Inside the Zero Trust SOC: How Zscaler and Torq Automate Defense

Contents

Torq AMP spotlights the partners redefining what’s possible in security operations. Each partner brings a unique strength that seamlessly extends Torq’s autonomous SOC platform. Together, these partnerships help SOC teams achieve speed, accuracy, and scale that were once out of reach. Explore the future of SOC in the AMP’d Sessions video series.

Today’s SOCs face never-ending alerts, hybrid environments, and fast-moving threats that exploit even momentary blind spots. Zscaler has long led the charge on Zero Trust, enforcing least privilege, secure access, and inspection across every user and workload. But even with strong prevention, threats inevitably slip through, hidden in user traffic, cloud workloads, or endpoint activity.

That’s where detection and response become critical — and where traditional SOC tools fall short. Manual triage, delayed investigation, and fragmented tooling leave SOCs reactive and overworked.

The solution is an autonomous, Zero Trust SOC — powered by real-time detection from Zscaler and automated, context-aware remediation from Torq HyperSOC™. Together, they create a closed feedback loop in which detection and response happen at machine speed without sacrificing human oversight or control.

“What excites me is the opportunity for security outcomes that one tool can’t do alone.”

 – Jeff Spencer, Senior Sales Engineer, Zscaler

Inside the Torq + Zscaler Integration

This integration brings together two pillars of modern security operations:

  • Zscaler’s Zero Trust Exchange provides continuous inspection, policy enforcement, and high-fidelity detections across every user, device, and application.
  • Torq HyperSOC™, which applies AI-driven automation, agentic AI, and case management to orchestrate instant, context-aware incident response.

Together, they form the foundation of a Zero Trust SOC — a system where every alert is verified, every workflow is automated, and every response is precise.

Step 1: Zscaler Deception: Proactive Zero Trust Detection

Zscaler’s Zero Trust Exchange is the industry standard for secure access — continuously verifying users, devices, and applications. With Zscaler Deception, that protection extends beyond prevention into active defense.

Zscaler deploys SaaS-based decoys across endpoints, networks, and applications, convincing high-value assets designed to lure attackers and expose lateral movement early in the kill chain. When a decoy is touched, accessed, or queried, Zscaler instantly flags it as a true positive event because legitimate users never interact with decoys.

These decoys reveal “patient zero” moments — detecting staged or dormant threats before execution — and provide defenders with the earliest possible warning to act.

Zscaler Deception reveals lateral movement through decoys — identifying real attacker behavior before impact.

Step 2: Torq HyperSOC: Autonomous Correlation and Response

Once Zscaler Deception raises an alert, Torq HyperSOC™ automatically springs into action. Torq’s AI SOC Analyst, Socrates, instantly correlates Zscaler telemetry with data from SIEM, EDR, IAM, and cloud systems to understand the full scope of the incident. From there, Socrates executes an agentic runbook — autonomously investigating, validating, and containing the threat.

The workflow looks like this:

  1. Case Creation: Torq auto-generates a case populated with all Zscaler observables, file hashes, and context.
  2. User Verification: Torq contacts the endpoint owner via Slack or Teams to confirm activity. If verified, a multi-factor authentication (MFA) check in Okta confirms legitimacy.
  3. AI Reasoning: If suspicious, Socrates escalates and begins machine-speed containment, isolating the device, blocking the user, and updating Zscaler policies.
  4. Remediation: Torq coordinates across EDR and IAM to revoke sessions, rotate credentials, and update blocklists.
  5. Documentation: The entire process — from detection to containment — is logged automatically and complete with AI-generated summaries for compliance and audit.

Together, Zscaler and Torq create a closed feedback loop between detection and response in which:

  • Zscaler traps attackers with decoys and identifies threats with surgical precision.
  • Torq responds instantly, isolating endpoints, blocking IPs, and disabling compromised accounts before attackers can pivot.

This integration extends Zscaler’s zero-trust principles into the SOC itself, ensuring continuous verification and the least privilege at access throughout the entire response lifecycle.

Zscaler and Torq
Torq HyperSOC™ transforms the Zscaler alert into an automated, AI-driven case — isolating the endpoint instantly.

The Zero Trust SOC Advantage

Zscaler + Torq deliver a SOC experience that’s both faster and smarter, with:

  • Near 100% detection fidelity from Zscaler Deception
  • Sub-minute containment triggered by Torq HyperSOC™
  • Full auditability with automatic case creation, evidence tracking, and AI summaries
  • Built-in human oversight, so analysts validate and learn from autonomous decisions

For SOCs, that means fewer false positives, faster containment, and measurable improvement. Zscaler and Torq close the loop between visibility and action, transforming zero-rust detection into instant containment.

Torq AMP Sessions Ad

Better Together: Torq + Zscaler

Every enterprise has a unique security stack: a mix of legacy systems, modern SaaS tools, and homegrown integrations. Zscaler and Torq meet customers where they are. The integration is API-first, customizable, and built to respect each organization’s ecosystem, delivering precise outcomes without forcing architectural changes.

The Zscaler + Torq partnership represents a new model for modern SOCs — one where AI agents and automation reinforce zero-rust principles across detection, investigation, and response.

See how Torq and Zscaler provide a foundation for the Zero Trust SOC. Watch AMP’d Sessions Episode 3 to see Torq + Zscaler in action.

SEE TORQ IN ACTION

Ready to automate everything?

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kaemming, Senior Director of InfoSec

“Torq HyperSOC offers unprecedented protection and drives extraordinary efficiency for RSM and our customers.”

Todd Willoughby, Director

Compuquip logo in white

“Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.”

Phillip Tarrant, SOC Technical Manager

Fiverr logo in black

“The only limit Torq has is people’s imaginations.”

Gai Hanochi, VP Business Technologies

Carvana logo in black

“Torq Agentic AI now handles 100% of Carvana’s Tier-1 security alerts.”

Dina Mathers, CISO

Riskified logo in white

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work.”

Yossi Yeshua, CISO