GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. GigaOm applies proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation, empowering enterprises to successfully compete in a changing business atmosphere.

GigaOm recognizes Torq as the only Hyperautomation vendor capable of delivering true autonomy to the SOC without vendor lock-in.

For years, security teams have grappled with relentless alert fatigue and burnout, exacerbated by disjointed security tools like SIEMs and SOARs. Legacy security vendors have tried to address this by cramming disconnected solutions into “all-encompassing” SecOps platforms, and many have now falsely tacked on “autonomous SOC” and “Hyperautomation” claims to their products. 

Security teams can’t afford to invest in another expensive, hard-to-maintain platform that doesn’t deliver on its promise of autonomy and automation — so where should they turn?

GigaOm’s newly-released Autonomous SOC Radar Report confirms: Torq Hyperautomation is the clear frontrunner in realizing the autonomous SOC vision and delivering the autonomy SOC teams have long been promised.

What is an Autonomous Security Operations Center (SOC)?

While legacy vendors now claim to offer SOC autonomy, true autonomy isn’t achieved by locking users into rigid, all-in-one platforms. These legacy solutions contributed to the very burnout problem that led to a talent shortage of 4 million security professionals. Their proposed solution? Dump more cash into the same outdated platforms.

A genuinely autonomous SOC leverages advanced automation and AI to handle manual and routine security tasks, accelerating response times, enhancing threat management, and ultimately safeguarding the well-being of SOC analysts. The most efficient path to this goal involves breaking down silos between security tools, enabling seamless communication and streamlined security operations across a modern, best-of-breed tech stack.

Simply put, it isn’t possible to achieve an autonomous SOC without automation. Torq is the only vendor solely dedicated to empowering security teams to automate more, faster.

“Torq is the only vendor positioned in the Innovation/Feature Play quadrant, as it is the only non-SIEM solution featured in the report, which also explains its differentiated position.“

– Andrew Green, Research Analyst for Networking & Security, GigaOm

Torq is the Only Hyperautomation Vendor Listed in GigaOm’s Autonomous SOC Report

Hyperautomation is the next evolution in scalable autonomous security operations. By definition, Hyperautomation requires enterprise-grade scalability, availability, and connectivity — essentially solving the challenges caused by these large legacy vendors. While the idea of the autonomous SOC is centered around the ability to automate everything, similarly, Hyperautomation is built on a foundational ability to integrate with anything. 

Torq’s recognition as the only Hyperautomation vendor in GigaOm’s Autonomous SOC Radar report underscores that unique position in the security operations landscape. 

Frameworks coming into law, such as DORA in the EU and CCSPA in Canada, spotlight the need for vendor diversity to reduce single points of failure and enable redundancy. Torq is the only autonomous SOC vendor enabling organizations to seamlessly integrate best-of-breed solutions — free from vendor lock-in.

Torq combines this vendor-agnostic approach with advanced technologies like purpose-built AI and Hyperautomation, engineered to create intelligent end-to-end solutions for security processes.

And GigaOm isn’t alone in recognizing Torq as the leader of autonomous SOC — industry analysts across the board are taking note.

“Torq is the first solution we’ve seen that effectively enables SOC professionals to mitigate issues including alert fatigue, false positives, staff burnout, and attrition. We’re impressed by how its AI augmentation capabilities empower these staff members to be much more proactive about fortifying the security perimeter.”

– Chris Kissel, Vice President, Security & Trust Products, IDC Research

By choosing Torq, organizations are embracing the future of security operations, as recognized by industry experts — with an approach that’s creating a more agile, effective, and strategic security operation.

Leveraging AI to Drive SOC Autonomy 

Torq integrates purpose-built AI capabilities such as generative AI and large language models (LLMs) to evolve SOC operations fundamentally and deliver on the promise of an autonomous SOC. This enables security teams to focus their efforts on proactive security measures, resulting in greater efficiency and accuracy in decision-making processes.

“80% of our security alerts are assisted and accelerated by Torq workflows. To analyze, enrich, and also autonomously respond to alerts is a paradigm shift that brings unprecedented efficiencies.″

– Joshua Blackwater, Deputy CISO, SentinelOne

Socrates, Torq’s AI SOC Analyst, exemplifies this by automating 90% of Tier-1 tasks through AI-powered triage and investigation. Socrates accelerates analyst response times by summarizing case data and providing immediate insights. It also automates 95% of security cases from investigation to response, intelligently assigning critical cases to human analysts when necessary. This augmentation empowers analysts at all levels to achieve machine-speed response times while supporting ongoing learning and skills development. 

The Sole Winner: Torq’s Unique Position

GigaOm’s report highlights the critical importance of AI-powered autonomous SOCs. As the sole Hyperautomation solution free from platform constraints, Torq provides the agility and innovation necessary for modernizing security operations in an increasingly demanding environment. 

For organizations seeking to enhance their SOC capabilities without sacrificing flexibility or risking vendor lock-in, Torq offers the only comprehensive solution designed to meet these challenges head-on. Schedule a demo to see it in action.

Gal Peretz is the former Head of AI & Data at Torq. Gal accelerates Torq’s AI & Data initiatives, applying his vast expertise in deep learning and natural language processing to advance AI-powered security automation. He also co-hosts the LangTalks podcast, where he discusses the latest in AI and LLM technologies. 

