ReliaQuest launches GreyMatter automation to speed threat response
ReliaQuest has introduced GreyMatter Workflows, a capability designed to accelerate the detection and containment of security threats by automating operational workflows within its GreyMatter platform.
GreyMatter Workflows enables customers to create business-specific automated processes using a no-code, drag-and-drop interface. This functionality aims to reduce the manual effort involved in security operations and enhance response speeds across complex threat environments.
Workflow automation
The new feature is integrated natively with ReliaQuest's AI-driven security operations platform and automates essential tasks across detection, containment, investigation, and response activities within existing technology infrastructures. GreyMatter Workflows extends automation beyond traditional security tools, facilitating direct interaction with other business units and end users. It also offers integration with services such as Microsoft Teams and Slack, enabling more comprehensive threat verification and communication capabilities.
Pre-built workflow templates are provided, based on frequent use cases observed among ReliaQuest's enterprise clients, and can be further customised to suit unique organisational requirements. Security teams can develop and deploy automation processes with zero-code design from initial implementation, and have the option to use AI Agents for more tailored adjustments throughout investigative workstreams.
According to ReliaQuest, the adoption of GreyMatter Workflows leads to a reduction in operational complexity, diminishes the need for manual intervention, and shortens incident response times. Customers reportedly experience a 64% decrease in Mean Time to Respond (MTTR) and are able to eliminate more than half of manual response tasks.
Customer and industry response "The threat landscape is accelerating, but the operational workflows used to detect and contain those threats haven't kept up," said Brian Foster, President of Product and Technical Operations at ReliaQuest. "Security teams need the ability to automate complex workflows quickly, so they can focus more on managing threats and less on managing tools. GreyMatter Workflows gives our customers the ability to build powerful end-to-end automations to unify all phases of security operations, without leaving the platform."
Pat O'Keefe, Head of Global Security Operations and Risk Management at Circle K, commented on the significance of rapid threat management, particularly for organisations with substantial and dispersed operational footprints. "Detecting and containing threats quickly has never been more important in cybersecurity, especially for a business like ours that is distributed across hundreds of locations around the world," said Pat O'Keefe. "Being able to extend our automation capabilities further into our business will help us stay proactive in protecting our brand."
Bo Olsen, Security Engineering Manager at Eastern Bank, discussed the evolving direction of daily security operations, emphasising automation as a key priority to allocate resources toward more strategic objectives. "As we look to what's next in cybersecurity, we plan to automate as much as possible of the day-to-day security operations processes so we can spend more time on what matters most to our business," said Bo Olsen. "We can't achieve that level of efficiency with traditional SOAR – an expensive add-on that doesn't deliver the outcomes we really need."
Platform details
The GreyMatter platform utilises ReliaQuest's Universal Translator, detection-at-source, and Agentic AI components to facilitate connectivity and threat management across cloud, multi-cloud, and on-premises environments. The introduction of Workflows supports ReliaQuest's objective of enabling tailored security outcomes for organisations with differing technology architectures and business needs.
With over 1,000 customers and 1,200 staff across six global locations, ReliaQuest continues to offer capabilities in security operations that address the responsiveness and efficiency demands faced by enterprises amid dynamic cybersecurity challenges.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
2 days ago
- Techday NZ
ReliaQuest launches GreyMatter automation to speed threat response
ReliaQuest has introduced GreyMatter Workflows, a capability designed to accelerate the detection and containment of security threats by automating operational workflows within its GreyMatter platform. GreyMatter Workflows enables customers to create business-specific automated processes using a no-code, drag-and-drop interface. This functionality aims to reduce the manual effort involved in security operations and enhance response speeds across complex threat environments. Workflow automation The new feature is integrated natively with ReliaQuest's AI-driven security operations platform and automates essential tasks across detection, containment, investigation, and response activities within existing technology infrastructures. GreyMatter Workflows extends automation beyond traditional security tools, facilitating direct interaction with other business units and end users. It also offers integration with services such as Microsoft Teams and Slack, enabling more comprehensive threat verification and communication capabilities. Pre-built workflow templates are provided, based on frequent use cases observed among ReliaQuest's enterprise clients, and can be further customised to suit unique organisational requirements. Security teams can develop and deploy automation processes with zero-code design from initial implementation, and have the option to use AI Agents for more tailored adjustments throughout investigative workstreams. According to ReliaQuest, the adoption of GreyMatter Workflows leads to a reduction in operational complexity, diminishes the need for manual intervention, and shortens incident response times. Customers reportedly experience a 64% decrease in Mean Time to Respond (MTTR) and are able to eliminate more than half of manual response tasks. Customer and industry response "The threat landscape is accelerating, but the operational workflows used to detect and contain those threats haven't kept up," said Brian Foster, President of Product and Technical Operations at ReliaQuest. "Security teams need the ability to automate complex workflows quickly, so they can focus more on managing threats and less on managing tools. GreyMatter Workflows gives our customers the ability to build powerful end-to-end automations to unify all phases of security operations, without leaving the platform." Pat O'Keefe, Head of Global Security Operations and Risk Management at Circle K, commented on the significance of rapid threat management, particularly for organisations with substantial and dispersed operational footprints. "Detecting and containing threats quickly has never been more important in cybersecurity, especially for a business like ours that is distributed across hundreds of locations around the world," said Pat O'Keefe. "Being able to extend our automation capabilities further into our business will help us stay proactive in protecting our brand." Bo Olsen, Security Engineering Manager at Eastern Bank, discussed the evolving direction of daily security operations, emphasising automation as a key priority to allocate resources toward more strategic objectives. "As we look to what's next in cybersecurity, we plan to automate as much as possible of the day-to-day security operations processes so we can spend more time on what matters most to our business," said Bo Olsen. "We can't achieve that level of efficiency with traditional SOAR – an expensive add-on that doesn't deliver the outcomes we really need." Platform details The GreyMatter platform utilises ReliaQuest's Universal Translator, detection-at-source, and Agentic AI components to facilitate connectivity and threat management across cloud, multi-cloud, and on-premises environments. The introduction of Workflows supports ReliaQuest's objective of enabling tailored security outcomes for organisations with differing technology architectures and business needs. With over 1,000 customers and 1,200 staff across six global locations, ReliaQuest continues to offer capabilities in security operations that address the responsiveness and efficiency demands faced by enterprises amid dynamic cybersecurity challenges.
