ReliaQuest

Threat intelligence that lives in a feed, a dashboard, or a PDF isn't working hard enough. The real question is whether your threat intelligence is driving detections, hunts, and response actions—or just generating reports someone skims quarterly. The "2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies" evaluates how the market is closing that gap, and recognizes ReliaQuest as a Visionary in the market. Download the report: ow.ly/30kP50YWBcQ #ReliaQuest #MakeSecurityPossible #ThreatIntelligence #AgenticAI

“Everybody has a different set of tools, a different environment. It’s not a single point in time. It has to adapt and change as the environment grows and changes.” — Brian P. Murphy, Chief Scientist, ReliaQuest Security teams do not work in a fixed environment. The business changes. The technology stack changes. The threats change. Agentic Defense adapts with them: an AI layer spanning your entire enterprise that performs detection, investigation, and response across SIEM, cloud, endpoint, network, and email. 👉 Watch the webinar on demand: ow.ly/42Ag50YZORZ #ReliaQuest #EnterpriseAI #SecOps #Webinar

A single external Teams chat. A persistent foothold in under five minutes. In our latest Threat Spotlight, ReliaQuest's Threat Research Team show how KongTuke is impersonating help-desk staff over Microsoft Teams to get users to deploy an evolved ModeloRAT on their own machines. This is not a one-and-done intrusion. The operator used: - 5 Microsoft 365 tenants in 45 days - Redundant C2 - 4 separate persistence triggers Blocking one path may still leave the attacker inside. For security teams, this is a clear shift. Help-desk impersonation is becoming a real collaboration-platform access vector. Teams need AI and detection logic that can connect social engineering, loader reuse, C2 failover, and persistence fast. Read the full Threat Spotlight: ow.ly/ArB850YZ8zF #ReliaQuest #ThreatResearch

🎙️ New #ShadowTalk Episode: Canvas, Trellix, Mini Shai-Hulud: How Defenders Respond When Supply Chain Attacks Become Weekly What's driving the surge in weekly supply chain attacks, and why does the real defender problem start after the supplier gets hit? With 275 million records exposed and 8,809 institutions caught in the downstream fallout, organizations need a new playbook. Join hosts Alexandra and John as they discuss: ✅ How ShinyHunters abused admin sessions ✅ RansomHouse's hypervisor-focused automation ✅ How Mini Shai-Hulud compromised 170+ npm packages 🔑 Two questions your organization should be asking right now: - Do you have visibility into how trusted vendors authenticate, export, and move your data through native platform features? - Are your software pipelines protected against poisoned packages and unauthorized publishing activity in real time? 👉 Tune in for expert insights, practical takeaways, and the full threat report: ow.ly/CyCS50YZ4SE 👉 Listen on @Listennotes: ow.ly/Jrjr50YZ4SG #Canvas #ShinyHunters #SupplyChainSecurity #Cybersecurity

Growth is good for the business. It can be hard on the SOC. During a major merger, Landal needed to unify visibility across a fragmented environment without adding more manual work for a small team. With GreyMatter AI, Landal integrated 14 tools on day one, deployed 30 automated response playbooks in two months, and cut mean time to respond by 85%. AI-enriched investigations helped the team cut through noise and focus on real threats. 👉 Read the story: ow.ly/TURP50YYk8f #ReliaQuest #AgenticAI #MakeSecurityPossible #CustomerStory #SecOps

Startup AI looks great in a demo. Then it hits your environment. Here's where the gap shows up: 🟡 Startup AI → built fast, trains on your data, single-task bots, self-reported accuracy, locked to one LLM 🟢 GreyMatter → 15+ years of SecOps expertise codified into 6 agentic personas with 200+ skills, applies context in real time without training on your data, multi-model architecture, and 7-phase AI validation with human-in-the-loop oversight One is built for a pitch deck. The other runs in 1,300+ SOCs. 🔗 See the full breakdown: ow.ly/Bzuv50YYjZv #ReliaQuest #MakeSecurityPossible #AgenticAI #AI #SecOps

Attackers do not need new malware to create new risk. Recombining familiar techniques with older open-source tooling can be enough to bypass assumptions, slow classification, and create redundant access. Our latest Threat Spotlight shows how this plays out: a ClickFix chain that moved from user-executed PowerShell into scheduled task persistence, domain reconnaissance, and PySoxy—a 10-year-old open-source SOCKS5 proxy—giving the attacker a second encrypted access path with a different traffic profile. When defenders blocked both C2 channels, the scheduled task kept re-executing for hours. Every signal in this chain looks routine in isolation. GreyMatter's agentic AI correlates them across a compressed timeline to surface the intrusion chain before redundant access is established. See the analysis and response guidance. 🔗 ow.ly/b7rA50YYaFJ #ReliaQuest #ThreatResearch #MakeSecurityPossible

How do you tell the difference between AI that looks good in a demo and AI that can hold up inside an enterprise SOC? Join us Thursday to talk about a problem every security leader is facing. We’ll cover: 🔹 What enterprise-ready AI requires 🔹 Why operational experience matters 🔹 How to evaluate capability, accuracy, and reliability If AI is on your roadmap, this is a conversation worth joining. 🔗 Register now: ow.ly/B8wV50YXRB2 #ReliaQuest #Webinar #AgenticAI #SecOps

