From Reactive to Real-Time: Major Regional Bank Accelerates Phishing, Ransomware, and Fraud Response

The Problem: Inconsistent, Manual Security Responses

To reduce their risk exposure in an industry heavily targeted by phishing attacks and ransomware, this financial services organization identified a critical need to automate their security operations. Like many SOCs dealing with an cybersecurity talent shortage, they had too few skilled analysts and too many alerts, leading to inconsistent, reactive incident response. 

They also faced an urgent, compliance-driven requirement to automate their detection and response to fraud alerts in Zelle, a customer-facing payment service which had been suspended due to a surge in fraudulent activity.  

Security leaders kicked off a search for a security automation solution to replace slow, manual analysis and response with automated alert triage, investigation, and remediation. The end goal was to strengthen their security posture by enabling real-time threat detection and immediate containment and mitigation of zero-day vulnerabilities, phishing attacks, and ransomware. 

The Solution: Easy-to-build Workflow Automation with Torq Hyperautomation

The organization ultimately bypassed legacy SOAR solutions, finding Torq’s Hyperatomation™ platform to be the best fit for security automation projects for larger enterprises, especially in regulated industries like financial services. Torq impressed due to its ease of use and accelerated return on investment, as well as the Torq team’s deep security expertise and responsiveness to the bank’s needs.

Faster time-to-value thanks to ease of ramp-up and workflow building: Torq Hyperautomation’s low-code/no-code capabilities and minimal learning curve enabled the organization’s internal security team to quickly become proficient in building and deploying complex workflows in the platform. The collaborative “learn with us” approach of Torq’s JumpStart onboarding program minimized the need for costly professional services and led to a pivotal “aha” moment for one of their developers as they realized just how quickly and effectively they could build workflows in Torq. By empowering their internal team to take full control, Torq enabled the organization to launch over 100 workflows in just 3 months.

Scalable interoperability maximizes investments: A critical differentiator was the Torq platform’s limitless API integrations for connecting disparate tools such as VirusTotal, ServiceNow, Proofpoint, SentinelOne, and more. This enabled the organization to maximize their existing investments and achieve a cohesive response across their previously siloed security and IT stack.

Versatility to expand beyond security into IT, fraud, and GRC teams: Because the platform’s event-driven architecture allows for seamless scalability, the bank quickly realized the value of extending Torq automation beyond initial security operations. Within a few months of deployment, they expanded their Torq usage into additional business units, including their IT, fraud, and GRC teams. 

Torq in Action: Phishing and Ransomware Mitigation

Reducing time spent on phishing response: Before Torq, the security team’s phishing response was a time-consuming, laborious process that required analysts to jump between windows to track down information from tools including URLScan, Recorded Future, VirusTotal, and others. Torq now automates phishing response processes such as scanning potential phishing emails, enriching cases with threat intelligence, and classifying affected users. Torq also consolidates and correlates data from all of these tools, enabling analysts to make faster, more informed decisions and risk assessments.

Getting back online quickly after a malware or ransomware incident: Torq accelerates recovery from malware and ransomware incidents by automating key tasks such as locating malicious files, quarantining infected hosts, blocking harmful hashes, and identifying signs of further compromise. For malware containment, Torq continuously collects endpoint data, enriches it with threat intelligence, alerts the security team, and automates remediation actions like endpoint reimaging and updates.

The Hyperautomation Impact: Faster Investigation, Faster Resolution

By bridging the gap between tools across the security stack and replacing slow, manual processes with automated incident response, Torq Hyperautomation has helped reduce the organization’s mean time to investigate (MTTI) from hours to minutes, accelerate resolution times, and increase case closure rates — ensuring a more resilient and secure environment for the bank and its customers.

Get a demo to find out more