Torq Gives Back and Supports the Next Generation of Cyber Talent
For the second year in a row, Torq is pleased to make donations to charities that invest in supporting the next generation of young professionals and encourage them to consider STEM-related career paths.
Torq will be at Black Hat, one of the cybersecurity industry’s leading trade shows, August 6-8 at Mandalay Bay, Las Vegas. We’ll be exhibiting Torq Hyperautomation at our booth, including the AI-driven Torq HyperSOC, a purpose-built solution that automates, manages, and monitors critical SOC (Security Operations Center) responses at machine speed. This innovation has been game-changing for tech workers in the SOC and is helping alleviate the cybersecurity skills gap that’s leading to global labor shortages and burnout.
To raise awareness of the cyber skills gap and to encourage the next generation of young professionals to consider a career in cybersecurity, Torq will donate $10 for every person that visits its booth (#960) to Tech Queen Elite Training Institute. It’s a non-profit organization dedicated to training students in coding, business communication skills, and digital marketing technologies. Tech Queen Elite Training Institute helps eliminate barriers so students can earn globally-recognized credentials and become gainfully employed, in fields that include cybersecurity and AI.
“We’re grateful to Torq for making such a generous investment in the career paths of Tech Queen Elite Training Institute students,” said Dr. Duana Malone, Founder of Tech Queen Elite Training Institute. “Our goal is to ensure every student we work with has an opportunity to devote themselves to meaningful skills development that enables them to elevate their future potential, as well as their community at large. Torq’s donation will make a real difference for many students in Nevada.”
In addition, for every visitor to our Black Hat booth, Torq will donate a pair of premium socks to local kids in need via the Communities In Schools, Nevada organization. This donation is designed to inform kids about the value of a SOC career, while also providing them with a useful back-to-school item. Communities In Schools is the nation’s leading dropout prevention organization. Its mission is to assess needs and deliver resources that remove barriers to success. It supports more than 100,000 students at 110 schools.
“Communities In Schools, Nevada, is very happy to have Torq contribute to the back-to-school packages we’re providing our students this year,” said Hayden Havon, Events Coordinator, Communities In Schools, Nevada. “Together with our other partners, Torq is helping ensure kids have the essentials they need to get up and running for their 2024-2025 academic sessions.”
“Every employee at Torq worldwide is proud to help make a positive impact in the communities in which we do business,” said Ofer Smadari, CEO, Torq. “We’re very happy to contribute to the wellbeing of students and for them to be exposed to the possibilities of cybersecurity as a fulfilling and valuable career option for the future. All of us are incredibly impressed by Tech Queen Elite Training Institute and Communities In Schools, Nevada, and we encourage others to also step forward and support their amazing work.”
Three-Time Torq Hyperautomation™ Customer Achieves Unparalleled Productivity and Efficiency
By Torq
July 24, 2024
3 Minute Read
The following is from a conversation between Torq and Kevin Rickard, VP of IT and Security at Jobcase, Inc. Jobcase is an online community dedicated to guiding and advocating for the world’s workers. Read on to learn how Kevin and his team have used Torq Hyperautomation to automate many security workflows.
From Torq Customer to Hyperautomation Enthusiast
Kevin Rickard is not just a repeat customer of Torq; he’s a three-time advocate for the transformative power of Torq Hyperautomation. What keeps him coming back? The exceptional quality of Torq’s pre-and post-sales support.
“The folks at Torq have been top-tier, and their expertise and support have made a world of difference,” Kevin shared. Compared to other SOAR products, Torq Hyperautomation stands out, offering unmatched agility and productivity. Kevin and his team at Jobcase have been able to deploy use cases within hours—something they hadn’t achieved with other solutions.
“Nothing compares to the agility and productivity I’ve achieved with Torq Hyperautomation.”
Kevin Rickard, VP of IT and Security at Jobcase, Inc.
Seamless Collaboration with the Torq Team
Jobcase’s collaboration with the Torq team has been both productive and ROI-driven. From the outset, Torq has been deeply engaged with the team, providing initial drafts for Jobcase’s workflows and demonstrating a deep understanding of their needs and processes. This personalized support has been instrumental in optimizing their security operations.
