Torq is proud to introduce Parallel Loop, a new capability that enables users to process bulk data from myriad security tools with unprecedented ease. It also provides the power of orchestration like no other automation tool in the security automation industry with true parallelism. That means multiple tasks can be run simultaneously, and optionally, on multiple elastically-scaled compute resources, shortening the time workflow automations take to complete by 10x or more.
Historically, this data has been siloed across multiple tools and accessible mainly through serial processes. Security professionals had to figure out individual vulnerabilities themselves, who the owner of any particular infrastructure is, what the project affinity involves, and any relevant exceptions. Those professionals then had to follow up with each entity involved in the bulk data sequentially. This approach takes up an enormous amount of time, creates incredible frustration, and is prone to analyst fatigue and human error.
Parallel Loop relieves security professionals from these burdens by enabling bulk data processing at unlimited scale, eliminating any glass ceilings. It builds on Torq’s recently-introduced Parallel Execution feature that allows users to instantly create multiple branches within an automatic workflow, and handle each concurrently before seamlessly merging back into a single flow.
Now, with Parallel Loop, users can automatically process large quantities of bulk data, understand which security tools and users they are associated with, and perform parallel processing of the required follow-up actions. It’s worth noting that a few security automation vendors tout workarounds, including limited asynchronous processing capabilities with deduplication managed by code with an upper limit of a predefined amount of data elements. These creative afterthoughts are not scalable, as they cannot effectively improve mean time to acknowledge (MTTA), mean time to response (MTTR), or the overall efficiency of your security operations, unlike Torq, where there is no limit.
Parallel Loop in Action
In this example, customers benefit from parallel loop scanning 30,000 hosts or IP addresses with VirusTotal, or your preferred security reputation service tools. Typically, with legacy automation tooling, each IP address is sequentially scanned, which might not seem like an issue in small volumes. However, once you run into hundreds, if not thousands, of IP addresses that must be quickly validated during an investigation, when time is not on the analyst’s side, waiting for the result of each individual scan is not tenable.
Torq enables the same workflow to execute vastly more efficiently. Instead of scanning a single IP address at a time and waiting for the result, it can launch multiple workflows to run simultaneously with multiple users or systems, shortening execution times by 10x or more. Instead of taking hours or days, you can have results in a fraction of the time. The extent of parallelism is defined by the level of your Torq subscription, and we provide built-in guaranteed parallelism in each package and also sell an add-on to increase the capacity.
Parallel Loop significantly improves processing time and reduces mean time to resolution (MTTR), making it an essential tool for enhancing an organization’s security posture. Key benefits include:
- Reduced Risk: By reducing processing time and improving MTTR on incoming alerts, Parallel Loop can help reduce the risk of security incidents and improve an organization’s overall security posture.
- Improved Efficiency: Parallel Loop can significantly reduce the time it takes to complete a process by allowing multiple tasks to be performed concurrently. This is especially useful when dealing with large volumes of data, such as ingesting incoming alerts in a security information and event management (SIEM) system like Splunk.
- Increased Scalability: Parallel Loop enables Torq to handle enormous volumes of data and perform large numbers of tasks concurrently, making it more scalable and able to handle increased workloads.
- Enhanced Flexibility: With parallel iterations, it is possible to customize the number of tasks that can be performed concurrently, allowing organizations to fine-tune their processes to meet their specific needs.
Begin Looping in Parallel, Today
The Parallel Loop capability and associated workflow templates are available to Torq users today. Find them in the workflow designer and template libraries, respectively. Users can also contact their customer service manager for a demo and walkthrough.
You can also get a deeper dive into Parallel Loop at the Torq Learning Center. https://learn.torq.io/docs/run-loop-iterations-in-parallel
If you’re already ready to go, we’ve prepared a few workflow templates that utilize and demonstrate the power of this Parallel Loop. Torq users can begin deploying these right away.
Slack Mention to Analyze Suspicious URLs and IPs with VirusTotal
Receive a suspicious list of URLs and/or IPs from Slack, scan using VirusTotal, and report the results to the Slack thread.