Today’s SOCs face never-ending alerts, hybrid environments, and fast-moving threats that exploit even momentary blind spots. Zscaler has long led the charge on Zero Trust, enforcing least privilege, secure access, and inspection across every user and workload. But even with strong prevention, threats inevitably slip through, hidden in user traffic, cloud workloads, or endpoint activity.

That’s where detection and response become critical — and where traditional SOC tools fall short. Manual triage, delayed investigation, and fragmented tooling leave SOCs reactive and overworked.

The solution is an autonomous, Zero Trust SOC — powered by real-time detection from Zscaler and automated, context-aware remediation from Torq HyperSOC™. Together, they create a closed feedback loop in which detection and response happen at machine speed without sacrificing human oversight or control.

“What excites me is the opportunity for security outcomes that one tool can’t do alone.”

 – Jeff Spencer, Senior Sales Engineer, Zscaler

Inside the Torq + Zscaler Integration

This integration brings together two pillars of modern security operations:

• Zscaler’s Zero Trust Exchange provides continuous inspection, policy enforcement, and high-fidelity detections across every user, device, and application.
• Torq HyperSOC™, which applies AI-driven automation, agentic AI, and case management to orchestrate instant, context-aware incident response.

Together, they form the foundation of a Zero Trust SOC — a system where every alert is verified, every workflow is automated, and every response is precise.

Step 1: Zscaler Deception: Proactive Zero Trust Detection

Zscaler’s Zero Trust Exchange is the industry standard for secure access — continuously verifying users, devices, and applications. With Zscaler Deception, that protection extends beyond prevention into active defense.

Zscaler deploys SaaS-based decoys across endpoints, networks, and applications, convincing high-value assets designed to lure attackers and expose lateral movement early in the kill chain. When a decoy is touched, accessed, or queried, Zscaler instantly flags it as a true positive event because legitimate users never interact with decoys.

These decoys reveal “patient zero” moments — detecting staged or dormant threats before execution — and provide defenders with the earliest possible warning to act.

Step 2: Torq HyperSOC: Autonomous Correlation and Response

Once Zscaler Deception raises an alert, Torq HyperSOC™ automatically springs into action. Torq’s AI SOC Analyst, Socrates, instantly correlates Zscaler telemetry with data from SIEM, EDR, IAM, and cloud systems to understand the full scope of the incident. From there, Socrates executes an agentic runbook — autonomously investigating, validating, and containing the threat.

The workflow looks like this:

1. Case Creation: Torq auto-generates a case populated with all Zscaler observables, file hashes, and context.
2. User Verification: Torq contacts the endpoint owner via Slack or Teams to confirm activity. If verified, a multi-factor authentication (MFA) check in Okta confirms legitimacy.
3. AI Reasoning: If suspicious, Socrates escalates and begins machine-speed containment, isolating the device, blocking the user, and updating Zscaler policies.
4. Remediation: Torq coordinates across EDR and IAM to revoke sessions, rotate credentials, and update blocklists.
5. Documentation: The entire process — from detection to containment — is logged automatically and complete with AI-generated summaries for compliance and audit.

Together, Zscaler and Torq create a closed feedback loop between detection and response in which:

• Zscaler traps attackers with decoys and identifies threats with surgical precision.
• Torq responds instantly, isolating endpoints, blocking IPs, and disabling compromised accounts before attackers can pivot.

This integration extends Zscaler’s zero-trust principles into the SOC itself, ensuring continuous verification and the least privilege at access throughout the entire response lifecycle.

The Zero Trust SOC Advantage

Zscaler + Torq deliver a SOC experience that’s both faster and smarter, with:

• Near 100% detection fidelity from Zscaler Deception
• Sub-minute containment triggered by Torq HyperSOC™
• Full auditability with automatic case creation, evidence tracking, and AI summaries
• Built-in human oversight, so analysts validate and learn from autonomous decisions

For SOCs, that means fewer false positives, faster containment, and measurable improvement. Zscaler and Torq close the loop between visibility and action, transforming zero-rust detection into instant containment.

Better Together: Torq + Zscaler

Every enterprise has a unique security stack: a mix of legacy systems, modern SaaS tools, and homegrown integrations. Zscaler and Torq meet customers where they are. The integration is API-first, customizable, and built to respect each organization’s ecosystem, delivering precise outcomes without forcing architectural changes.

The Zscaler + Torq partnership represents a new model for modern SOCs — one where AI agents and automation reinforce zero-rust principles across detection, investigation, and response.

See how Torq and Zscaler provide a foundation for the Zero Trust SOC. Watch AMP’d Sessions Episode 3 to see Torq + Zscaler in action.