Techday NZ
20-06-2025
- Techday NZ
Hornetsecurity launches AI cyber assistant for Microsoft 365
Hornetsecurity has launched a new AI Cyber Assistant to support its 365 Total Protection Plan 4, featuring tools designed to aid IT security teams and protect Microsoft Teams users from cyber threats. The new solution includes the Email Security Analyst, which automates the handling of reported suspicious emails, and Teams Protection, which is intended to detect and block malicious messages and impersonation attacks within the Microsoft Teams platform. Hornetsecurity has also confirmed updates to its AI Recipient Validation, aimed at preventing email misdirection and data leaks, now integrated into the 365 Total Protection Plan 4 suite. The AI Cyber Assistant is designed to ease workloads for security personnel while equipping end users with information to make informed decisions about potential threats. According to Hornetsecurity, the assistant continually evolves by deploying machine learning technology to support both end users and IT teams within their daily operations. Daniel Hofmann, Chief Executive Officer of Hornetsecurity, said: "To continue enhancing the next-gen security we provide, our new AI-powered Email Security Analyst automates responses to user queries about potential threats, alleviating the workload on SOC and service desk teams, while educating end users on the nature of attacks. IT security personnel benefit by gaining more time to focus on other pressing issues, while end users receive instant feedback, which also encourages them to continue reporting suspicious emails and contribute to the organisation's overall security." Email response automation The Email Security Analyst leverages a large language model to provide automated analysis and response to user-reported emails, reducing the manual review burden on Security Operations Centre (SOC) and IT Admin teams. This automation is intended to improve efficiency in handling suspicious emails flagged by users. As Hofmann explained: "Thanks to growing media attention, end users are becoming more suspicious about incoming emails. While this a welcome and positive development, each email they flag increases the burden on SOC and Service Desk teams to analyse and verify them on a case-by-case basis. Email Security Analyst replaces this traditional manual analysis and significantly reduces the time SOC teams spend on false-positive and negative reports." Providing AI-driven insights for each reported email, the tool assists in training employees to better discern malicious activity, while guiding them on necessary precautions to help strengthen organisational cybersecurity. Hofmann stated further: "Organisations have to strengthen their 'human firewall' by empowering employees to become active participants in their organisation's cybersecurity strategy. Cyber-attacks are constantly increasing, so CISOs and security teams need to strategically allocate resources that strengthen organisational security while upskilling end users to cover any blind spots." Microsoft Teams threat detection The Teams Protection feature aims to provide continuous monitoring and analysis of messages within Microsoft Teams, identifying and alerting users to potential threats using AI-driven detection methods. The technology analyses URLs and pictures within messages, employing supervised and unsupervised machine learning algorithms as well as computer vision models. These models scan for indicators of phishing such as brand logos, QR codes, and suspect text embedded in images. Administrators can remove conversations found to contain malicious messages and block compromised users from accessing Teams, helping to manage threats across Microsoft 365 tenants. Hofmann said: "Instant messaging platforms like Microsoft Teams are increasingly used as a main channel of business communications, and yet they tend to be overlooked as a potential attack vector. However, attackers are sending malicious links and malware both through Teams that are open externally and also via compromised internal Teams accounts. We have therefore developed Teams Protection to address this growing cybersecurity threat." User experience updates The release also brings a redesigned, multitenant control panel for 365 Total Protection, offering a streamlined interface intended to facilitate easier access to security, backup, and compliance features for Microsoft 365 users. The aim is to make administration more efficient while bringing multiple security functions together in a single platform. Hornetsecurity reports that it delivers its products and services through a global partner network, with organisations using the platform for a range of needs including email protection, backup, governance, risk and compliance, and security awareness training.
