Spellman Case Study
Michael Butler’s story: Automating tier 1 workload freed up 200-300 hours monthly
When sensitive partnerships demand the highest security standards, Spellman delivers detection speed 10x over industry average with its agentic AI platform
Challenges
Signal-to-noise ratio degrading – threats buried in investigative backlog
High volume of phishing and identity alerts
Under-resourced SOC – engineers forced into tier-1 analyst work
Results
10x MTTD – Better than industry average
2x MTTR – Better than industry average
200-300 hours saved monthly (15% workload automated)
Improved detection – incidents surfaced from a sea of false positives
When false positives become a primary business risk
Every security leader knows false positives drain resources, however, for Michael Butler, Director of Security Operations at Spellman, the stakes go beyond burnout or budget. False positives had become a business continuity risk threatening partnerships on which their entire organization depended.
As a manufacturer of high-voltage electronics, Spellman partners with medical, industrial, and scientific applications that all have stringent security requirements.
Their threat surface is complex—stretching from intellectual property theft, supply chain compromise, ICS vulnerabilities, compliance violations across multiple frameworks, ransomware targeting critical systems, customer data exposure, and APT activity targeting defense and medical sectors.
Butlers’s team fell victim to their comprehensive posture:
- The signal-to-noise ratio was degrading rapidly and true threats were getting buried in backlog
- Alert investigations took days with their complex infrastructure
- Alert volume reached a critical threshold; engineers were forced to help with tier 1 analyst work
“The impact of the number of phishing and identity issues was significant for the team. We spent many extra hours and effort that could have been spent elsewhere.”
Michael Butler
Spellman
Michael Butler
- SecOps Director
- Supply chain security
- Tier 1 automation goal
New York
2.1k employees
Manufacturing Electronics
Challenges
A critical threshold: the whiplash of a comprehensive detection posture
Spellman’s security posture was asymmetric. A comprehensive detection posture, and a resource-neglected SOC that didn’t have the tools or force to deal with the bottlenecks that were accumulating day by day.
That’s when Butler started assessing a plan to strengthen his struggling last line of defence:
- Increase headcount: while he needed more eyes and hands there cost and training effort was too high
- Outsource: Butler was concerned with MSSP’s capability to handle complex threats across their nuanced environment.
- AI Automation: this felt like the best alternative to automate and remove repetitive workload, while staying in control.
Goals & limitations
at a glance
Goals
- Improve MTTR and MTTD
- Reduce the volume of false positives coming from identity and phishing
- Free up engineer time from analyst work
- Maintain consistency when addressing complex threats
Limitations
- Cost of scaling with headcount
- Complexity of infrastructure and threats
- Can’t compromise the loss of organizational knowledge when outsourcing
Solution
The tipping point
A vendor assessment of AI automation tools narrowed his search to Radiant Security due to its unique ability to triage complex threats without prior training. Radiants’ SOC AI platform was built to cut through the noise and empower lean SOC teams to focus only on real threats.
“I would tell critics: If you feel technology isn’t ready for tier 1, just try it.”
Operational Impact: 15% automation delivered 300 monthly hours saved
Following a POC that demonstrated autonomous investigation, Butler deployed Radiant Security. Butler observed with awe how AI agents performed all triage and investigation work without human intervention.
The first ones to feel the operational change were the engineers and analysts. Within the first week with Radiant, engineers shed their analyst hats and returned to dedicate their efforts to strategic engineering work. The analysts now had a platform that gave them only a handful of real threats and could manage alone. Each AI investigation was delivered with auditable reasoning, giving analysts confidence and independence.
During the POC, phishing and identity were fully automated. “I feel safer with Radiant because I have a tool to rip phishing emails from inboxes before they get to the end user,” Butler explains.
Within weeks, 15% of the total alert volume was being investigated and resolved autonomously. More importantly, the AI was consistently identifying true positives that would have been buried in manual triage queues.
“With Radiant Security’s Automation, we’re saving something between 200-300 hours a month on Tier-I SOC Analysis and Resolution.”
Beyond technology: a partnership between security leaders
For Butler, technology is only half the equation. He points out that what sets Radiant apart and makes them an exceptional partner is his direct access to the founder and CTO. Direct communication with leadership has brought significant added value as Radiant adapts to their feedback and custom requests.
“The team is great to work with, and I can’t stress that enough. Having the CEO accessible, developers when needed, and customizing the platform based on our feedback is a big win for Spellman.”
Impact on Daily operations at a glance
- MTTR dropped from days to minutes
- Thorough, transparent investigation
- Engineers freed from analyst work on strategic work
- Freed from repetitive work and focus on real threats
Results
From not keeping up to the 10x Industry standard
Spellman’s partnership with Radiant Security proved to be the most effective solution to slashing their alert volumes. With Radiant, Spellman achieves operational metrics well above the industry average.
- Reduce MTTD to 10X better than the industry average
- Reduce MTTR to 2X better than the industry average
- Resulting in 200-300 monthly hours saved
10x MTTD
200-300 hours saved
No MSSP
No SOAR
“Having these statistics on how much we are saving in the radiant dashboard is extremely useful to look at.”
Results at a glance
- Reduce MTTD to 10X better than the industry average
- Reduce MTTR to 2X better than the industry average
- Save 200-300 monthly hours with only 15% automation
- Focus their time and resources on innovation
- Improve their threat detection by automatically finding actual attacks in a sea of false positives