Cloud has changed everything: how we build, how we deploy, and how attackers strike. Environments are dynamic, identities multiply, and workloads spin up and down by the second. And yet, most SOCs are still running with playbooks designed for static, on-premises networks.

Wiz provides the unified, contextual cloud security platform; Torq turns those high-fidelity detections into action. Together, the Wiz and Torq integration delivers autonomous cloud security that triages, investigates, and remediates threats at machine speed — so that teams can finally keep up.

“Cloud changed everything. Organizations today are required to innovate fast and to deliver product as fast as they can into production.”

– Oron Noah, VP of Product, Wiz

Silos, Alert Overload, and Fragmentation

Rapid innovation and expanding attack surface: Cloud-native architectures evolve constantly. That agility is great for business, but it creates an ever-shifting attack surface. Attackers don’t care about org charts or silos; they’ll exploit the weakest misconfiguration, leaked secret, or exposed workload they can find.

Fragmented tooling: DevSecOps teams use code scanners, cloud security uses posture tools, and SecOps uses runtime detectors. Each tool generates its own alerts in its own language. This brings slow, error-prone handoffs and endless “context switching” for analysts.

Alert fatigue: Analysts spend more time triaging and correlating low-value alerts than actually defending. Critical issues get buried, remediation stalls, and the SOC becomes reactive rather than proactive.

Wiz’s model breaks the silos with one platform across Wiz Cloud, Wiz Code, and Wiz Defend — what Wiz calls democratized cloud security. Torq extends that context into Hyperautomated response across teams and tools.

Inside the Torq + Wiz Integration

1. Detection and Handoff

• Wiz Cloud + Wiz Defend continuously monitor for misconfigurations, vulnerabilities, and active threats.
• When Wiz identifies an issue — enriched with context, IOCs, and attack path metadata — it generates a high-fidelity alert.
• That alert is sent directly into Torq HyperSOC as the trigger for automated action.

2. AI-Powered Triage and Enrichment

• Torq’s Hyper Agents immediately triage the alert.
• They calculate business risk and exploitability, check for known attack techniques, and correlate data across SIEM, EDR, IAM, and cloud logs.
• A case is created automatically, with an AI-generated summary and recommended actions.

3. Workflow Orchestration Across Teams

• Torq kicks off a Hyperautomated workflow that aligns all stakeholders.
• A Slack channel is spun up instantly to notify DevSecOps, Cloud, and SecOps.
• Jira tickets are pre-populated with all context from Wiz.
• Parallel playbooks run across tools — updating SIEM rules, tagging EDR alerts, and preparing remediation steps.

4. Autonomous Remediation and Validation

• DevOps and Cloud teams patch the vulnerable container, rotate exposed secrets, or adjust IAM policies.
• Torq HyperSOC monitors progress, validates that the fix was successful, and continues hunting for related environmental threats.
• Once the issue is fully remediated, Torq updates Jira, closes the case, and documents every action taken.

5. Audit Trail and Reporting

• Every decision, escalation, and action is logged automatically.
• SOC leaders gain compliance-ready reports, replayable case histories, and metrics for MTTR, accuracy, and workload reduction.

“Security runs autonomously while collaborating with Dev, Cloud, and IT operations — everyone gets what they need in real time.”

– Bob Boyle, Product Marketing Manager, Torq

How Wiz + Torq Close the Loop in Minutes

Imagine this scenario:

Exposure: A Kubernetes container is accidentally exposed to the public internet. Wiz flags it as a critical issue tied to a vulnerable image and leaked IAM keys.

Threat identified: Moments later, Wiz Defend detects unusual activity — a reverse shell attempt — and maps the attack path directly to sensitive S3 data.

Alert handoff to Torq: The enriched Wiz alert is passed to Torq, where Hyper Agents triage the case, confirm severity, and trigger automation.

Coordinated response across teams: Slack and Jira light up, instantly connecting DevSecOps, Cloud, and SecOps. Remediation tasks are aligned and executed in parallel.

Autonomous remediation: The DevOps team patches the container. Torq validates the fix, updates Jira, closes the case, and produces a full audit trail.

Closed loop in minutes: What once took days of manual back-and-forth now resolves in minutes — fully autonomous, fully documented, and without silos.

“With Wiz’s real-time visibility and Torq’s machine speed response, Torq is turning Wiz’s detection engine into a full-stack tournament’s defense system.”

– Bob Boyle, Product Marketing Manager, Torq

Impact You Can Measure

Customers running Wiz + Torq see:

• 90% reduction in manual case handling
• 3–5× increase in SOC throughput
• 95%+ of Tier-1 and Tier-2 alerts remediated autonomously
• 5x improved visibility and coverage of cloud workloads 
• 10x faster time to detect and respond to threats, with many customers reporting MTTRs under an hour 
• <24hr immediate visibility to 0-day threats 
• 10x lower effort to investigate and remediate issues

“The beauty about this partnership is that Torq was always there side by side as one of our design partners as we have evolved.”