GreyMatter Transit detects complex, multi-stage attacks before data is parsed, indexed, or stored. Built into the GreyMatter agentic AI platform, Transit normalizes streaming data from all connected tools, applies multi-event detection logic in the pipeline, filters low-value events, and routes the right telemetry to the right destination. That means security teams can: - reduce MTTD to as little as 5 seconds - expand detection coverage on data they do not need to retain - control what reaches the SIEM, data lake, or S3 without losing visibility See how GreyMatter Transit enables detection in motion. 🔗 ow.ly/zu6C50YXMGp #ReliaQuest #MakeSecurityPossible #AgenticAI

The SIEM-first model is getting harder to defend. For years, the default answer was simple: send more data to the SIEM. But that approach is getting more expensive, more complex, and slower to act on. With GreyMatter Transit, agentic AI runs multi-event detection before data is parsed, indexed, or stored. Security teams can detect threats in less than 5 seconds, making the SIEM optional. See why SIEM dependency costs more than you think. 🔗 ow.ly/MXLE50YXMOH #ReliaQuest #MakeSecurityPossible #SecOps

Threat intelligence only matters when it drives action. The GreyMatter agentic AI security operations platform reflects that belief, embedding intelligence directly into detections, investigations, hunts, and response so teams can move from reactive firefighting to proactive and predictive operations. In the "2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies," Gartner named ReliaQuest a Visionary. Here's what that looks like in practice 👇 Read the blog: ow.ly/uRJe50YWyVQ #ReliaQuest #MakeSecurityPossible #ThreatIntelligence #AgenticAI #SOC

The multi-billion dollar SIEM market is undergoing disruption. The reason is simple. Security teams are stuck in an expensive model built on SIEM dependency. More data comes in. More data gets stored. More cost follows. And too often, detection starts only after that data lands in the SIEM. AI breaks that dependency. With federated detection, GreyMatter correlates multiple events in the pipeline to catch multi-stage attacks before data is indexed, parsed, and stored. That means teams can detect earlier, reduce SIEM load, and make the SIEM optional. See how GreyMatter Transit delivers a 5-second MTTD and a faster path to agentic defense. 👉 ow.ly/ugyr50YWhIP #ReliaQuest #AgenticAI #SecOps #MakeSecurityPossible

GreyMatter Universal Translator automatically maps every individual field from connected tools to OCSF automatically. That creates a common layer across 250+ technologies without centralizing data first. So analysts can: - Search across any tool from one place - Use natural language to generate native queries - Investigate full attack chains without manual stitching - Spend less time translating tools and more time working the threat See how the Universal Translator gives AI the context it needs to operate across your environment. 👉 ow.ly/p9CE50YWk1z #ReliaQuest #AI #SOC #SecurityOperations

Congratulations to our new hires who joined #ReliaQuest this week. Security is a team sport and we look forward to the impact you will make for our customers. Explore opportunities to join the world's leading AI cybersecurity company: ow.ly/MuJG50YWbX8 #ReliaQuest #CybersecurityJobs #CyberCareers #Careers

4 minutes to reach lateral movement. That is one of the clearest signals in our 2026 Annual Cyber-Threat Report. Attackers are using AI to move faster. Security teams need agentic AI that can match that speed by correlating signals across identity, endpoint, and cloud, investigating what is connected, and driving response in real time. 🔗 Read the report: ow.ly/ubPX50YWhEu #ReliaQuest #AnnualThreatReport #MakeSecurityPossible

“Adversaries are using AI, so we’re going to have to use AI and automation as much as we can.” Carrie Mills, CISO at Southwest Airlines, put it plainly. With GreyMatter agentic AI, Southwest deployed detection at source, giving its team faster alerts, richer context, and lower costs by keeping unnecessary data out of SIEM storage. That means less SIEM dependency without losing visibility. If you want a clear example of AI helping the SOC scale, start here.If you want a clear example of AI helping the SOC scale, start here. 👉 reliaquest.com/campaigns/grey… #ReliaQuest #MakeSecurityPossible #AgenticAI #SecOps #CustomerStory

🎙️ New #ShadowTalk Episode: Akira, ShinyHunters, and The Gentlemen: Extortion Lessons From Early 2026 What factors have driven the top ransomware and extortion groups' success in early 2026? And how should organizations structure their defenses to protect against them? Join hosts Alexandra and John as they discuss: ✅ How Akira is exploiting unknown assets inherited through M&A ✅ Why ShinyHunters' vishing and SaaS misconfiguration models work ✅ How The Gentlemen grew 588% quarter-over-quarter 🔑 Two questions your organization should be asking right now: - Have you run a full asset discovery sweep on every environment inherited through acquisition in the last few years? - Do you have automated containment rules in place for anomalous MFA device enrollment and EDR-killing behavior? 👉 Tune in for expert insights, practical takeaways, and the full threat report: ow.ly/Xf6F50YVztw 👉 Listen on @Listennotes: ow.ly/G90S50YVztv #Akira #ShinyHunters #Ransomware #Cybersecurity

Recognized as a Visionary in the "2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies", ReliaQuest is defining what modern threat intelligence should look like in practice with its agentic AI SecOps platform, GreyMatter. This report shows a market moving toward AI-driven, operationalized intelligence that supports faster detection, investigation, and response. Read the report: ow.ly/zvyN50YVEgE #ReliaQuest #MakeSecurityPossible #ThreatIntelligence #AgenticAI #SecOps

Recognized as a Visionary in the "2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies", ReliaQuest is defining what modern threat intelligence should look like in practice with its agentic AI SecOps platform, GreyMatter. This report shows a market moving toward AI-driven, operationalized intelligence that supports faster detection, investigation, and response. Read the report: ow.ly/ffgl50YVCmr #ReliaQuest #MakeSecurityPossible #ThreatIntelligence #AgenticAI #SecOps