Techday NZ
19-06-2025
- Techday NZ
ReliaQuest report exposes rise of social engineering cyber threats
ReliaQuest has released its latest quarterly report, outlining identified trends in cyber attacker techniques, malware use, and ransomware group activity observed between March and May 2025 across its customer base. ClickFix and social engineering tactics One of the most notable trends identified in the report is the widespread use of ClickFix, a social engineering method that misleads users into pasting malicious commands into tools such as PowerShell or the Windows Run prompt. Attackers disguise these actions as solutions to false issues, such as fake CAPTCHAs or Windows updates, enabling them to circumvent defences and introduce malware with comparative ease. This approach has facilitated the increased use of malware families such as Lumma and SectopRAT, both of which utilise trusted tools like MSHTA to deliver malicious payloads. The report notes that social engineering has significantly contributed to the rise of these attack vectors, stating, "Social engineering played a pivotal role in the success of these top tactics." Lateral movement and initial access trends Phishing-based techniques accounted for over half of observed initial access incidents among customers, while drive-by compromise incidents rose by 10% compared to the previous period. The report sees a shift, as attackers increasingly rely on user manipulation rather than exploiting technical vulnerabilities. ReliaQuest's analysis highlights the prominence of remote desktop protocol (RDP) over internal spear phishing as a method of lateral movement within networks. This shift is closely associated with attackers impersonating IT helpdesks to persuade users to install RDP tools. The report finds, "The shift away from tactics like internal spearphishing suggests attackers are favouring techniques that require less user interaction and offer more direct access to internal systems." Additionally, drive-by downloads powered by campaigns such as ClickFix and widely available phishing kits continue to lower the threshold for cybercriminal activity. External remote resources dropped from third to fourth place among initial access vectors, further illustrating the focus on exploiting human factors. MSHTA on the rise for defence evasion MSHTA (Microsoft HTML Application Host), a native Windows binary, was reported to be involved in 33% of defence evasion incidents during the period, up from just 3.1% the previous year. Attackers use this legitimate tool to bypass conventional security tools by convincing users to execute malicious commands themselves, often delivered through social engineering campaigns such as ClearFake. "ClearFake's early adoption of ClickFix techniques propelled MSHTA from 16th to second place among defence evasion tactics. Recently, other ClickFix adopters have fuelled MSHTA's current surge, leveraging broader social engineering tactics to bypass defences more effectively," the report details. Changes in ransomware operations The report notes significant changes among ransomware groups, with the closure of "RansomHub" leading many affiliates to migrate to other groups, notably Qilin, which saw a 148% increase in activity. Play and Safepay also reported increased activity of 116% and 266%, respectively. The number of active ransomware groups has dropped by nearly 30%, but newer or established ransomware-as-a-service (RaaS) platforms have absorbed most of these affiliates, raising concerns over increasingly professionalised threats. "With major ransomware groups like RansomHub gone, RaaS operators are vying to capitalise on the influx of affiliates searching for new platforms. To attract this talent, we'll likely see RaaS platforms introduce innovative capabilities or revise profit-sharing models. This competition is expected to create a more fragmented yet increasingly sophisticated ransomware ecosystem, posing even greater challenges for defenders." Impact on industry sectors The construction industry was the only sector to see an increase in ransomware attack victims, rising by 15%. ReliaQuest attributes this to opportunistic targeting as attackers seek out industries with perceived weaker defences. The report notes, "Construction organisations may feel compelled to pay ransoms quickly to avoid costly downtime and operational delays, making them attractive targets." By contrast, the retail sector saw a 62% decrease in victims, attributed to a drop in activity from the "CL0P" ransomware Cleo campaign. Malware trends and threat actor activity The period saw increased activity by the SectopRAT malware, delivered via ClickFix and malvertising campaigns. Despite infrastructure takedowns in May 2025, Lumma infostealer operations continue, with new logs advertised on cybercriminal forums and marketplaces. "Although Lumma's activity is likely to decline over the coming months as the impact of the takedown continues to unfold, it's likely the group could regain traction over time. As attention around the takedown diminishes, attackers may return to this familiar and well-established tool," the report comments. Emergence of Scattered Spider Scattered Spider, after a five-month hiatus, returned in April 2025 with attacks on UK retail organisations. The group is identified for using detailed social engineering against high-value individuals such as CFOs and utilising both on-premises methods and cloud techniques for stealth and control. "Scattered Spider's success lies in its ability to combine social engineering precision, persistence in cloud environments, and on-premises technical expertise. These TTPs allow the group to achieve initial access, maintain control, and operate stealthily, making it difficult for organizations to detect and remediate the group's activity in the early stages of an attack." Recommendations and defensive measures ReliaQuest's report makes several recommendations for organisations, including disabling Windows Run for non-administrative users, enforcing control over RDP tool installations, implementing web filtering, and prioritising user training against social engineering. Additional measures include strengthening identity verification, enabling advanced monitoring, and conducting regular risk assessments, particularly for privileged user accounts. Looking ahead, the report anticipates broader adoption of ClickFix among ransomware affiliates, increased sophistication by groups such as Scattered Spider, and the continued rise of infostealer malware like Acreed. The report concludes by emphasising the need for proactive investment in advanced detection, user education, and securing of both cloud and traditional infrastructure to counter an upward trend in attack complexity and evasion tactics.
