Jason Chan on How Torq Overcomes Cybersecurity’s Biggest Challenges
By Torq
December 19, 2022
2 Minute Read
Jason Chan is one of the world’s foremost cybersecurity authorities and we’re extremely proud to have him as a member of the Torq Advisory Board. He’s a pivotal figure in driving adoption of security automation best practices at many companies, including Netflix, where he led the information security organization.
In our third and final Chan video series, he discusses one of the most important challenges in cybersecurity: making cyberthreat identification, management, and remediation as simple as possible for professionals of all backgrounds and technical abilities.
Chan advocates for getting more people involved in cybersecurity and promoting the concept of interoperability across the security stack. He discusses how Torq reduces the barriers for entry into the world of security automation, and why as a result, it’s a force multiplier for practitioners to deliver the strongest security posture possible and move faster than ever to deliver maximum impact.
Watch the video below and learn more about Chan’s perspectives on Torq:
Take Action Today Learn how to get started with security automation by reaching out to the professionals at Torq. You’ll learn more about the Torq platform and how we’ve helped myriad organizations achieve and exceed their security goals.
Torq Users Hit 1,000,000+ Daily Security Automations
By Torq
December 5, 2022
4 Minute Read
Security automation is an increasingly critical element in optimizing enterprise cybersecurity postures. Today, Torq announced its users are executing more than 1,000,000 daily security automations using our security automation platform – a major milestone that underlines the traction and importance of unifying today’s complex security stacks. The exponentially-expanding usage of Torq also reflects the current macroeconomic climate, in which security leaders are being asked to maximize the value of their existing security infrastructure, as well as ensure staff are focused on higher-level management and critical incident response.
Torq’s modern security automation approach is helping security teams address these priorities, allowing teams of any size to quickly create, deploy, and iterate on automated responses to otherwise-unpredictable events.
Introducing Torq Insights
A key element of the Torq platform is our latest innovation: Torq Insights. It’s a comprehensive reporting and analytics overlay that provides the operational data needed to consistently manage, monitor, and iteratively evolve the security automation stack, to ensure it’s providing maximum protection while driving optimal efficiency.
From Automated Processes to Automation Programs
First-generation SOARs were introduced to the market as a way to add repeatability and predictability to security operations. While powerful, these platforms are difficult to deploy and generally designed only for a few threat response use cases. The need for more effective security automation remained.
Recognizing the gap between SOAR platforms and the need for more universal security automation, solution providers have begun to offer limited automation functionality within their platforms. The result is still piecemeal automation, only exacerbated by disparate approaches and processes.
While there may be more automation than ever, Torq believes quality and efficiency has suffered. To truly realize the benefits of security automation, Torq closes these gaps by consolidating automation efforts, lowering the technical barriers to automated workflows, and now providing the analytical feedback necessary to truly optimize security automation. As a result, our users are benefiting from:
Increased predictability of security responses
Maximum benefits from the tools they’ve already invested in
A clear set of data that helps teams improve overall security efficiency
A solution powerful enough for the most complex threat responses, yet easy enough to deploy that it can be used for the smallest of repetitive security tasks
“Torq Insights shows me how actively my team is using the platform to improve our overall security posture and makes everyone’s lives easier and more productive,” said Phillip Tarrant, SOC Technical Manager, Compuquip. “It allows me to see my teammates’ progress with Torq by showing the value they’re getting out of it. The ‘total runs’ analytics capability is huge. It’s amazing to see that Torq is handling 80.8K runs a week for Compuquip without a single hiccup.”
A New Standard for Automation Management
Torq Insights is available to all Torq users. Current users can now simply click on “Insights” above the Workflows page in the app. With Torq Insights, users can instantly find data like total time saved by automated workflows, how many workflows are in production at a given time, and the most active workflows, among other information.
Security automation analytics with Torq Insights
Users will soon be able to assess their automation programs against common security frameworks, compare performance and effectiveness of internal use cases, and align to industry best practices, all while integrating with wider business intelligence reporting.