Top Hyperautomation Use Cases at Jobcase
Kevin’s team has found Torq particularly useful for a variety of IT and security processes, both large and small. One standout area is phishing analysis. With Torq Hyperautomation, they can quickly identify phishing threats and significantly reduce the alert fatigue caused by false positives. Additionally, automating employee onboarding and offboarding has improved operational efficiency and satisfaction among internal customers by eliminating many manual tasks.
With Torq Hyperautomation, Jobcase has streamlined workflows through Slack messages, automating everything from user welcome emails to complete enrollment processes. This automation has saved valuable time, eliminated repetitive tasks, and streamlined processes, allowing the team to allocate their efforts to more impactful and strategic initiatives.
How Torq Hyperautomation is Different from SOAR Offerings
Kevin’s experience with multiple SOAR platforms underscores the unique advantages of Torq Hyperautomation. Unlike traditional SOAR platforms, which often require extensive experience and substantial time investments, Torq’s ease of use and rapid deployment capabilities are game-changers. Teams can go from development to full production in just days.
Moreover, previous SOAR solutions often fell short in their tiered support structures, sometimes necessitating additional financial investments for adequate assistance. Torq, on the other hand, provides a seamless and supportive user experience, ensuring rapid and efficient operationalization of security workflows without extra costs.
In summary, Torq Hyperautomation has revolutionized how Jobcase manages its security workflows, driving unprecedented productivity and efficiency. Kevin Rickard’s continued reliance on Torq is a testament to its superior capabilities and exceptional support.Want to learn more about Torq Hyperautomation? Get a demo.
Leading MSSP Increases Service Delivery with Hyperautomation
By Torq
July 19, 2024
2 Minute Read
The following is from a conversation between Torq and Brian Brown, CISO at Solis. Solis delivers best-in-class managed cybersecurity services and incident response to small businesses around the world. Read on to learn how Brian and his team have used Torq Hyperautomation to exponentially increase the number of workflows running to prevent and respond to cyber threats.
Introduction to Solis
Solis is a full-spectrum MSSP and DFIR company. It has been in business for over 20 years and serves a range of customers from SMBs to enterprises, with a core focus on small- to medium-sized businesses.
“I consider Torq’s automation format to be best in class from everything we’ve evaluated in the market.” – Brian Brown, CISO at Solis
The Benefits of Hyperautomation for MSSPs
Solis has experienced multiple benefits since adopting Torq Hyperautomation. Efficiency and agility (without sacrificing security) are crucial to delivering the service they promise to their customers, as managing the security practices of multiple clients simultaneously comes with a great deal of responsibility.
The team has evaluated many automation options in the market, and they’ve come to consider Torq’s automation format to be the best in class. Solis cited the integration support and the speed at which development happens within Torq as “amazing.”
“Having an assigned Sales Engineer, having an assigned team, and having ready access to them, all while having them understand the product from top to bottom, has been absolutely critical to the speed we’re trying to deploy this,” Brown added. “Additionally, having the Torq team available to answer our questions at any time has been extremely valuable. Outside of the technology being best in class, the service and support has been what has really pushed Solis forward.”
Experience Using Torq Hyperautomation
Solis has been pleasantly surprised at how quickly they have developed and deployed over 273 workspaces and over 5,823 workflows. Using Torq gave Solis the efficiency to build out automations that are consistent between workspaces as needed and the flexibility to fully customize those same workflows for each client’s environments and requirements. “The speed in which our automations run and the security around isolating those workspaces has been advantageous for us as well,” Brown commented.
Want to learn more about Torq Hyperautomation? Get a demo.
Global SOC Survey Reveals Hope for SecOps Teams As Post-SOAR Hyperautomation Boosts Analyst Retention and Tenure
By Torq
July 3, 2024
4 Minute Read
The SANS 2024 SOC Survey, a comprehensive new Torq-sponsored study, reveals that for the first time in decades, the tenure of SOC and Security Analysts is increasing. They’re choosing to remain at their posts for three-to-five years, up from an average of one-to-three years.
Modern post-SOAR hyperautomation solutions are playing a significant role in alleviating the burdens these cybersecurity pros face. Historically, they’ve been prone to severe, soul-destroying burnout related to dealing with endless manual alert processes, resulting in alert fatigue and a deluge of false positives that create constant, unnecessary fire drills that drain energy and motivation.
