Security operations professionals are constantly being pushed to the edge of their capacities. They’re dealing with endless manual processes and managing tasks sequentially, because of the limitations of their security tools and options. They’ve dreamed of being able to execute more tasks simultaneously to quickly enrich, analyze, contain, and resolve security threats.
Today, Torq is proud to introduce Parallel Execution, which makes those capabilities a reality. Parallel Execution is a significant evolution for no-code security automation that enables you to instantly create multiple branches within an automatic workflow, and handle each concurrently before seamlessly merging back into a single flow.
While some SOAR platforms claim to support parallel processing, these solutions require massive engineering efforts to deploy. Some low-code platforms try to simulate parallel processing functionality by creating workarounds, but are in actuality asynchronous processing with deduplication managed by code. In the end, these attempts are not scalable, meaning they cannot effectively improve MTTA, MTTR, or the overall efficiency of your security operations.
Torq is delivering on the promise of true no-code parallel computing, to provide easier workflow design, adaptable iterating, and more powerful execution, which security teams have long been asking for. Now, teams can focus on actual security responses without sacrificing precious time and resources to develop the workflows that deliver them.
Here’s how Torq’s new Parallel Execution capability works:
Run Steps in Parallel
Parallel Execution allows users to drop in a simple step to branch workflows “horizontally,” execute each branch in parallel, then instantly merge the output back into a single workflow. Before, if a user wanted to accomplish this process in an older SOAR platform, it would require hours of engineering digging into code or defining the minutiae of complex deduplications for each case.
This functionality can exponentially speed up tasks like threat intelligence enrichment, enabling users to check multiple sources at once. Instead of waiting for one check before moving to the next, each source is checked simultaneously, reducing total execution time from the cumulative total down to whichever the ‘slowest’ source is.
Inserting Parallel Execution into Torq workflows using drag-and-drop
Parallel Execution can also distribute work more efficiently. For example, when an incident response requires input before proceeding, but the input can be from anyone within a finite list. Instead of pinging the analyst on-call, waiting for response or time out, then moving on to the resource owner, a message can be sent to the complete list of possible responders.
The operator can also support so-called “long queries” in which large datasets need to be queried, but the outcomes are not codependent. A workflow can simultaneously query a data lake, cloud graph, and SIEM, again reducing total execution time to whichever query is the slowest, instead of the cumulative time for each source.
These are just a few examples of use cases where running steps in parallel can be helpful. The functionality is incredibly flexible, and because it is so easy to include in a workflow, customers will have many opportunities to explore which environments and processes it can be used to improve efficiency.
A New Era for Security Automation
We are thrilled to provide the industry’s first true example of no-code parallel processing. But we are even more proud of where this can take teams once they adopt Torq.
Until now, security automation tools have been, at best, asynchronous, meaning they’re rigid and poorly suited for handling urgent escalations and different service level requirements. Security teams need more nimble and responsive tools that allow them to operate in realistic conditions, which sometimes involve as many as 1,000 simultaneous events. These first-generation SOAR and low-code tools also require significant additional effort to deduplicate outputs.
With earlier solutions, if an organization wanted to automate a security process, it would need to map out every step along the way, name or create roles for those responsible, build operational structures to enforce those steps and roles, document each potential permutation, develop or purchase the many needed connectors for the systems involved, script and code the minutiae of data manipulation, and then finally cross their fingers that the correct action comes out the other side.
One of the unspoken laws in this chain is that Step X must always come before Step Y, and both must return a value before moving on to Step Z, regardless of whether that is how the real world operates.
Torq not only releases organizations from the restrictions of linear processes, but does so in a way that is so simple it is usable for even the most mundane of routine security processes.
No longer are security teams required to toil away at menial tasks, saving automation for only the most daunting response workflows. Using simple drag-and-drop functionality, anyone can put Torq to work using pre-coded steps, templatized workflows, and unfettered integrations.
Because Torq automations can be developed and edited at-will, teams are free to experiment with new processes, and free to design workflows that match their real operations, rather than molding their processes to their tools.
Users have all of the modern functionality available to their developer and DevOps peers, like publishing and version controls, contextual documentation, and collaborative editing. Operating with a git-style or even a true GitOps development experience helps teams better understand and manage a workflow across its lifecycle, and better aligns them with DevSecOps methodologies.
Begin Executing in Parallel, Today
The Parallel Execution capability, as well as the workflow templates that use it, are available to Torq users, today. You can find them in the workflow designer and template libraries, respectively, or your customer success manager would be glad to walk through them with you.
Parallel Execution Demo Templates
We’ve prepared a few workflow templates that already utilize and demonstrate the power of this new functionality. Torq users can begin deploying these right away.
- CVE Search in Wiz, Snyk, and Armis with Jira Issue Tracking
On mention from Slack, search for CVE across Wiz, Snyk, and Armis. Then, report on findings in Slack and open/update Jira parent and child issues.
- Retrieve and Normalize data on a hash
Lookup threat intelligence data from a number of sources, aggregate the findings, and then normalize a score for the provided file hash.
Future Torq users can request a live demonstration and set up a demo account to test these new features themselves through our get started page.