Get Access to Advanced Automation Insights Today
Existing Torq users can use the new dashboard right away.
Torq’s No-Code Security Automation Solution Now Available in AWS Marketplace
By Torq
November 21, 2022
2 Minute Read
Torq is proud to announce the immediate general availability of its no-code security solution in AWS Marketplace, the curated digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
Torq’s presence on AWS Marketplace streamlines and shortens the procurement process to handle the exponentially-increasing demand for our solution serving Fortune 500 enterprises to fast-growing medium-sized companies and small innovative businesses across every industry vertical.
Our availability on the AWS Marketplace, as well as private offers, provide Torq the flexibility to customize our offering for AWS-based cloud-native customers, while ensuring the smoothest purchase and deployment processes possible. This reduces overhead and complexity for Torq and its customers alike.
An improved vendor onboarding process, resulting in a 75% reduction in onboarding efforts for new vendors
Reduced time processing invoices, leading to a 66% reduction in time spent due to procurement efficiencies
Increased licensing flexibility, leading to a 10% reduction in licensing costs
With Torq in AWS Marketplace, it has never been easier for customers to rapidly access and implement our industry-leading solution to ensure the strongest security posture possible against all cyberthreats. Learn more and purchase Torq in AWS Marketplace
Torq Announces Advisory Board Featuring Global Cybersecurity Visionaries
By Torq
November 21, 2022
4 Minute Read
Torq is extremely proud to announce the formation of the Torq Advisory Board, a group of some of the world’s most respected cybersecurity professionals, including several industry-leading CISOs and heads of information security. All of our advisors have made major impacts in cybersecurity for their companies, and for the industry at large. They have strongly advocated leveraging cutting edge technologies to drive greater effectiveness and productivity across organizational cybersecurity ecosystems, positively impacting systems, processes, and people.
Our Advisory Board is helping guide Torq as we further expand our Security Automation offerings and capabilities, serve more and more global enterprises, and continue to integrate the majority of cybersecurity systems into our platform.
Members of the Torq Advisory Board include:
Jason Chan, Former VP of Information Security, Netflix
Jason has more than 20 years of experience working in cybersecurity, including adopting security automation, cloud security, and enhancing security in modern software development practices. Jason’s most recent career experience was leading the information security organization at the video streaming behemoth Netflix for more than a decade. His Netflix team set the bar extraordinarily high, focusing on sophisticated risk assessment and management, and compliance management strategies and approaches.
Talha Tariq, CISO, HashiCorp
In his role at HashiCorp, Talha is responsible for protecting the security of his company, customers, and partners as it provisions, secures, connects, and runs cloud infrastructure for their most important applications. He has 15 years of experience building and scaling security programs from startups to Fortune 100 organizations. Prior to HashiCorp, Talha served as CISO at Anki where he was responsible for corporate information security, product and application security, privacy engineering, security operations, and incident response. Talha also served as Director of Security Consulting at PwC, advising clients across a range of industries on matters related to data breaches, hacking events, security program development, and threat assessments.
Yaron Slutzky, CISO, Agoda
Yaron is responsible for security at Agoda, one of the world’s fastest growing-online travel booking platforms. From its beginnings as an e-commerce start-up based in Singapore in 2005, Agoda has grown to offer a global network of two million properties in more than 200 countries and territories worldwide. It provides travelers with easy access to a wide choice of luxury and budget hotels, apartments, homes, and villas. Headquartered in Singapore, Agoda is part of Booking Holdings and employs more than 4,000 staff in more than 30 countries. Prior to Agoda, Yaron was CISO at Cellcom, and Information Technology Director at Numark Innovations.
Bill McKinley, CISO, SigFig and former Head of Information Security at The New York Times
Bill serves as CISO for SigFig, an enterprise financial technology firm that develops next-generation products for financial institutions, advisors, and their customers. Through its partnerships with financial institutions including Wells Fargo, UBS, and Citizens Financial, SigFig’s wealth management tool is available to over 70 million consumers. Prior to SigFig, Bill was Head of Information Security at The New York Times, Vice-President of Infrastructure Engineering at AllianceBernstein, and Senior Infrastructure Engineer Team Lead at JP Morgan.
