Setting up your security tools to work together seamlessly is often easier said than done, leading to time-consuming tasks and potential security gaps, especially without the proper tools. You must have both the ability to connect to any product, using APIs, CLIs or proprietary protocols, and do that in a simple no-code manner, without having to know the ins and outs of each technology. Without these, the ability to quickly automate is greatly diminished – as in legacy SOAR products.
Torq hyperautomation solves that by providing a powerful automation engine and a true no-code step creation ability. This combination empowers you to connect and work with any other product or tool in your security stack and, right out of the box, to create near-limitless automations. Torq also provides a fast-growing library of official integrations and automation actions that feature any of your products, both legacy and new, right when you need them.
The usual problems
There are three requirements for a powerful security automation solution.
- Scalable orchestration platform to support your event loads and computation.
- Simple language to create this automation.
- Great connectivity and integration with your entire security stack, across multiple cloud and on-prem environments.
As the cybersecurity ecosystem is ever-evolving and most security organizations adopt several new tools each year, meeting all three of these requirements can be exceptionally challenging. Maintaining an up-to-date library of integrations for the latest tools, plus easily onboarding new tools required, becomes a major undertaking.
How legacy SOAR attempts to solve it, and why that doesn’t work
Legacy SOAR is renowned for having poorly addressed this last problem of connecting to any tool quickly. Integrations in legacy SOAR products are based on building dedicated code modules for every single new product you interact with. This requires specialized software developers to build these integrations, making it an expensive, slow, and time-consuming effort to develop in-house. Waiting for the SOAR providers themselves to integrate new tools would take many months or years until that specific integration was completed. Integrating any homebrew or internal system is out of the question unless you have dedicated software development resources for this purpose.
How newer no-code tools attempt to solve it, and why that also doesn’t work
After the frustration with legacy SOAR products’ difficulty integrating with new platforms, a host of newer, no-code tools emerged. They claim to integrate with any product without any integration-building required.
This is based on the assumption that most products today provide some HTTP-based APIs available to interact with. Then, these no-code tools provided a Postman-like experience for creating HTTP calls.
Though this approach is definitely a league more flexible than the legacy SOAR pace, at scale, it often fails. Enterprises try to integrate with systems that don’t provide any clear HTTP APIs. The ability to integrate with proprietary protocols, perform remote RPC calls, or even run a small script is often the last crucial piece in building a full enterprise-grade automation process. Plus, requiring users to build their own HTTP calls for every action on every product has become a burden on the security operations team.
Instead of focusing on automating their processes, analysts are forced to be experts in the specificities of each of the APIs of their security tools. They must stay up to date with any changes in the APIs of these ever-evolving tools, otherwise, the connectivity often breaks, preventing automations from running. With no-code, the responsibility to maintain these HTTP calls falls on the shoulders of the security team instead of on the no-code automation tool itself.
How Torq solves the content problem – Orchestrating any containerized logic
The understanding that an automation platform should be able to orchestrate any kind of technology, both new or legacy, was in our minds from the very first days of developing Torq’s hyperautomation platform.
This principle was introduced into our product design goals and led to the decision for a step in Torq to be any kind of containerized logic. Containers have become the ubiquitous technology for shipping and deploying software and the orchestration of each kind of logic, and even executing it in different environments, means that Torq can support communicating with any kind of tool in an organization’s security stack over any kind of technology. This can range from the latest HTTP-based API, a proprietary database protocol, any command line interface (CLI), or even a homebrew system, using the ability to bring your own containerized logic and run it from the same simple, no-code UI.
How Torq solves the content problem – Calling any HTTP API and making it a no-code step with flexibility
While having the ability to run any container and CLI command from a single interface is extremely powerful, today, most security products expose an HTTP-based API (REST or GraphQL) to allow integrating and communicating with them. InTorq,q you can quickly call any of those products using the “Send an HTTP request” step. This step exposes a simple UI to model any type of HTTP call, with any authentication required, and built-in support for OAuth and JWT auths, just like the Postman app. It even automatically translates a cURL command, available from many API references, to the proper fields in the step, making connection with new API-driven products a breeze.
How Torq solves the content problem – Create new content at scale using Torq’s step builder to drive hypergrowth of no-code integrations and steps
Having the ability to easily create HTTP API-based steps is significant for quickly connecting with new tools and never having to stop automation building. Messing around with raw HTTP mode isn’t that useful over time and is a lot more complicated for new team members who want to use true no-code steps. This is exactly why we developed the Torq step builder. A simple builder that takes your raw HTTP steps and turns them into true no-code steps, complete with the appropriate parameters, descriptions, and examples on how to operate the specific step you’re building. Torq eliminates the complexities of formatting JSON and handling the authentication for a specific API. These custom steps can be saved to your workspace’s custom step library, and shared with your team members to enable them to build further automations with no-code simplicity.
To create new steps and content, there’s no need to start from scratch each time. Torq allows you to take any API-based step from the Torq public library and switch it over to its raw HTTP mode. You can then modify it to fit any specific need or requirement, like adding new optional parameters, updating API paths, or making any other changes, and convert it back into its fully no-code parameterized form. These new versions of steps can again be saved to your custom steps library. Should you choose to share them with the entire Torq user community, they can also be published to the public step library.
Torq’s content team and technical partners use precisely this method to expand Torq’s public step library. They build Torq steps with Torq’s step builder, test them by using them in automations, and finally, after validation, publish them. By having these extremely quick building and testing processes, in-app, new content in Torq can be published within hours instead of weeks and months in legacy SOAR systems, all while providing a mature content management system, complete with seamless content updates, notifications, and tracking for changes.
Conclusion
Torq has reimagined the approach to security automation by focusing on security hyperautomation and seamless content creation, unlike legacy SOAR solutions that necessitate specialized software development skills to achieve simple integrations. Torq provides an extensible platform that leverages containerized logic and an extensive, user-friendly library of no-code steps to get you automating in minutes. Our approach frees your security analysts from the constraints of needing to become API experts and instead lets them focus on what matters most: securing your organization and digital assets.
Want to learn more about how Torq can dramatically enhance your security workflows so you can stay ahead of emerging threats? Test drive Torq Hyperautomation, here: https://torq.io/demo/
