The challenge: becoming more effective on the defense side in the advanced threat landscape

Almond, along with AMOSSYS, forms an independent French group specializing in cybersecurity. With 450 experts in France and Switzerland, and international service centers to ensure 24/7 operations, Almond anticipates future threats and offers an end-to-end solution to address all of its clients' cyber defense challenges (anticipation, protection, detection, response, restoration, and governance).

Facing growth in alert volumes, increasingly sophisticated automated attacks, and mounting pressure on human analysts to effectively triage and investigate incidents, Almond recognized the need for technological advancement in their security operations.

Julien Steunou, Managing Partner of Security Services at Almond, had a clear mission:

“We needed a system that could autonomously investigate alerts and deliver actionable verdicts. Something we could trust enough to integrate into our workflows and reduce pressure on our analysts while improving response times.”

The initiative extended beyond mere acceleration: it aimed to fundamentally transform their Security Operations Center (SOC) into a more scalable, efficient entity where human expertise could be concentrated on high-value analytical work.

The solution: autonomous investigation capabilities with Qevlar AI

After evaluating multiple solutions that failed to deliver on their promised outcomes, Almond selected Qevlar AI to power the next evolution of their SOC optimization strategy.

Qevlar AI was connected directly to Almond’s orchestration tools. Now, as soon as an alert is triggered, Qevlar autonomously:

• Investigates the alert
• Correlates context across tools and environments
• Produces a structured decision report with a dynamic confidence score, full investigation path, and recommended actions

“In more than 80% of cases, Qevlar AI handles the entire investigation autonomously,” Julien explains. “We only escalate to human analysts when the confidence score is low, or the case is critical.”

‍

The impact: improved efficiency & amplified stack

Qevlar's implementation has delivered quantifiable results:

• Mean Time to Response (MTTR) reduced to under 5 minutes
• Over 80% of alerts processed through autonomous investigation
• Strategic redistribution of SOC resources toward critical thinking and proactive security initiatives

Qevlar AI integrates seamlessly within Almond's broader technology ecosystem (also known as Almond CWATCH SOC), complementing their SOAR, SIEM, ITERA (detection-as-code), and M&NTIS (for adversary simulation) while significantly enhancing their operational efficiency.

Almond identifies Qevlar's principal advantage as enabling scalability during activity surges, maintaining consistent responsiveness even under heavy attacks, and expanding protective coverage across their customers.

‍

‍

What’s next: proactive threat hunting with AI

Almond's forward-looking strategy emphasizes enhanced contextual adaptation, with Qevlar AI evolving to better accommodate the unique security profiles of individual clients and continuously improving performance based on environment-specific factors.

Additionally, as Qevlar AI assumes greater responsibility for routine investigations, Almond aims to leverage its capabilities toward more proactive threat hunting transitioning from reactive incident response to predictive security operations that can anticipate potential attack vectors before they materialize into actual threats.

‍

Learn more about Qevlar AI

Qevlar AI acts as an invaluable extension of your SOC team to process large and variable security data streams and perform autonomous and detailed alert investigations. Our advanced AI models are trained on proprietary and public data, and are fine-tuned and re-trained for continuous improvement.

The platform, which is trusted by MSSPs and enterprises around the world, seamlessly integrates with existing systems, employs advanced techniques for unparalleled threat qualification, and provides in-depth threat assessments within user-friendly interfaces.

‍