We are also very fortunate to have Stephen Ward, Managing Director at Insight Partners, as part of our board of directors.
At Insight Partners, Stephen focuses on investments in cybersecurity. Prior to joining Insight, Stephen was CISO at The Home Depot, where he provided progressive direction over cybersecurity and technology risk. He is also a Board Member at Mimecast and served on the board of Cloudknox, which was recently sold to Microsoft. His innovative approach has led to malware-related patented technology and he has received award recognition from his industry peers in cybersecurity. Stephen has over 20 years of experience in cybersecurity, physical security, fraud and technology risk acquired throughout his career in both the public sector (U.S. Secret Service) and the private sector (JPMorgan Chase and TIAA).
It’s a real honor and privilege to be working with these cybersecurity luminaries and to have them advise Torq as we further deliver on our incredible potential to customers, partners, and investors. We’re looking forward to further collaboration with them all in the years ahead as we take Torq to even greater heights of success.
We’re extremely happy to announce that Torq has joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
The CSA has more than 80,000 members worldwide and has been endorsed by the American Presidential Administration, which selected the CSA Summit as the venue for announcing the federal government’s cloud computing strategy. It also collaborates with global policy makers to support and evolve key cloud security initiatives, such as the National Institute of Standards and Technology (NIST) and the European Commission.
Torq is proud to collaborate with the CSA going forward, and work with its large-scale community of industry practitioners, associations, governments, and corporate and individual members as it evolves the no-code security automation space, and introduces critical innovations in the coming months and years. Torq will also benefit from the CSA’s cloud security-specific research, education, training, certification, and events.
We are proud to be part of the CSA’s mission to create and maintain a global, trusted cloud ecosystem with positive, forward-looking outcomes for its members, customers, and the world at large alike.
With visibility and transparency top of mind, we display the CSA logo in our Trust Center alongside our other key compliance certifications, which include ISO 27001 and SOC 2.
Jason Chan on Harnessing Security Automation to Manage Cyberthreat Complexity
By Torq
October 19, 2022
2 Minute Read
Torq is extremely proud to have Jason Chan on our advisory board. Jason has more than 20 years of experience working in cybersecurity. He’s one of the world’s leading experts in adopting security automation, cloud security, and enhancing security in modern software development practices.
Jason’s most recent career experience was leading the information security organization at Netflix for more than a decade. His Netflix team set the bar extraordinarily high, focusing on cutting edge risk assessment and management, and compliance management strategies and approaches.
I had the privilege of being able to have a discussion with Jason, exploring the positive impacts security automation is having on organizations of all sizes, worldwide. In the first part of our conversation, “Harnessing Security Automation to Manage the Complexity of Today’s Threat Landscape,” Jason discusses the fact that while cyberthreats are increasing exponentially, it’s becoming increasingly difficult to hire people to address this escalation. As Jason puts it, “The question is how do we get the most out of the resources we have and prioritize the issues we need to address most critically?”
Watch the first part of our conversation in video below and learn all about Jason’s perspective on how security automation addresses these challenges by maximizing the impact of the security systems, processes, and people organizations already have in place, and breaking down security silos:
Take Action Today Learn how to get started with security automation by reaching out to the professionals at Torq. You’ll learn more about the Torq platform and how we’ve helped myriad organizations achieve and exceed their security goals.
Everyone loves automation, and it can be easy to assume that the more you automate, the better. Indeed, falling short of achieving fully autonomous processes can feel like a defeat. If you don’t automate completely, you’re the one falling behind, right?
Well, not exactly. Although automation is, in general, a good thing, there is such a thing as too much automation. And blindly striving to automate everything under the sun is not necessarily the best strategy.
