The following was adapted from a conversation between Torq and Mike Britton, CISO at Abnormal Security. Abnormal Security is a cloud email security provider, and an esteemed customer of Torq. Read on to learn how hyperautomation has helped the Abnormal Security SecOps team scale and grow:
Introduction to Mike and Abnormal Security
I’m Mike Britton. I’m the Chief Information Security Officer for Abnormal Security. What I do is I run our security, our IT, and our privacy program here at Abnormal. Prior to Abnormal, I was an early customer of Abnormal’s when I was the CISO for a company called Alliance Data. I have 27 years of security experience. Abnormal is a very fast growing cloud email security company. We plug in through the APIs for Google and Microsoft and protect our customers from advanced phishing and BEC type email attacks.
Life for the Abnormal SecOps Team Before Implementing Torq
In my nearly three years here, we’ve done a tremendous amount of growing. I was employee number one from a security perspective. So it was important to hire the right people, but also be able to put tools in place that allowed me to scale and grow. We’ve probably grown 6X from an employee perspective and probably about that much from an infrastructure and product perspective as well. I don’t have the luxury of hiring an army of people – so leveraging solutions like Torq enabled me to grow and scale the business and keep up with where we’re going as a company.
I don’t have the luxury of hiring an army of people – so leveraging solutions like Torq enabled me to grow and scale the business and keep up with where we’re going as a company.Mike Britton, Chief Information Security Officer for Abnormal Security
Comparing Hyperautomation to Legacy SOAR
A lot of SOAR is really more tightly tied into maybe your endpoint detection or maybe your SIEM. Whereas [with] Torq, the sky’s the limit as far as what I want to automate and how I want to really make more efficiency and productivity in other tasks that my team does.
Hyperautomating Endpoint Security Audits
We have a lot of different endpoint solutions. We have a lot of different tools and things like that. And we’ve decided not necessarily go down into the full CMDB aspect of trying to use a tool to keep track of what agents are working. So we leveraged Torq to really go through our primary tool set, make sure everything has the necessary agents and security tools on it. And anytime there’s a missing tool or tools not performing correctly, Torq cuts a ticket back to my team so we can get on it quickly and figure out why.
How Torq Hyperautomation Enables Just-in-Time Access
The other big use case is we have a couple of applications that we want to enable just in time access on instead of letting users keep access 24/7. We’ve been able to plug that into Slack where an employee or user needs to get access to something. They can type a quick Slack message. It kicks back a ticket form. They fill it out. They ask for how long they need the access for and Torq does all the work behind the scenes to grant access, to revoke access and close out the ticket.
The Benefits and ROI of Hyperautomation
It’s freed up some of my IT team members from having to do manual tasks, like add people to groups and provision access. And then not necessarily productivity, but risk reduction. It’s allowed me to basically keep access to just that time period that someone needs it instead of the exposure of someone keeping access permanently. Now they have to request it. I get good tracking on why they’re requesting it for that purpose. And then it goes away as soon as that time period is over.
Why Other CISOs Should Consider Hyperautomating their SecOps Teams
We’re all in this situation where we always are pushed from our boards and our leadership to do more with less. One of the things I really like about the Torq team is they love to create new integrations. So if you come up with a SaaS or a tool or something that you want to get integrated into Torq, they’re phenomenal with turning that around quickly. Torq does a great job of helping you calculate that ROI as well. So not only can they help you automate it, but they can help you show that cost savings as well.