Staying ahead of evolving cyber threats means more than just keeping up — it means outsmarting the adversary with intelligent, proactive solutions that supercharge your team. This blog kicks off our latest series focused on building trust in AI in Security Operations Centers (SOCs).

As we navigate this new era of AI, Torq recognizes that integrating intelligent systems into existing security workflows is both new and essential. And it can’t be just deploying advanced technology, it’s about building solutions that seamlessly collaborate with your team and earn their trust. Our mission is to create AI systems that enhance efficiency while embedding naturally into daily operations like SOC shift handoffs, ensuring that technology and human expertise work hand in hand.

The Challenge of Relying on Naive Summarizations in SOC Shift Handovers

Consider a scenario where an outgoing SOC team provides an AI-generated summary during a shift handover. The summary reads:

“A phishing alert was reported by an employee regarding an email from [email protected] with the subject ‘Your package is ready, needs to be released from customs.’ The email passed DMARC and SPF checks but contained several red flags indicating a phishing attempt.” [figure 1]

At first glance, this summary appears concise and informative, but the trained eye will notice it lacks more critical structure and detail. It doesn’t specify what exactly happened beyond a general phishing alert, when the events took place, or how the conclusion of a phishing attempt was reached. Moreover, it fails to cite any original evidence or analyses that support its findings. 

This absence of structured information and verifiable evidence leaves the incoming team with unanswered questions like: 

• Which systems were affected?
• What specific red flags were identified? 
• Were there malicious attachments or links that need immediate attention?

Without this crucial information, the incoming team may misinterpret the severity of the threat or overlook essential steps needed for mitigation. The lack of evidence-backed details also opens the door for AI hallucinations — incorrect or fabricated information generated by AI — which can mislead the team into focusing on the wrong areas. 

Instead of facilitating a smooth transition, the unstructured and unsupported summary creates confusion, delays response times, and potentially allows the threat to persist or escalate.

The Torq Standard: Structured, Evidence-Backed Summaries

Now, imagine the same scenario we just discussed, this time the outgoing SOC team provides an AI-generated, structured, and evidence-backed summary. The summary is organized into clear sections — What happened, When it happened, and How it happened — each supported by direct citations to original forensic evidence.

“What happened: A phishing alert was reported by an employee regarding an email purportedly from [email protected] with the subject “Your package is ready, needs to be released from customs” [1]. The email contained malicious attachments (invoice.doc and QRCode.png) and included a suspicious link (hXXps://wood82c2[.]jayden1077[.]workers[.]io/c64ed9ed-b68b-4f61-b26e-20d32f0f13ab) [1]. The ‘Reply-To’ address differed from the ‘From’ address, indicating a potential phishing attempt [2].

When it happened: The phishing email was reported on August 5, 2024 [1]. Subsequent analyses and confirmations occurred between August 24 and September 2, 2024 [3][4][5][6].

How it happened: The email passed DMARC and SPF checks, but the discrepancy in the ‘Reply-To’ field raised suspicion [2]. Email body analysis flagged several phishing indicators: a non-legitimate link, a demand for information via a link, a false sense of urgency, and a lack of sender details [3][4]. Sandbox analysis of the attachments confirmed them as malicious, detecting unauthorized network activity and potential application crashes [5][6].” [Figure 2]

Citations:

1. Phishing Alert Email received by an employee, dated August 5, 2024.
2. Email Header Analysis Report, conducted on August 24, 2024.
3. Email Body Content Analysis Summary, dated August 25, 2024.
4. Suspicious Email Indicators Checklist, referenced on August 26, 2024.
5. Attachment Scan Results from Antivirus Software, dated August 30, 2024.
6. Sandbox Analysis Report of Email Attachments, completed on September 2, 2024.

With this structured summary and direct citations, the incoming team can quickly grasp the situation’s full context. They have immediate access to the supporting evidence, allowing them to validate the AI’s conclusions and understand the threat’s specifics without delay. This reduces the risk of misinterpretation and ensures that critical details aren’t overlooked.

The inclusion of citations linking back to original forensic evidence not only mitigates the risk of AI hallucinations but also builds trust in AI-generated insights. Team members can verify each point, ensuring that their actions are based on accurate and reliable information. This structured, evidence-based approach transforms the shift handover into a seamless transition, empowering the incoming team to act swiftly and effectively against the cybersecurity threat.

By adopting this method, Torq has developed AI-based security automation solutions that reflect the analytical thought processes of SOC professionals. The structured summaries not only enhance clarity but also empower team members to validate AI findings, thereby building trust in AI and facilitating more effective collaboration between humans and AI systems.

Strengthening Your SOC with Trustworthy AI

Innovation and trust go hand in hand, especially in the critical field of cybersecurity. The challenges we’ve discussed highlight the necessity for AI solutions that do more than automate — they need to enhance trust, collaboration, and efficiency within your team. 

This is where Torq’s AI capabilities become your trusted partner in navigating the complexities of security operations. By providing structured, evidence-backed summaries, AI Case Summaries ensure that every piece of information is transparent and verifiable. It empowers your SOC by enabling team members to work faster, make informed decisions with confidence, and seamlessly transition between shifts. By reducing uncertainty and mitigating the risks of AI errors, it streamlines operations and strengthens your entire security posture. 

Together, we’re fostering a collaborative environment where AI and human expertise unite to safeguard your organization more effectively than ever before.