The report further states that staffing challenges and automation needs remain a red alert critical issue. The continued lack of skilled staff available further underlines the criticality of SOC pro retention.
SANS surveyed more than 400 cybersecurity pros from across the world, with a focus on security administrators and analysts, security managers and directors, incident responders, and threat hunters. Geographies represented include the US, Canada, Europe, South America, Asia, the Middle East, Australia/New Zealand, and Africa. The survey represents industries including financial services, banking, insurance, government, and high tech.
Save the Analyst: Hyperautomation Drives Unprecedented Efficiency
According to the survey, the positive trend 30 percent of respondents are experiencing in retention and employee satisfaction underlines the value of new security automation solutions, such as the AI-driven Torq Hyperautomation Platform. Torq Hyperautomation automates every SOC process at scale, liberating SecOps pros from the manual threat identification and remediation grind. It collects, analyzes, and organizes unprocessed events and signals into contextually-enriched cases in real time. It then intelligently and intuitively orders them according to severity, priority, and field of ownership. Next, it auto-remediates the majority of cases across multiple organizational functions and escalates only the most critical and complex threats for human intervention.
“The positive impact Torq Hyperautomation is having on the productivity, efficiency, and job satisfaction for Citadel’s SOC team is significant,” said Moti Caro, CEO, Citadel. “With Torq Hyperautomation, the vast majority of the thousands of daily threat alerts and signals our team used to handle manually are now automatically and instantly processed, analyzed, identified, and remediated. Our SOC team is now able to place significantly more focus on proactive measures and longer-term strategic projects, with 100% confidence in how Torq Hyperautomation precisely handles threat response.”
“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work, instead of manual detection and remediation tasks.” said Yossi Yeshua, CISO, Riskified. “Riskified is a ‘Torq-first’ company that’s seeking to take maximum advantage of its incredible hyperautomation capabilities at every opportunity.”
Boosting SOC Professionals’ Mental Health
The survey reflects a significant shift from January 2024, during which TechTarget assessed that, “Nearly a third of cybersecurity experts say they consider leaving the profession on an occasional (21%) or regular (9%) basis – citing stress associated with the career as the top reason. Coupled with SANS’ previous “It’s Time to Break the SOC Analyst Burnout Cycle” feature that revealed it takes seven months to two years to fill a SOC role, it becomes clear that the mental health benefits of the shift to new security automation approaches pays multiple dividends.
SANS’ findings correlate with another recent perspective on how Torq Hyperautomation alleviates SOC burnout from IDC.
“Every day, IDC is engaged with SOC professionals who communicate the existential challenges they’re facing, both in terms of keeping up with ever-escalating threat complexity and volume, and the incredible burden that places on the shoulders of their teams,” said Chris Kissel, Vice President, Security & Trust Products, IDC Research. “Torq HyperSOC is the first solution we’ve seen that effectively enables SOC professionals to mitigate issues including alert fatigue, false positives, staff burnout, and attrition. We are also impressed by how its AI augmentation capabilities empower these staff members to be much more proactive about fortifying the security perimeter.”
GET THE SURVEY
Torq is making the SANS 2024 SOC Survey available at no charge to qualified cybersecurity professionals. To submit your request for access, please fill out this form.
The future of SOC automation is dynamic and rapidly evolving, promising to revolutionize how security operations centers (SOCs) tackle their most pressing challenges. As cybersecurity threats grow in volume and sophistication, SOC teams are increasingly overwhelmed by alert fatigue, false positives, and a critical shortage of skilled professionals.
In the early days of SOC automation, bespoke scripts were the primary tools used to streamline security operations. These scripts were often handcrafted by experienced analysts to automate repetitive tasks such as log parsing, alert triaging, and basic threat detection.
While these custom scripts provided some level of efficiency, they had significant limitations. They were often brittle, difficult to maintain, and heavily reliant on the expertise of individual analysts who created them. This made scaling automation across the SOC challenging. Moreover, the scripts lacked the intelligence and adaptability to handle the growing complexity and volume of cyber threats.
Despite these drawbacks, bespoke scripts laid the groundwork for future advancements in SOC automation, highlighting the potential for automation to alleviate some of the workload from human analysts.
