Check Point Eases Alert Fatigue and
Speeds Up Their SOC with Torq HyperSOC

The Problem: Too Many Alerts and Too Few SOC Analysts

Check Point CISO Jonathan Fischbein had a problem to which his peers can likely relate: too many security alerts and too few security operations center analysts.

Without enough staff to respond to the constant flood of security alerts coming from the organization’s SIEM platform, conditions were ripe for disaster. “If you have an alert that you’re not addressing, that alert might become an incident,” Fischbein said. “And that is something that, as the CISO, I don’t want.”

The Solution: Unseat Legacy SOAR With Torq HyperSOC

With the aim of reducing his team’s alert fatigue and improving Check Point’s security posture, Fischbein began exploring automation platforms. Feedback from fellow CISOs and CIOs led him to bypass legacy security orchestration, automation, and response (SOAR) products in favor of the Torq Hyperautomation Platform.

Easy-to-use UI centered around the SOC analyst experience: “We really liked the fact that the UI is graphical and that there are a lot of workflow automation templates,” Fischbein said, adding that the Torq platform’s design is centered around SOC analysts’ experience to make their jobs easier.

Days-fast deployment of dozens of playbook automations: Check Point initiated a proof of concept. Within a few days of the trial’s inception, Fischbein said, Torq had deployed more than two dozen AI-driven playbooks, automating responses to some of the organization’s most repetitive security alerts.

Security stack integrations that “fit like a glove”: Importantly, Torq HyperSOC also integrated easily with Check Point’s existing infrastructure and security stack, ingesting and analyzing data from a variety of systems and tools. “It fit like a glove,” Fischbein said. He was sold.

The Torq Impact: A “Swiss Army Knife” That Speeds Up SOC Responses Across the Board

Autonomous remediation enables immediate reactions to alerts: Today, Torq’s HyperSOC technology investigates, triages and remediates many of Check Point’s internal security alerts without any human intervention. If an alert meets certain parameters based on organizational security policies, the platform autonomously takes relevant predefined steps, such as initiating an MFA challenge or locking out a suspicious user.

High-priority incidents are intelligently routed for human intervention: When events are potentially critical or complex, HyperSOC flags them for analyst oversight or intervention and offers suggestions for next steps. According to Torq, organizations can also train the generative AI-driven SOC platform to consider contextual factors in its decision-making — for example, requiring confirmation from a human operator before locking the CEO’s account.

Natural language processing (NLP) enables agile responses: Fischbein compared Torq’s HyperSOC to a Swiss Army knife in that it helps address diverse security events of varying severity. Some of that flexibility is thanks to the technology’s large language model capabilities, which enable it to ingest material written in natural language — ranging from proprietary in-house playbooks to documentation of industry frameworks, such as Mitre ATT&CK — and cross-reference it during event triage, investigation and response efforts.

Intelligent case insights and recommendations help analysts make better decisions, faster: In cases requiring human intervention, the Torq platform also uses natural language to summarize its own workflows, present relevant data, and offer next-step recommendations. This helps human analysts make more efficient and informed decisions, minimizing the time and effort they spend on tedious and manual investigative tasks during active incidents.

The End Result: Dramatic Efficiency Gains and Reduced Alert Fatigue

According to Fischbein, Torq’s AI-driven HyperSOC has successfully increased efficiency and reduced alert fatigue among Check Point’s security analysts.