Instead, you should be strategic about what you do and don’t automate. Even if you have the tools and resources to automate certain parts of a process, you may not actually want to automate them.
The Benefits of Automation
To understand the argument for being selective about the processes you automate, let’s go over the key benefits that teams are usually trying to achieve when they automate something. Typically, those benefits include:
Faster results.
Less time spent by engineers on manual processes.
Greater consistency and a lower rate of errors.
Repeatability.
We could go on, but these bullet points summarize the main goals of most automation projects.
When to Automate and When Not to Automate
Now, if you think critically about how best to pursue the goals we’ve just described, you’ll realize that fully autonomous processes aren’t always the best ways to achieve the goals. Let’s go through each one carefully.
Faster Results
Automation can speed up processes by allowing operations to proceed without waiting on humans to sign off.
The caveat, however, is that if your automation tools run into a situation where they can’t make a decision about how to achieve something – which happens when a variable is introduced that your automation workflow didn’t anticipate – you can end up with more of a delay than you would face if you had a human in the loop to oversee things. You’ll probably get results much more slowly from a fully autonomous process that goes awry than you will from a process where you have a human in the loop to react to unexpected conditions.
Less Engineer Time
By a similar token, the total time that engineers have to invest in operations work may be lower if not all of your processes are completely automated.
The reason why is that if something goes wrong within a fully autonomous process, the response is likely to be highly distracting and time-consuming for your team. But, if you had a human in the loop to begin with, you’d face a lower risk of a disruption that would require an extensive manual response.
Greater Consistency
Automation is a good way to keep processes consistent — so long as those processes are 100 percent predictable and reliable.
But, when there are variables, or when you are dealing with a process where each use case is unique, automation won’t always breed consistency — at least, not the kind of consistency you want. It would be better to keep a human in the loop so that the human could react as needed to special circumstances.
Repeatability
It may be easier to reuse automation tooling, too, when you keep humans plugged into your automated processes.
The reason why is that — once again — each process may be unique, and so you can’t simply lift and shift the automations you’ve created for one process and apply them to a different one. But, if you leave some responsibility to humans, it becomes easier to keep your workflow adaptable enough so that you can use the same automations repeatedly, leaving it to the human to interpret the unique variables within each process and adapt the automations as required.
Using Partial Automation
To illustrate the points above, let’s consider a common process that might seem like a candidate for total automation, but actually is not.
The process is Just In Time (JIT) permissions granting. The goal of JIT permissions is to grant access rights when a user needs them, and revoke them when they are no longer necessary. Having humans configure these permissions each time in a totally manual way is not scalable, so you may think that you would want to automate the process as fully as possible.
But, in reality, it would make more sense to automate only part of your JIT permissions operations. You could automatically collect account and user information, for example, and use these to generate updated access control policies automatically.
But if you actually apply the policies automatically, you run the risk of something unexpected happening with highly negative security consequences. Maybe a user is requesting a JIT permissions update to access a system that was recently moved from testing to production, and that therefore has stricter access requirements. But your automation tooling isn’t aware of that change, so it will grant the permissions without considering the unique circumstances of the request in question.
If you require a human to sign off on the permissions change, however, there is a higher chance that the oversight will be caught. Manual sign-off could delay the process slightly, but the delay should not be significant if the rest of the process is well-automated.
Conclusion: The Limits of Automation
To be clear, we’re not saying automation is a bad thing, by any means.
What we are saying is that there are points within processes where full automation doesn’t always make sense. Although it may seem counterintuitive, there’s value in requiring human participation, even if making processes fully autonomous is a possibility.
How Wiz and Torq Combine to Mitigate Existential Cloud Security Threats
By Leonid Belkind
September 23, 2022
5 Minute Read
A single cloud securityincident can stop an enterprise in its tracks, sometimes resulting in irreparable damage to its operation, reputation, and customer loyalty. One key strategy for preventing such incidents is combining complementary cybersecurity tools to defeat threats at scale.