The Rise and Fall of SOAR Platforms
As the limitations of bespoke scripts became apparent, we saw the emergence of Security Orchestration, Automation, and Response (SOAR) platforms. Legacy SOAR platforms were designed to bring a more structured and scalable approach to SOC automation. They integrated various security tools and data sources, enabling automated workflows that could handle complex threat scenarios more effectively.
SOAR platforms made hefty promises of increased efficiency and scalability in the SOC. Unfortunately, SOAR’s monolithic, rigid architecture led to a lack of integrations, limited flexibility, and major complexity issues. Today, SOAR solutions are being phased out by SOC teams looking for a more modern, scalable approach to security automation.
Torq HyperSOC™: The First Purpose-Built Hyperautomated SOC Solution
Hyperautomation represents the next frontier in SOC automation, pushing the boundaries of what is possible. Unlike earlier approaches, hyperautomation aims to automate virtually every aspect of SOC operations, from threat detection and response to compliance and reporting. By leveraging AI and machine learning, hyperautomation can continuously learn and adapt to new threats, making SOCs more resilient and proactive.
Additionally, hyperautomation platforms can orchestrate complex workflows that involve multiple tools and systems, providing a unified approach to cybersecurity management. As organizations face increasingly sophisticated cyber threats, Torq HyperSOC™ offers a scalable and robust solution, enabling SOCs to operate at peak efficiency while freeing human analysts to focus on more strategic tasks.
How Hyperautomation Solves SOC Challenges
Eliminating Alert Fatigue
SOC teams drown in thousands of daily alerts, with analysts unable to distinguish critical threats from noise. Torq’s AI-driven Hyperautomation filters, enriches, and prioritizes alerts automatically, surfacing only what matters and auto-remediating the rest. Compuquip now saves hundreds of hours per month in analysis, with alert fatigue eliminated entirely.
Doing More with Less
The cybersecurity talent shortage means SOC teams can’t hire their way out of the problem. Torq automates repetitive Tier-1 tasks (triage, enrichment, containment) so existing analysts can handle higher alert volumes without burnout. BigID reports that work requiring 10 security engineers now takes just one or two with Torq.
Accelerating Phishing Response
Manual phishing triage — extracting IOCs, checking threat intel, removing malicious emails — takes 15+ minutes per incident and doesn’t scale. Torq automates the entire workflow in seconds, from detection to remediation across all affected inboxes. Lennar reduced phishing response from hours to minutes, freeing analysts for threats that require human judgment.
Achieving Consistent, Scalable Response
Manual incident response varies by analyst, shift, and workload, leading to missed steps and inconsistent outcomes. Torq workflows execute identically every time, whether handling 10 alerts or 10,000, with full audit trails for compliance. Carvana automated 41 different runbooks within one month, with agentic AI now handling 100% of Tier-1 alerts.
What’s Next in SOC Automation
Automating Tier-One Analyst Tasks
Tier-one tasks, such as initial alert triage, data enrichment, and basic investigation, are often repetitive and time-consuming. Analysts can focus on more complex and critical issues by automating these processes. Automation not only speeds up response times but also reduces the chance of human error.
Furthermore, it helps maintain high productivity even during high alert volumes, preventing burnout among analysts. Torq HyperSOC™ offers automation capabilities that ensure tier-one tasks are completed swiftly, allowing SOC teams to allocate their resources more strategically. This leads to a more effective security operation, where skilled professionals can focus on tasks that truly require their expertise.
AI Integration: LLMs and Beyond
AI integration has become a cornerstone of modern SOC automation, with large language models (LLMs) leading the way. These advanced AI models can process and analyze vast amounts of textual data, providing deeper insights into threat intelligence and incident reports. LLMs can assist in generating detailed incident summaries, recommending remediation steps, and even automating threat-hunting activities.
Other applications of LLMs include unlocking the ability to create new integrations or build out automations using natural language, removing the barrier of entry for analysts who don’t have the necessary coding skills demanded by SOAR connectors and integration builders.Beyond LLMs, AI integration encompasses various machine learning algorithms designed to detect anomalies, predict potential threats, and optimize response strategies.
The ability of AI to learn from historical data and adapt to new threat landscapes makes it an invaluable asset for SOCs. Furthermore, AI-driven analytics can correlate data from disparate sources, offering a more comprehensive view of the security environment. As AI technology continues to evolve, its integration into SOC operations will undoubtedly enhance the efficiency and effectiveness of cybersecurity measures.
