How Agoda Scaled Security and IT Operations with Hyperautomation

For global digital platforms, speed and trust go hand in hand. Millions of users expect seamless experiences — from instant logins and secure transactions to real-time updates across multiple devices and regions. Behind that simplicity sits a complex ecosystem of cloud services, APIs, and data integrations operating across time zones and compliance frameworks.

As digital ecosystems scale, so does operational complexity. Security and IT automation have become essential for maintaining performance, compliance, and user trust. Security teams must safeguard customer data while IT teams ensure uptime and availability — both responding instantly to incidents and supporting rapid development cycles.

Yet many enterprises still struggle with manual workflows, overlapping tools, and limited visibility into security alerts and service requests. Legacy orchestration platforms and old playbooks can’t keep up. Routine actions like enriching alerts, resetting credentials, or escalating tickets consume hours instead of seconds, slowing teams down and increasing operational risk.

Modern enterprises need unified, automated cybersecurity — a no-code, automation-first approach that connects tools, eliminates handoffs, and delivers real-time visibility across security and IT operations. Only then can organizations scale securely while maintaining the agility their customers expect.

3 SOC Challenges for Global Digital Platforms Solved by Security and IT Automation

For digital service providers, success depends on their ability to move quickly without compromising security. Hyperautomation makes that possible, bringing secure automation to every corner of the enterprise.

1. Alert Triage and Enrichment

With security automation, teams can automatically aggregate, enrich, and prioritize alerts from multiple cloud and endpoint systems, so that analysts focus only on high-fidelity, business-critical threats.

Workflow Steps:

• Receive new alerts from SIEM or XDR tools.
• Execute parallel enrichment tasks to pull context from EDR, IAM, and cloud telemetry sources.
• Extract indicators such as IPs, hashes, and user IDs, correlating them with threat intelligence feeds.
• Apply AI-driven risk scoring to classify alerts as benign, suspicious, or critical.
• Automatically close low-risk alerts and create cases for confirmed threats.

2. Cloud Misconfiguration Detection and Remediation

Automate the detection and response to misconfigurations or vulnerabilities across multi-cloud environments — ensuring compliance and reducing exposure windows.

Workflow Steps:

• Receive configuration or vulnerability findings from a CSPM tool.
• Filter for issues marked ‘High’ or ‘Critical.’
• Enrich findings with asset metadata (e.g., owner, environment, region).
• Trigger auto-remediation workflows — such as adjusting IAM permissions, rotating exposed keys, or enforcing encryption.
• Validate the fix and update the case or ticket automatically.

3. Phishing Email Analysis and Response

Eliminate manual review of user-reported phishing emails by automating end-to-end triage, analysis, and containment.

Workflow Steps:

• Monitor a dedicated mailbox for user-reported phishing submissions.
• Extract and analyze message headers, links, and attachments using multiple security analysis tools.
• Cross-check against threat intelligence feeds for known indicators.
• If malicious, quarantine the email across all mailboxes, notify affected users, and open a security case.
• If benign, notify the user with a safe, templated response and close the case automatically.

Benefits of Security and IT Automation

Connecting tools across cloud, IT, and security operations, security Hyperautomation eliminates manual handoffs and accelerates triage, investigation, and remediation. This brings consistent execution, faster response, and happier teams.

Key benefits for digital platforms include:

• End-to-end visibility: Unified data flow across SIEM, ITSM, and identity tools
• Consistent workflows: Repeatable, auditable processes across time zones
• Faster response: Automation handles repetitive triage and enrichment in seconds
• Reduced burnout: Teams focus on analysis, not administration

This shift turned security operations at Agoda from a reactive cost center into a proactive value driver — enabling faster incident response, automated IT support, and improved cross-team collaboration.

How Agoda Transformed Its SOC with Torq Hyperautomation

Agoda, one of the world’s leading online travel platforms, faced a pivotal challenge: modernizing its security operations while operating with a small, globally distributed team. At the same time, the company was migrating from legacy on-prem infrastructure to a modern, cloud-first security stack.

Existing automation tools required extensive custom coding and manual connector maintenance — slowing progress and limiting scalability. Agoda needed a flexible, no-code platform to unify alerts, automate investigations, and streamline IT workflows across its hybrid environment.

In 2020, after a successful proof of concept, Agoda selected Torq Hyperautomation™ to power its next phase of growth. The immediate results showed how quickly security and IT automation could deliver measurable impact.

• Rapid time to value: Thanks to Torq’s no-code/low-code interface and extensive integration library, Agoda’s first automations were live within weeks — not months. Even complex workflows connecting SaaS apps to on-prem systems could be built in minutes.
• Full-stack integrations: Without manual coding, Agoda connected its core security and IT tools — including cloud providers, endpoint platforms, and communication apps. Even complex SaaS-to-on-prem connections were built in minutes using native integrations and webhooks.
• Hands-on partnership: Torq engineers co-built critical early workflows alongside Agoda’s team from proof of concept to production. 

“Even Torq’s CTO jumped in to help us build during the early days — it was seamless.”

— Karthick Gopalakrishnan, Senior Security Engineer, Agoda

What Agoda Hyperautomated

When Agoda implemented Torq’s Hyperautomation platform, its goal wasn’t just to automate tasks but to redefine how security and IT operations worked together. In a matter of weeks, the team replaced fragmented, manual processes with intelligent, AI-driven workflows that now operate 24/7 across the organization. From automated phishing response to instant IT service resolutions, Agoda’s automation framework has become the backbone of its global operations.

24/7 Automated Phishing Response

Every phishing report submitted through Outlook now flows directly into Torq. AI-driven enrichment and classification automatically determine whether a message is benign, suspicious, or malicious — and respond accordingly.

• 30–40 daily submissions handled autonomously
• 2-minute average response time to reporters
• Zero analyst intervention required

Instant IT Service Resolutions

Agoda’s IT service desk now resolves 200–300 password resets per month automatically. App deployment requests that once took a full day are completed in under 10 minutes. This shift freed both IT and security teams from repetitive, low-value tasks and improved employee experience across global offices.

Faster, Smarter Incident Response

Torq now orchestrates Agoda’s incident response, enriching alerts, isolating compromised systems, and even automatically resetting credentials. Response actions that once required analysts to coordinate across multiple tools now run in parallel, with full audit logs and human-in-the-loop control for sensitive cases.

Expanded Impact Across Teams

What began as a SOC initiative has evolved into a company-wide automation initiative. IT, engineering, and security teams now build their own workflows for use cases like proxy whitelisting, onboarding, and even automated threat-model draft generation for developers.

Results that Scale Across Security and IT

With Torq, Agoda redefined what speed and scale mean in a global enterprise. The adoption of security and IT automation bridged once-disconnected teams, slashed manual workloads, and accelerated both detection and resolution. Every workflow — from phishing triage to password resets — now runs smarter, faster, and more consistently than ever before.

• 89% of alert actions automated
• Response times reduced by 60%
• 50% of IT tickets resolved automatically

“Torq outshines in MTTR reduction. Even if we’re offline, we know the threat is isolated. That’s a huge stress reliever for the team.”

— Laksh Gudipaty, Security Incident Response Manager, Agoda

Hyperautomation Enables Continuous Innovation

Agoda’s journey demonstrates the transformative power of security and IT automation. By embracing cybersecurity automation, their teams shifted from reactive to proactive, continuous improvement.

Hyperautomation gives modern businesses the same advantage Agoda achieved:

• Continuous visibility across security and IT systems
• Faster containment and reduced downtime
• Proactive operations that scale with global demand