A coherent Cyber Security Incident Response Planning (CSIRP) approach requires enterprises to select and integrate the right tools before a security incident occurs. Torq’s next-generation orchestration and automation capabilities combined with Wiz Cloud Detection & Response empowers forward-thinking security teams to analyze cloud events and alerts from services like Amazon GuardDuty alongside the rich context provided by the Wiz Security Graph.
“The combination of Torq’s no-code security automation approach that delivers immediately actionable response and Wiz’s comprehensive contextual and accurate malicious activity identification means we can focus on high-level threats without being overwhelmed by cloud alerts. Torq and Wiz work seamlessly together to give us a major real-time advantage in mitigating the ever-evolving cloud-based threat landscape.” CISO of a major gaming company
Customers are already seeing that combining Torq and Wiz means the whole is far greater than the sum of the parts.
Achieve a Coherent CSIRP with Wiz and Torq
In its Computer Security Incident Handling Guide (Special Publication 800-61), NIST advises organizations to strengthen their capabilities in four broad areas:
Preparation
Detection and Analysis
Containment / Eradication / Recovery
Post-Incident Lessons Learned and Documentation
To better understand these areas, let’s apply them to a hypothetical brute-force attack.
Preparation
To be prepared for a brute force attack, you should:
1. Set up the infrastructure to identify potential attacks
Amazon GuardDuty can continuously monitor network and endpoint activity in production cloud environments to detect brute force attacks (amongst many others). Furthermore,Amazon CloudWatch Events or Amazon EventBridge should be configured to monitor events on new or updated GuardDuty findings. These events will later be consumed by an automation and orchestration system to enrich, analyze, and remediate the issues.
2. Analyze the assets’ context
Understanding the topology of your cloud environment, maintaining up-to-date connection states, and knowing which assets have access to sensitive data are critical to prioritizing response efforts to an attempted brute force attack. The Wiz Security Graph discovers and correlates these signals, providing incident responders with important context. For example, Wiz will alert on an SSH brute force attack when attempted on a publicly exposed asset that allows password authentication and has high permissions to the organization’s cloud environment.
3. Orchestrate analysis and resolution
Notifications of new potential threats must be handled and interpreted consistently and programmatically (i.e. with minor involvement of human analysts) in order to operate at scale. Torq allows enterprises to automate data and response flows generated by the Wiz Security Graph, making it possible to route remediations either directly to DevOps or after a quick triage process of the security team. The owners of the at-risk assets receive all the relevant contextual information around the alert to quickly resolve the issue and shorten the MTTR significantly. Torq’s no-code automation platform lets you build these workflows from scratch, leverage hundreds of security process templates, and adjust them to the needs of every environment.
Here’s how Torq combines with Wiz to create autonomous responses to security events:
The detection stage begins with Wiz delivering an alert based on an Amazon GuardDuty event together with the context of the cloud environment. The alert immediately drives the execution of an automated response workflow in Torq.
Analysis
In the analysis stage, contextual data about external exposure to the asset is retrieved from Wiz Cloud Security Graph as part of the alert. If there was internal exposure, further analysis would be conducted to understand the possible connections between the attacked asset and the crown jewels that might be exposed to it.
Containment
In the containment stage, particular sources of the attack can be blocked by modifying the Security Groups and Access Control Lists, as well as by prompting an additional wider response to the potential threat. Further eradication of an issue can be achieved by orchestrating changes in the configuration of the cloud assets to improve their security posture and by enforcing multi-factor authentication and strong passwords.
Torq enables enterprises to respond by both triggering containment flows and alerting the relevant teams in the organization on the event, preventing them from wasting crucial time.
Post-Incident
The incident audit trail is created to chroniclelessons learned to better mitigate related threats in the future. Security teams can use the audit trail together with the visibility they get from the Wiz Security Graph to identify potential weak points and work to mitigate them in advance
Learn more
To learn more,see how you can reduce alert fatigue and focus on the most critical security gaps withWiz andGet Started withTorq’s no-code security automation platform to handle these and similar threats at scale.
