
800 tenants MSSP
80% less phishing alerts
-77% MTTR
Accelerating daily operations: triage time reduced by 77%
Beyond email, Radiant significantly expanded the SOC team’s capacity to respond to other security events. Previously, investigating identity-related alerts required time-consuming manual analysis across client environments. Partnering with radiant changed that:
- RFA gained access to relevant telemetry and contextual insights
- Triage time reduced from 45 minutes to 10–15 minutes
RFA continued to accelerate, as analysts began automating more response workflows as they learned to trust Radiant’s AI and audited its transparent reasoning.
“What used to take 45 minutes now takes 10. That speed is critical; a faster response means significantly less risk.”
RFA discovers a unique selling point via their Radiant-powered self-serve interface for emails
Milis saw an opportunity in the market. By deploying Radiant across his client base, RFA could offer something most competitors couldn’t: an intuitive self-serve interface that delivers instant verdicts. RFA began leveraging this as a selling point, placing them ahead of competitors still relying on traditional SOC models.
“We see self-service as a differentiating component.”
Impact on Daily operations at a glance
- Triage time cut from 45 to 10–15 minutes
- Complete visibility into AI reasoning for every verdict
- Increased capacity to respond to additional security events
- Under one hour to onboard tenants, immediate self-serve triage capability
Results
Speed, client satisfaction & differentiation
RFA’s partnership with Radiant Security delivered both operational efficiency and threat mitigation. Moreover, it gave RFA a competitive edge that equipped them with a modern interface that their competitors didn’t offer.
“As much as I would like to keep Radiant a secret for my own competitive advantage, I would definitely recommend it to any MSSP who is serious about their cybersecurity.”
Results at a glance
- 80% reduction in phishing incidents among tenants using Radiant
- Triage time reduced by 77%
- Increased capacity: Coverage of more security use cases, such as identity
- Enhanced client satisfaction with a more responsive, proactive security posture
