# An MSSP’s shift to AI SOC saved them >$10M per tenant # One tenant, $10M in analyst costs: why Gregory Morawietz’s MSSP bet on AI MSSP automates triage and response and achieves 100% alert coverage across all clients, while saving millions [Spotlighting SOC Stars](#results-from-the-field) ![](https://radiantsecurity.ai/wp-content/uploads/2026/02/Visual.png) ### **Challenges** Managing 10k+ monthly alerts, 24/7, with a security staff of 12 Manual triage processes slowing down response times Legacy SIEM slowing the team down [block link](#challenges) ### ****Solution**** Adaptive AI SOC for 100% automation of triage, investigation, and response SIEM replacement with limitless log ingestion at S3 costs [block link](#solution) ### ****Results**** 99% in noise reduction Saved over $10M on budget needed to increase headcount for a single tenant Increased customer satisfaction [block link](#results) ## **Breaking an MSSP’s business model: when alerts outpace SOC capacity** Gregory Morawietz, Owner at SPoC, built his MSSP on a promise: 24/7 security operations that clients could trust completely. As the business grew, that promise became increasingly challenging to keep. He realized his business model was vulnerable when he ran these numbers: - Sierra Circuits, one of their typical clients, generated 653,089 alerts annually - At 15 minutes per alert, this would require 56 full-time analysts - That’s $9.8 million in annual salary costs to service just one client In total, SPoC was processing hundreds of thousands of alerts across its client base. Their business model wasn’t keeping up with this reality. Alerts piled up exponentially with each client and their noisy detection tools. SPoCs’ margins would disappear as the headcount required to maintain quality at scale increased. > “Managing and triaging security alerts was time-consuming and inefficient. The lack of automation meant too many repetitive manual processes.” > > > > ****Gregory Morawietz**** > MSSP owner ## ****Gregory Morawietz**** - MSSP owner @ Single Point of Contact - Trusted for 24/7 security - AI for business profitability ![](https://radiantsecurity.ai/wp-content/uploads/2026/02/Gregory-Morawietz-single-spot-of-contact.png) ![](https://radiantsecurity.ai/wp-content/uploads/2026/02/single-point-of-contact.png) Boston, USA 500 employees Revenue Based Financing Challenges ## **Pinning down to the root case: replacing a legacy SIEM** SPoC had a legacy SIEM that was creating friction and complexity. It was slowing their SOC down as they manually triaged each alert and received poor tech support. With this in mind, Morawietz evaluated the options. He set out to find a tool that would give them speed while replacing their SIEM. His additional requirements were specific: - Must integrate seamlessly across their complex infrastructure - No manual tuning, no maintenance - Needs to handle any type of alert from any source **The Tipping Point: “**Choosing Radiant Security was an easy decision,” explains Morawietz. Radiant Security’s agentic SOC AI platform was built to eliminate noise through triage and empower the SOC to focus only on real threats. Radiant became SPoCs’ force multiplier, enabling them to operate hundreds of AI analysts simultaneously, triaging, investigating, and responding to any type of alert, known or unknown, at machine speed > “Before using Radiant security, we depended on a well-known SIEM platform that was frustrating to say the least.” > > > > ****Gregory Morawietz**** > MSSP owner ![](https://radiantsecurity.ai/wp-content/uploads/2026/01/SOC_analysts.svg) **56 analysts needed per tenant** ![](https://radiantsecurity.ai/wp-content/uploads/2026/01/daily_alerts.svg) 700k per tenant ![](https://radiantsecurity.ai/wp-content/uploads/2026/01/no_soar.svg) ****$10M**** dollars per tenant ### Goals & limitations at a glance **Goals** - Eliminate manual triage bottlenecks - Scale operations without increasing headcount - Deliver 100% visibility across all client alerts - Improve response speed and consistency **Limitations** - Budget constraints from tight margins - Delivering consistent investigations - Complex infrastructure meant elaborate integration requirements Solution ## ****Quick time to value: Radiant’s 100+ integrations proved useful**** Onboarding Radiant across tenants was quick and easy. With over 100 integrations available, Radiant was ready to plug and play. Radiant instantly connected to SPoCs’ ticketing system and became their go-to tool for incident handling. They worked closely together to ensure seamless integration and long-term success. > “The reason to switch to radiant security was an easy one: they partnered with us to ensure long-term success.” ## ******Impact on daily operations: 0 time wasted on manual alert triage****** Radiant Security became both a workforce multiplier and SIEM replacement. It eliminated the manual review of repetitive alerts, reduced false positives, and enabled real threats to be detected at machine speed: For Sierra Circuits, Radiant processed 653,089 alerts over 12 months, escalating only 29 actual incidents – 99.9% reduction in false positives. Without Radiant, handling only Sierra Circuits’ alert volume would have required 56 full-time analysts for $9.8 million annually. > “Thanks to Radiant, we can now focus on our customers’ real threats instead of drowning in alert noise.” ### Impact on daily operations at a glance - 99% False positives reduction – Surfacing true positives immediately - Speed – Detection and remediation at machine speed - Resource-allocation– Analysts freed from repetitive tasks and focus on high-priority threats Results ## **What success looks like: a SOC that acts bigger than it is** Thanks to Radiant Security, Single Point of Contact has significantly enhanced its SOC performance, reduced noise, and delivered better outcomes for its clients: Improved customer protection, with quicker detection and resolution of real threats. Significant time savings for the SOC team through automated alert triage and ticket creation. Faster response to incidents, with actionable alerts delivered directly to analysts in real time. 100% alert visibility, ensuring no threat goes uninvestigated or overlooked. Greater analyst productivity, with team members now focused on meaningful investigations, not routine filtering. > “Managing and triaging security alerts was time-consuming and inefficient. The lack of automation meant too many manual processes, slowing our response time to customer incidents.” ### Results at a glance - Profitability protected – Avoided $9.8M in analyst hiring costs for a single tenant. - False positives eliminated – allowing focus analysts to focus on real threats - Increased customer satisfaction- real threats get escalated, no threats missed - Cost saving- thousands of dollars saved on log storage as they replaced their SIEM