How Valvoline Hyperautomated Their SOC in Just One Week

Retail cybersecurity teams face a perfect storm: high-volume, low-signal alerts, a massive surface area across stores, POS systems, cloud apps, and third-party vendors, and an environment where any delay in response can lead to reputational and revenue damage.

Yet most retail SOCs are held back by aging infrastructure and brittle tools. Alert fatigue, false positives, and manual workflows turn shifts into chaos. Legacy SOARs aren’t helping; they’re often the problem.

To survive and scale, retail SOCs need automation that’s fast to deploy, easy to use, and flexible enough to handle diverse systems and real-world incident volume. That’s Torq Hyperautomation™. Valvoline faced these exact challenges — and overcame them — by replacing their brittle legacy SOAR with Torq, transforming their SOC in just one week.

Retail SOC Cybersecurity Challenges

Retailers handle massive volumes of customer data, making them prime targets for cybercriminals. At the same time, they face growing IT complexity across stores, e-commerce platforms, and third-party vendors. Legacy systems, minimal in-house resources, and constant alert fatigue make defending against modern threats increasingly difficult.

Top retail threats include:

• Phishing and social engineering: Used to steal customer credentials or launch broader attacks.
• Ransomware: Often triggered by phishing, disrupting business operations and demanding costly ransoms.
• Third-party & IoT risks: Unsecured vendors and smart devices expand the attack surface dramatically.
• Credential attacks: From fake accounts to credential stuffing, bots wreak havoc on authentication systems.
• DDoS and web exploits: Automated attacks can bring down retail systems and erode customer trust.

To stay resilient, modern retail SOCs need security automation that neutralizes threats faster than attackers can exploit them, without increasing analyst burden.

Hyperautomation: A Better Way to Automate the Retail Industry

When Corey Kenning became Senior Director of InfoSec at Valvoline, he inherited a challenge familiar to many security leaders: Legacy SOAR that broke more than it built. His SOC had been cut in half during a major divestiture, and their deeply customized, brittle SOAR couldn’t keep up. Only a few SMEs could operate it, and everyone else was blocked.

“We needed a platform that didn’t require hard-to-find coding skills. Our SOAR was slowing us down, not scaling us up,” Corey shared. What followed was a full transformation of Valvoline’s security operations — one powered by Torq Hyperautomation™ for automation in retail.

How Valvoline Hyperautomated Their SOC

Valvoline put Torq to the test in a head-to-head proof of value. Within 48 hours, they were live. Within a week, they were running real automation in production.

• Their Rapid7 integration, which had stalled for hundreds of hours in their SOAR, was live in less than a week in Torq.
• Phishing triage, once eating up to 12 hours per day, became a fully automated workflow, slashing workload by 6–7 analyst hours daily.
• Containment actions — password resets, session terminations, and more — became automatic, logged, and auditable via Torq’s built-in case management.
• Non-developers could use no-code/low-code drag-and-drop workflows, which made it easy for anyone on the team to contribute.

“Torq takes the vision that’s in your head and actually puts it on paper and into practice.”

Corey Kenning, Senior Director of InfoSec at Valvoline

From Reactive to Proactive: The SOC of the Future

With Torq, retail companies like Valvoline can move from reactive response to a strategic focus.

• Anyone can build: Drag-and-drop workflows let even non-developers create automation.
• Analysts reclaim their time: Repetitive Tier-1 tasks became automated, eliminating alert fatigue.
• Response becomes instant: Clicking a malicious link now triggers a fully automated incident response workflow — no manual intervention required.
• Case management got smarter: Built-in automation tracks every action and provides rich incident metrics.

Why Retail SOCs Are Turning to Hyperautomation

Torq isn’t just a better product — it’s a better partner.

From onboarding to enablement, SOC teams are supported by a dedicated Customer Success Manager, Solutions Architect, and content resources at every step. And because Torq is built for scale, Valvoline is now expanding automation to adjacent teams like identity and fraud.

What once took weeks or months now takes days. The Valvoline team is delivering more value with fewer resources — and doing it without waiting on developers or vendors.

Torq Hyperautomation gave Valvoline the speed, flexibility, and confidence they needed to scale security without scaling burnout. Within 48 hours, they were live. Within a week, they were automated. And, they’re just getting started with all that they can do with Torq.

See how Valvoline replaced legacy SOAR, automated phishing triage, and transformed their retail SOC in just one week with Torq Hyperautomation.