Torq Delivers on the Promise of Parallel Execution
By Torq
September 15, 2022
6 Minute Read
Security operations professionals are constantly being pushed to the edge of their capacities. They’re dealing with endless manual processes and managing tasks sequentially, because of the limitations of their security tools and options. They’ve dreamed of being able to execute more tasks simultaneously to quickly enrich, analyze, contain, and resolve security threats.
Today, Torq is proud to introduce Parallel Execution, which makes those capabilities a reality. Parallel Execution is a significant evolution for no-codesecurity automation that enables you to instantly create multiple branches within an automatic workflow, and handle each concurrently before seamlessly merging back into a single flow.
While some SOAR platforms claim to support parallel processing, these solutions require massive engineering efforts to deploy. Some low-code platforms try to simulate parallel processing functionality by creating workarounds, but are in actuality asynchronous processing with deduplication managed by code. In the end, these attempts are not scalable, meaning they cannot effectively improve MTTA, MTTR, or the overall efficiency of your security operations.
Torq is delivering on the promise of true no-code parallel computing, to provide easier workflow design, adaptable iterating, and more powerful execution, which security teams have long been asking for. Now, teams can focus on actual security responses without sacrificing precious time and resources to develop the workflows that deliver them.
Here’s how Torq’s new Parallel Execution capability works:
Run Steps in Parallel
Parallel Execution allows users to drop in a simple step to branch workflows “horizontally,” execute each branch in parallel, then instantly merge the output back into a single workflow. Before, if a user wanted to accomplish this process in an older SOAR platform, it would require hours of engineering digging into code or defining the minutiae of complex deduplications for each case.
This functionality can exponentially speed up tasks like threat intelligenceenrichment, enabling users to check multiple sources at once. Instead of waiting for one check before moving to the next, each source is checked simultaneously, reducing total execution time from the cumulative total down to whichever the ‘slowest’ source is.
Parallel Execution can also distribute work more efficiently. For example, when an incident response requires input before proceeding, but the input can be from anyone within a finite list. Instead of pinging the analyst on-call, waiting for response or time out, then moving on to the resource owner, a message can be sent to the complete list of possible responders.
The operator can also support so-called “long queries” in which large datasets need to be queried, but the outcomes are not codependent. A workflow can simultaneously query a data lake, cloud graph, and SIEM, again reducing total execution time to whichever query is the slowest, instead of the cumulative time for each source.
These are just a few examples of use cases where running steps in parallel can be helpful. The functionality is incredibly flexible, and because it is so easy to include in a workflow, customers will have many opportunities to explore which environments and processes it can be used to improve efficiency.
A New Era for Security Automation
We are thrilled to provide the industry’s first true example of no-code parallel processing. But we are even more proud of where this can take teams once they adopt Torq.
Until now, security automation tools have been, at best, asynchronous, meaning they’re rigid and poorly suited for handling urgent escalations and different service level requirements. Security teams need more nimble and responsive tools that allow them to operate in realistic conditions, which sometimes involve as many as 1,000 simultaneous events. These first-generation SOAR and low-code tools also require significant additional effort to deduplicate outputs.
With earlier solutions, if an organization wanted to automate a security process, it would need to map out every step along the way, name or create roles for those responsible, build operational structures to enforce those steps and roles, document each potential permutation, develop or purchase the many needed connectors for the systems involved, script and code the minutiae of data manipulation, and then finally cross their fingers that the correct action comes out the other side.
One of the unspoken laws in this chain is that Step X must always come before Step Y, and both must return a value before moving on to Step Z, regardless of whether that is how the real world operates.
Torq not only releases organizations from the restrictions of linear processes, but does so in a way that is so simple it is usable for even the most mundane of routine security processes.
No longer are security teams required to toil away at menial tasks, saving automation for only the most daunting response workflows. Using simple drag-and-drop functionality, anyone can put Torq to work using pre-coded steps, templatized workflows, and unfettered integrations.