– Oron Noah, VP of Product, Wiz

Better Together: Torq and Wiz

The Torq + Wiz partnership isn’t just another integration; it’s a model for how SOCs will thrive in the cloud era. By unifying visibility and context from Wiz with Torq’s Hyperautomation and AI-driven response, organizations finally get an operating model that matches the speed and scale of the cloud.

Together, Torq and Wiz deliver what security leaders have been waiting for: autonomous cloud security that’s proactive, collaborative, and built for the cloud-first world.

Watch AMP Sessions Episode 2 to see Torq + Wiz in action.

Security operations centers (SOCs) have long been stuck in a reactive, overwhelmed state. Analysts are swamped with alerts. Triage is repetitive. Even the biggest teams can’t keep up.

Torq and Intezer are rewriting the SOC playbook with agent-to-agent AI collaboration. Together, we’re showing how two AI-driven platforms can work seamlessly to handle the entire alert lifecycle — from detection to triage to remediation — completely autonomously, at machine speed.

Why SOCs Need Agent-to-Agent AI

Every SOC leader knows the math doesn’t add up. Cloud adoption, SaaS sprawl, and AI-powered adversaries have all converged to push SOCs beyond their limits. Alert volumes climb year after year, yet most teams can only investigate a fraction of them. Burnout is rampant, with analysts stuck in repetitive triage instead of higher-value work. 

Traditional SOAR tools tried to automate some of the load, but rigid playbooks and partial integrations left the real problem — scale — unsolved. The result is a SOC that remains reactive, noisy, and perpetually behind.

Intezer and Torq are solving that together:

• Intezer AI agents emulate elite analysts, performing deep, forensic-grade investigations at speed.
• Torq’s agentic AI SOC Analyst, Socrates, takes the lead, orchestrating remediation across the entire stack with Hyperautomation.

The result: The entire alert lifecycle is handled without human bottlenecks, with analysts only stepping in when their judgment is truly needed.

“This really starts to cut down everything that has made the SOC a sore place for decades.”

– Mitchem Boles, Field CISO, Intezer

Inside the Torq + Intezer Integration

Step 1: Intezer’s AI Agents Triage Alerts

Intezer is known for forensic-grade analysis — and they’ve built AI agents to scale that expertise. Their agents investigate alerts like a senior analyst would by:

• Asking the right triage questions
• Checking tools and data sources in the right order
• Validating threats even if a mitigation attempt has already occurred

By automating these investigation steps, Intezer filters out noise and escalates only the threats that truly matter. Customers see 4% of alerts escalated in as little as two minutes with 97.6% accuracy.

Step 2: Triage and Remediation with Torq AI Agents

Once Intezer triages the initial event, Torq Socrates, the AI SOC Analyst, and its AI agents, designed to act like a Tier-1 and Tier-2 team, take over. Here’s what happens next:

• Case creation: Torq automatically builds a case enriched with all IOCs, observables, and investigation notes from Intezer.
• Context enrichment: Socrates correlates data across SIEM, EDR, IAM, cloud, and more, ensuring the case has full context.
• Runbook planning: Socrates generates a remediation plan, which includes isolating hosts, locking accounts, resetting credentials, or running endpoint scans.
• Autonomous execution: Socrates triggers Hyperautomation workflows that execute those actions across the connected stack, step by step, until the threat is contained and remediated.
• Resolution: The case is closed with full audit-ready documentation.

The handoff is seamless. Intezer ensures the right alerts are surfaced, and Torq ensures they’re fully resolved.

Speed, Accuracy, and Scale

The numbers tell the story:

• 97.6% accuracy in Intezer’s AI-driven triage
• 90% reduction in manual investigation effort for Torq customers
• 3–5× increase in alert handling capacity without adding headcount
• 95%+ of Tier-1 and Tier-2 cases remediated autonomously
  

For analysts, this means less alert fatigue and burnout and more time for threat hunting, detection engineering, and strategic projects. For SOC leaders, it means world-class outcomes without ballooning costs.

“Everyone is looking for speed, but we’re also removing burnout — freeing analysts to focus on the most important cases.”

– Mitchem Boles, Field CISO, Intezer

Better Together: Torq and Intezer

This is the future of the SOC: AI agents collaborating seamlessly to handle the noise and remediate threats at scale. Most importantly, it gives analysts back the time and focus they need to do the kind of cybersecurity work that truly matters.

Watch AMP Sessions Episode 1 to see Torq + Intezer in action.