The Vision of a Fully Hyperautomated SOC
A fully Hyperautomated SOC has already become a reality as we look at the modern security landscape. The modern SOC relies heavily on Hyperautomation to amplify the capabilities of human analysts, not replace them.
Envision a system where sophisticated AI algorithms are continuously informed by vast troves of historical and real-time data, with humans providing the strategic oversight necessary to navigate the evolving threat landscape. This is precisely what Hyperautomation is already delivering and where SOAR solutions failed to rise to the challenge.
In this modern Hyperautomated SOC, technology not only detects and counteracts threats faster but also forecasts and preemptively strengthens defenses against potential vulnerabilities. This level of human-guided automation promises to improve the speed of incident detection and mitigation, delivering expedited yet carefully vetted responses to emerging threats.
A human-centric, hyperautomated SOC would ensure seamless compatibility with broader enterprise systems, promoting an integrated security orientation that comprehensively covers an organization.
Get a Demo
If you’re ready to experience the future of SOC automation, contact us to get a demo today.
Gartner Says “SOAR Is Obsolete” in ITSM Hype Cycle
By Torq
June 20, 2024
2 Minute Read
Gartner just hammered another nail into the coffin of SOAR. The just-released “Gartner IT Service Management software (ITSM) Hype Cycle” report confirms SecOps professionals are profoundly unhappy with antiquated, legacy SOAR products and vendors. In fact, it places SOAR at the very bottom of its “Trough of Disillusionment” column, meaning “the innovation does not live up to its overinflated expectations.”
According to Gartner, “SOAR requires both development and ongoing operational cycles to maintain, similar to other coding development practices” and that justifying the expense of a SOAR purchase “remains an obstacle for clients.”
In contrast, the report points to modern generative AI-based security automation as a path forward for modern enterprises. It refers to Automated Incident Response solutions, such as the Torq Hyperautomation Platform, as being on the “Slope of Enlightenment,” due to its advanced threat identification, management, and remediation capabilities, and vastly higher ongoing ROI.
“Workflow automation tools can automate workflows that are part of processes like converting actionable alerts into incidents, opening a communications channel in instant messengers for collaboration, updating the status on a web portal in real time and one-click remediation for existing runbooks,” states the report.
It goes on to applaud modern post-SOAR automation for its unique ability to “remediate and extend incident response capabilities that can integrate with DevOps toolchains.”
Gartner further highlights other critical limitations of SOAR in the report, including:
High initial set up and implementation costs
High ongoing maintenance and support costs
The requirement for specialized personnel and analysts with extensive coding skills
Integration and interoperability issues with third-party tools and custom connectors
The unrealistic and inaccurate expectation that SOAR can solve all security issues as a standalone solution
In closing, Gartner recommends organizations be extremely critical about their security platform purchase decisions, advising them to “select an appropriate product based on buyer understanding and its applicable use cases, such as SOC optimization, threat monitoring and response, threat investigation and hunting, and TI management.”
Torq professionals are ready to help emancipate organizations from the limitations of SOAR and answer any questions they may have stemming from this report.
If you’re in a trough of disillusionment and ready to ditch Legacy SOAR, contact us to get a demo of Torq Hyperautomation.
It’s 2024, and we’ve got to stop using “automation” and “orchestration” synonymously.
Security automation eliminates manual effort by automatically executing tasks at machine speed. Security orchestration streamlines processes by connecting disparate tools and coordinating multiple automated workflows.
But not all automation is created equal. Traditional security automation has limitations. Enter AI-driven Hyperautomation, which takes security operations beyond scripted workflows into a truly autonomous, self-sustaining security model.
Here’s why that matters and why legacy SOAR’s approach to security orchestration is no longer effective.
What is Security Automation?
Security automation leverages AI and automated workflows to efficiently handle cybersecurity tasks at machine speed, eliminating the need for human intervention and reducing time-consuming manual processes. This enables faster threat detection, analysis, and response. Instead of waiting on your already bogged-down analysts to triage and investigate alerts, automation executes predefined actions instantly, ensuring faster, more accurate responses.
What was once a luxury for Fortune 500s is now non-negotiable for any security team facing overwhelming alert volumes, talent shortages, and non-stop cyberattacks.