Because Torq automations can be developed and edited at-will, teams are free to experiment with new processes, and free to design workflows that match their real operations, rather than molding their processes to their tools.
Users have all of the modern functionality available to their developer and DevOps peers, like publishing and version controls, contextual documentation, and collaborative editing. Operating with a git-style or even a true GitOps development experience helps teams better understand and manage a workflow across its lifecycle, and better aligns them with DevSecOps methodologies.
Begin Executing in Parallel, Today
The Parallel Execution capability, as well as the workflow templates that use it, are available to Torq users, today. You can find them in the workflow designer and template libraries, respectively, or your customer success manager would be glad to walk through them with you.
Parallel Execution Demo Templates
We’ve prepared a few workflow templates that already utilize and demonstrate the power of this new functionality. Torq users can begin deploying these right away.
Retrieve and Normalize data on a hash Lookup threat intelligence data from a number of sources, aggregate the findings, and then normalize a score for the provided file hash.
Future Torq users can request a live demonstration and set up a demo account to test these new features themselves through our get started page.
Why Torq’s Momentum Mirrors the Exponential Adoption of No-Code Security Automation
By Torq
August 22, 2022
3 Minute Read
In just three quarters since Torq was officially launched, our visionary team has delivered a 385% increase in customers, resulting in 360% quarter-over-quarter growth. We’ve also boosted our headcount by 150% and now have more than 100 technology integration partners, including Armis, Orca, SentinelOne, and Wiz. In addition, we recently opened new offices in the UK, Spain, and Taiwan
Our no-code security automation innovations are paying dramatic dividends for our ever-increasing customer base. We serve organizations of all sizes as they face incredibly challenging, complex, and dramatically-escalating cyberthreats. We’re mitigating those threats at every conceivable incursion point, and emancipating overworked security teams from manual, reactive processes, so they can focus on remediation and response.
I take Torq’s dedication to providing our customers the highest level of protection very personally. I began my career as a technologist and software engineer, then shifted into the world of cybersecurity, and then became an entrepreneur when I co-founded Luminate in 2017 and Torq in 2021. I was inspired by seeing how many earlier industries were revolutionized by automation.
Back when I began my career as a software engineer, all my software testing was done manually. We had QA engineers repeating the same testing procedures over and over on each and every build of my product to verify it worked correctly. That era is long gone. Today’s modern software development processes benefit from automated QA on multiple levels. Manual testing is exclusively the domain of the most complex and creative tasks, if it’s done at all.
The Security Operations world is now increasingly harnessing the value of automation. Previously, the industry was based on simply delivering “alerts” about potential malicious activity and “reports” on vulnerabilities or misconfigurations, all of which had to be reviewed and dealt with manually. Virtually everyone understands this model is archaic and creates more problems than it solves.
Both of Torq’s production environments, which include running in the cloud, and our often SaaS-based business line applications, are rapidly evolving. It’s simply not scalable to conduct manual security operations across these complex scenarios. It’s why organizations of all types and sizes are harnessing the potential of automation to ensure continuous compliance and the strongest security posture possible.
This change is akin to an industrial revolution for cybersecurity and it’s why Torq is experiencing such significant adoption. We’re working with organizations from Fortune 10 goliaths to high-velocity startups and solving major cybersecurity challenges for all of them. They’re all dealing with similar issues as they strive to protect myriad assets from the tens or hundreds of thousands of security events they face daily. Without automation, there simply isn’t a way to effectively mitigate the situation.
I couldn’t be more pleased to see the positive benefits our customers are experiencing. And I couldn’t be more proud of the Torq team that’s so dedicated to pushing the technological envelope. They’re constantly delivering new innovations to make the customer experience as simple, yet powerful and comprehensive as it can be.
We’ve only just begun the Torq journey. I can’t wait to show you everything that’s coming up in the near- and long-term. Our customers and employees represent a true community. It’s our pleasure and privilege to play such an important role in protecting today’s digital-first organizations.
