Contents
Get a Personalized Demo
See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster.
The modern security stack is crowded, but often disconnected. You have best-in-class tools for detection, identity, and cloud, but if they aren’t talking to each other, your team is stuck acting as the manual glue.
That’s why we built the Torq AMP (Alliance & Momentum Partner) Program.
AMP is about more than just API keys. We co-build deep, production-ready integrations that allow our partners to signal high-fidelity data to Torq, which then orchestrates the response across your entire infrastructure.
In Season 1 of The AMP’d Sessions, we showcased how these integrations work in the real world. Here is how Torq and our partners are closing the loop on security operations.
Wiz: Autonomous Cloud Security
Cloud environments move too fast for manual ticketing, and the disconnect between Security and DevOps often leaves critical risks exposed for days. This partnership bridges that gap by turning Wiz’s high-fidelity visibility into machine-speed action.
When Wiz flags an alert — like a vulnerable container with exposed secrets — Torq instantly ingests the alert and triggers a cross-team workflow. By automatically spinning up Slack channels, syncing contexts between DevSecOps and Cloud teams, and pre-populating Jira tickets, Torq ensures the right people have the right info instantly. Once the fix is applied, Torq validates the remediation via Wiz and autonomously closes the case.
Intezer: The Power of Agent-to-Agent Collaboration
Tier-1 analysts often burn out from repetitive triage before they can tackle critical threats, but this integration changes the dynamic through agent-to-agent collaboration. Intezer’s AI agents emulate elite forensic analysts, investigating alerts and extracting artifacts with 97.6% accuracy to filter out false positives before they ever reach your queue.
Once the threat is confirmed, Intezer hands that verified forensic context to Torq’s AI SOC Analyst, Socrates. Socrates immediately takes the baton to orchestrate the response — isolating hosts, blocking hashes, and resetting credentials across the environment. This allows the autonomous SOC to resolve over 95% of Tier-1 cases without a human ever needing to open a ticket.
Zscaler: Zero Trust Meets Autonomous Response
Even with strong prevention, threats inevitably slip through. That’s where Zscaler Deception comes in, deploying SaaS-based decoys to lure attackers and reveal “patient zero” moments early in the kill chain. When a decoy is touched, Zscaler flags the high-fidelity alert, and Torq HyperSOC™ springs into action.
Socrates correlates the telemetry and autonomously executes an agentic runbook — contacting the user via Slack to verify activity and performing MFA checks. If the threat is valid, Torq isolates the endpoint and blocks the user instantly, achieving sub-minute containment.
Cyera: Automating Data Protection
For most SOCs, data exposure is a blind spot. Cyera’s Data Security Posture Management (DSPM) platform addresses this by continuously scanning cloud and SaaS environments to pinpoint sensitive risks, like exposed patient records or financial data.
In the AMP’d demo, when Cyera detected a Microsoft 365 file containing personally identifiable information (PII) shared publicly, Torq automatically created a case and launched a remediation workflow. Socrates revoked the public access immediately and messaged the employee to confirm intent. The entire process from detection to evidence collection and closure took less than five minutes, creating a continuous feedback loop between visibility and action.
Panther: Closing the Loop on Detection & Response
Legacy SIEMs force teams to compromise on data retention and cost, but Panther’s cloud-native data lake allows for limitless scale and long-term retention. Panther uses a “Detection-as-Code” model to generate high-fidelity, AI-triaged case summaries that are passed directly to Torq. This initiates an AI-to-AI communication where Torq Socrates reasons through Panther’s findings.
In the use case, Panther detected an anomalous login from a watchlist country followed by enumeration. Socrates autonomously queried the data lake for more logs, interviewed the user via Slack, and, upon confirming the threat, disabled the Okta account and blocked the IP, closing the loop at machine speed.
Reco: Solving SaaS Access Risk
SaaS is the fastest-moving attack surface, and most breaches stem from the same problem: identity drift across hundreds of connected apps and an explosion of unvetted AI tools. Reco maps this chaos with deep, identity-driven visibility across every SaaS application: who has access, what data is exposed, and where permissions exceed policy.
When Reco flags a high-risk access event, Torq HyperSOC™ turns that signal into immediate, explainable action. Socrates enriches identity context, validates activity, interviews users in Slack, and enforces policy through autonomous workflows. Whether the right move is revoking OAuth permissions, blocking risky AI apps, or escalating for manager review, the system executes consistently across the entire environment.
Together, Reco and Torq give SOC teams a full end-to-end loop for SaaS access security — continuous discovery, precise identity intelligence, and autonomous remediation, delivered without adding workload to analysts.
The Big Message: We’re Better Together
Across every partner and every episode, one theme dominated: You don’t fix SecOps by throwing more dashboards at analysts. You fix it by building autonomous, closed-loop systems.
AMP’d Season 1 showed exactly how the strongest security stacks get there:
- AI-to-AI communication that eliminates human bottlenecks
- Hyperautomation that turns detections into outcomes
- Unified workflows that cross SecOps, DevOps, Cloud, and Identity
- Full auditability for compliance and leadership confidence
This is the future the SOC has been promised — finally delivered.