In a modern SOC, automation can handle most of Tier-1 work and repetitive, time-consuming tasks for security teams. The use cases are endless, ranging from threat detection and response to GRC workflows like compliance and patch deployment, to blocking domains and encrypting data.
The benefits speak for themselves. Cybersecurity automation accelerates response times, filters out false positives, and provides the context analysts need to take decisive action. It doesn’t take breaks, it doesn’t get overwhelmed, and it operates at machine speed 24/7 to stop threats before damage is done.
Unlike traditional security automation, which focuses on predefined rule-based responses, Torq Hyperautomation dynamically connects disparate tools, enriches alerts with real-time intelligence, and autonomously executes remediation — all without manual intervention. It integrates AI and large language models (LLMs) to correlate signals across multiple sources, filter false positives, and instantly prioritize real threats.
So, what makes Torq Hyperautomation different?
Intelligent case automation and prioritization: Comprehensive case management that reduces the analyst’s workflow through automation and enhanced response times.
Autonomous remediation: No waiting for analysts to act. Hyperautomation automatically isolates compromised endpoints, blocks malicious domains, and disables compromised accounts in seconds.
Full-stack integration: Legacy SOAR is notorious for missing critical integrations, causing silos. Torq Hyperautomation connects to every tool in your stack.
No-code automation: No engineers, no problem. Hyperautomation lets SOC teams automate complex processes using natural language, making security automation accessible to everyone, not just developers.
Where security automation removes friction, Hyperautomation eliminates inefficiencies entirely — allowing organizations to move from reactive to proactive, self-sustaining security operations. With agentic AI-powered automation, security teams can investigate, escalate, and remediate threats autonomously, closing security gaps faster than ever. AI-powered Hyperautomation doesn’t just improve security workflows but redefines modern SOCs’ operations.
“Employing AI to augment human security analysts acts as a force multiplier that helps security teams be more productive. This approach not only improves response times, but also ensures that human ingenuity is applied where it is most needed, effectively expanding the capabilities of existing security teams.” – Forbes
What is Security Orchestration?
Security orchestration is the automated management and coordination of multiple security workflows, often spanning multiple tools within an organization’s security infrastructure.
Orchestration ensures that interdependent automated tasks within the security ecosystem proceed smoothly, with data shared effectively and subsequent actions triggered correctly across different tools. Orchestration is crucial for managing complex security operations where automated processes rely on each other for completion and data exchange.
Why is SOAR Dead?
Security Orchestration and Response (SOAR) platforms were supposed to be the missing link between security tools to streamline workflows and reduce manual efforts. Instead, they became bottlenecks and money pits.
SOAR platforms promised to unify security operations. They failed. Why?
Playbooks required constant maintenance
They were slow, rigid, and lacked adaptability
They demanded skilled engineers to build and manage workflows
They relied on manual tuning
Security teams don’t need another tool that creates more work — they need one that eliminates it. That’s why Security Hyperautomation is the next evolution. AI-driven, no-code, and fully autonomous.
Security orchestration as a concept isn’t dead — it’s evolving. Torq still orchestrates workflows, but not the way legacy SOAR did. Here are the main differences:
Legacy SOAR playbooks require maintenance. Hyperautomation learns and adapts in real time.
Legacy SOAR is static. Hyperautomation makes security processes dynamic, enabling them to optimize and adapt to new attack patterns.
Legacy SOAR requires engineers. Hyperautomation is no-code and accessible to any SOC analyst.
Legacy SOAR operates in silos. Hyperautomation connects seamlessly across your entire environment.
The clunky, expensive orchestration of the SOAR era is over. But intelligent, adaptive orchestration powered by agentic AI is alive and thriving in the world’s most advanced SOCs.
Hyperautomation in Action: Real-World Results
Accelerating threat response: Manual investigation and containment takes 30+ minutes per alert — time attackers use to move laterally. Torq Hyperautomation executes detection, enrichment, and containment in seconds, automatically isolating endpoints and disabling compromised accounts the moment indicators are confirmed. Valvoline cut analyst workload by 7 hours per day after implementing Torq.
Eliminating integration bottlenecks: Legacy SOAR platforms are notorious for missing critical integrations — creating silos and forcing manual workarounds. Torq connects seamlessly across your entire stack with 300+ pre-built integrations and AI-powered custom integration generation.
