Single Point of Contact Case Study
One tenant, $10M in analyst costs: why Gregory Morawietz’s MSSP bet on AI
MSSP automates triage and response and achieves 100% alert coverage across all clients, while saving millions
Challenges
Managing 10k+ monthly alerts, 24/7, with a security staff of 12
Manual triage processes slowing down response times
Legacy SIEM slowing the team down
Solution
Adaptive AI SOC for 100% automation of triage, investigation, and response
SIEM replacement with limitless log ingestion at S3 costs
Results
99% in noise reduction
Saved over $10M on budget needed to increase headcount for a single tenant
Increased customer satisfaction
Breaking an MSSP’s business model: when alerts outpace SOC capacity
Gregory Morawietz, Owner at SPoC, built his MSSP on a promise: 24/7 security operations that clients could trust completely. As the business grew, that promise became increasingly challenging to keep.
He realized his business model was vulnerable when he ran these numbers:
- Sierra Circuits, one of their typical clients, generated 653,089 alerts annually
- At 15 minutes per alert, this would require 56 full-time analysts
- That’s $9.8 million in annual salary costs to service just one client
In total, SPoC was processing hundreds of thousands of alerts across its client base. Their business model wasn’t keeping up with this reality. Alerts piled up exponentially with each client and their noisy detection tools. SPoCs’ margins would disappear as the headcount required to maintain quality at scale increased.
“Managing and triaging security alerts was time-consuming and inefficient. The lack of automation meant too many repetitive manual processes.”
Gregory Morawietz
MSSP owner
Gregory Morawietz
- MSSP owner @ Single Point of Contact
- Trusted for 24/7 security
- AI for business profitability
Boston, USA
500 employees
Revenue Based Financing
Challenges
Pinning down to the root case: replacing a legacy SIEM
SPoC had a legacy SIEM that was creating friction and complexity. It was slowing their SOC down as they manually triaged each alert and received poor tech support.
With this in mind, Morawietz evaluated the options. He set out to find a tool that would give them speed while replacing their SIEM. His additional requirements were specific:
- Must integrate seamlessly across their complex infrastructure
- No manual tuning, no maintenance
- Needs to handle any type of alert from any source
The Tipping Point: “Choosing Radiant Security was an easy decision,” explains Morawietz. Radiant Security’s agentic SOC AI platform was built to eliminate noise through triage and empower the SOC to focus only on real threats. Radiant became SPoCs’ force multiplier, enabling them to operate hundreds of AI analysts simultaneously, triaging, investigating, and responding to any type of alert, known or unknown, at machine speed
“Before using Radiant security, we depended on a well-known SIEM platform that was frustrating to say the least.”
Gregory Morawietz
MSSP owner
56 analysts needed per tenant
700k per tenant
$10M dollars per tenant
Goals & limitations
at a glance
Goals
- Eliminate manual triage bottlenecks
- Scale operations without increasing headcount
- Deliver 100% visibility across all client alerts
- Improve response speed and consistency
Limitations
- Budget constraints from tight margins
- Delivering consistent investigations
- Complex infrastructure meant elaborate integration requirements
Solution
Quick time to value: Radiant’s 100+ integrations proved useful
Onboarding Radiant across tenants was quick and easy. With over 100 integrations available, Radiant was ready to plug and play. Radiant instantly connected to SPoCs’ ticketing system and became their go-to tool for incident handling. They worked closely together to ensure seamless integration and long-term success.
“The reason to switch to radiant security was an easy one: they partnered with us to ensure long-term success.”
Impact on daily operations: 0 time wasted on manual alert triage
Radiant Security became both a workforce multiplier and SIEM replacement. It eliminated the manual review of repetitive alerts, reduced false positives, and enabled real threats to be detected at machine speed:
For Sierra Circuits, Radiant processed 653,089 alerts over 12 months, escalating only 29 actual incidents – 99.9% reduction in false positives. Without Radiant, handling only Sierra Circuits’ alert volume would have required 56 full-time analysts for $9.8 million annually.
“Thanks to Radiant, we can now focus on our customers’ real threats instead of drowning in alert noise.”
Impact on daily operations at a glance
- 99% False positives reduction – Surfacing true positives immediately
- Speed – Detection and remediation at machine speed
- Resource-allocation – Analysts freed from repetitive tasks and focus on high-priority threats
Results
What success looks like: a SOC that acts bigger than it is
Thanks to Radiant Security, Single Point of Contact has significantly enhanced its SOC performance, reduced noise, and delivered better outcomes for its clients:
Improved customer protection, with quicker detection and resolution of real threats.
Significant time savings for the SOC team through automated alert triage and ticket creation.
Faster response to incidents, with actionable alerts delivered directly to analysts in real time.
100% alert visibility, ensuring no threat goes uninvestigated or overlooked.
Greater analyst productivity, with team members now focused on meaningful investigations, not routine filtering.
“Managing and triaging security alerts was time-consuming and inefficient. The lack of automation meant too many manual processes, slowing our response time to customer incidents.”
Results at a glance
- Profitability protected – Avoided $9.8M in analyst hiring costs for a single tenant.
- False positives eliminated – allowing focus analysts to focus on real threats
- Increased customer satisfaction- real threats get escalated, no threats missed
- Cost saving- thousands of dollars saved on log storage as they replaced their SIEM