No-Code Automation for Every Analyst Traditional automation required skilled engineers to build and maintain playbooks — a bottleneck most SOCs can’t afford. Torq’s no-code interface lets any analyst create complex workflows using natural language, removing the barrier between security expertise and automation capability. Fiverr’s VP of Business Technologies says: “The only limit Torq has is people’s imaginations.”
Autonomous Tier-1 Operations Alert fatigue drowns SOC teams; analysts can’t keep pace with thousands of daily notifications. Torq’s agentic AI handles Tier-1 triage autonomously, filtering false positives, enriching real threats, and executing containment without human intervention. Carvana automated 100% of Tier-1 alerts within one month, with 41 runbooks deployed and running at machine speed.
The Bottom Line
Security automation and security orchestration aren’t interchangeable — but in 2024, the distinction matters less than the outcome. Legacy SOAR tried to orchestrate rigid playbooks across siloed tools and failed. Modern Hyperautomation delivers what SOAR promised: unified, intelligent, autonomous security operations that actually work.
The question isn’t whether to automate; it’s whether your automation can keep pace with attackers operating at machine speed. Static playbooks can’t. AI-driven Hyperautomation can.
Torq combines the speed of automation with the coordination of orchestration, powered by agentic AI that reasons, adapts, and executes without waiting for human intervention. It’s why the world’s most advanced SOCs have moved entirely away from legacy SOAR.
Get the GigaOm SOAR Radar Report to learn why Torq has outranked legacy SOAR for two years running.
What is the difference between security automation and orchestration?
Security automation executes individual tasks at machine speed without human intervention — like blocking a malicious IP or isolating an endpoint. Security orchestration coordinates multiple automated workflows across different tools, ensuring data flows correctly and actions trigger in sequence. Automation handles the “doing,” orchestration handles the “connecting.” Modern Hyperautomation combines both into a unified, AI-driven approach. Learn more about Hyperautomation →
How does security Hyperautomation improve traditional methods?
Traditional automation relies on static, rule-based playbooks that break when conditions change. Hyperautomation uses AI and LLMs to dynamically adapt — correlating signals across tools, filtering false positives, prioritizing real threats, and executing remediation autonomously. It’s the difference between following a script and actually reasoning through a problem. Torq customers like Carvana now automate 100% of Tier-1 alerts with agentic AI.
Why is legacy SOAR considered outdated?
Legacy SOAR platforms promised unified security operations but delivered complexity instead. Playbooks required constant maintenance, integrations were limited, and skilled engineers were needed to build and manage workflows. They created more work, not less. Hyperautomation eliminates these pain points with no-code building, 300+ pre-built integrations, and AI that adapts in real time. See why SOAR is dead →
What benefits does AI-driven security automation provide?
AI-driven automation accelerates response times from hours to seconds, filters out false positives before they reach analysts, and provides contextual enrichment for faster decision-making. It operates 24/7 without fatigue, handles unlimited alert volumes, and frees analysts to focus on strategic threat hunting instead of repetitive triage.
How can organizations transition from manual to automated security processes?
Start by identifying high-volume, repeatable workflows — phishing triage, suspicious login investigation, and endpoint isolation are common starting points. Choose a platform with pre-built templates and no-code customization so your team can deploy quickly without engineering dependencies. Measure results (MTTR, automation rate, analyst hours saved), then progressively expand. Torq customers typically see production value within 30 days. Get a demo →
IDC Validates Torq HyperSOC™: A Game-Changer for SOC Analysts
By Torq
May 28, 2024
3 Minute Read
IDC declares Torq HyperSOC™ the first solution to effectively mitigate SOC alert fatigue, false positives, staff burnout, and attrition.
In a groundbreaking report, IDC emphatically recognizes the potential of Torq’s latest innovation, Torq HyperSOC™, hailing it as a pivotal addition to the SOC analyst toolkit.
A Giant Leap Forward for SOC Analysts
IDC’s validation of Torq HyperSOC™ marks a significant milestone for SOC analysts. This endorsement is more than just a stamp of approval; it’s a signal that the industry is taking a giant leap forward. Torq HyperSOC™ was built with the unique needs of SOC teams in mind, offering features that embed automation across the entire case management lifecycle by combining AI-driven insights and Hyperautomation. Analysts can expect a reduction in false positives, faster identification of real threats, and a more intuitive interface that allows for quick adaptation. With the backing of a reputable organization like IDC, Torq HyperSOC™ is poised to set a new standard for SecOps, providing analysts with a powerful ally in the fight against cyber threats.
“Torq HyperSOC™ helps ensure Check Point internal security analysts’ time is used in the most productive and effective manner possible. We are impressed with how Torq HyperSOC™ harnesses AI to alleviate those burdens by automating investigation and remediation.”
Jonathan Fischbein, Global CISO, Check Point
The Game-Changing Impact on SecOps
The arrival of Torq HyperSOC™ signals a transformative era for SecOps. By integrating innovative automation and orchestration capabilities, SOC teams can now address alerts with unprecedented speed and accuracy. The impact is twofold: first, it dramatically reduces the time spent on menial tasks, freeing analysts to focus on strategic work; second, it enhances the organization’s overall security posture by enabling quicker response to threats. This is a game-changer in an environment where every second counts. The agility afforded by Torq HyperSOC™ allows for a more proactive and less reactive approach to security, shifting from a traditional, often cumbersome, process to a dynamic and streamlined operation. IDC’s recognition underscores the potential of Torq HyperSOC™ to redefine how we think about and execute security operations in the digital age.
How Torq HyperSOC™ Empowers CISOs and CIOs
CISOs and CIOs are under constant pressure to ensure their organization’s cybersecurity infrastructure is robust and efficient. Torq HyperSOC™ comes as a powerful asset for these leaders, providing them with a previously unattainable level of oversight and control. With its cutting-edge features, Torq HyperSOC™ equips CISOs and CIOs to enforce security policies more effectively, automate compliance procedures, and gain valuable insights into their security landscape. This solution translates into better decision-making based on real-time data, enabling a swift pivot as the threat environment evolves. Moreover, the efficiency gains from automating routine tasks can lead to significant cost savings, optimizing resource allocation and potentially lowering the risk of burnout among security teams. In essence, Torq HyperSOC™ is not just a tool for the present; it’s an investment in the future resilience of the enterprise.
Want to learn more about Torq HyperSOC™? Get a demo.
How Next DLP Automates Data Breach Investigations with Torq Hyperautomation
By Torq
April 23, 2024
4 Minute Read
The following is adapted from a conversation between Torq and Robbie Jakob-Whitworth, Cybersecurity Solutions Architect at Next DLP. Next DLP is a leading provider of insider risk and data protection solutions. Read on to learn how Robbie has used Torq Hyperautomation to automate alerts and reduce alert fatigue within his organization.
Introduction to Robbie and Next DLP
I’m Robbie Jakob-Whitworth, Solutions Architect with Next DLP. Next DLP is focused on reinventing data protection, DLP, and insider risk. So, I spend a lot of time working with customers and enterprises focusing on how we can protect the data in their organization, how we can prevent a data leak or data breach, and also how we can manage the insider risk.
So a key thing that I work on with a lot of customers is alerts, detections and incidents from a data protection perspective as well as an insider risk perspective. And alert fatigue is something that is a very real problem for security analysts. They spend a lot of time looking through alerts.
Next DLP provides a fantastic platform to get an overview and take control of risky behavior taken by users. For example, the sharing of sensitive data, or accessing data that is controlled by regulation or compliance. But going through all of these alerts and all of these incidents can be quite a time thing sometimes for an analyst. So in that theme of alert fatigue, I was able to use Torq to build a workflow to notify me separately via Slack about the most serious data breaches.
Combatting Alert Fatigue with Hyperautomation
So in the example that I’m going to show you here, we can actually reduce alert fatigue by using Torq to just alert us about the most high severity alerts. So using Next DLP, I built out a web hook integration directly into Torq and streamed detection information for Torq where the data is Personal Identifiable Information (PII).
I’m only going to focus on the most high risk users, and I only want events that are a score of at least 80. So, particularly high severity alerts. Now, when a policy violation or incident occurs that meets these thresholds, a workflow in Torq is triggered and I get notified in real time through Slack or on my phone.
Then, I can launch an investigation in real time. So I can go and spend my time on other things that are more important to me than looking through logs. I’m saving a lot of time by getting these alerts through Torq.
A Real-World Example
Consider this – from a data protection perspective, I might have data in my organization, maybe personal information, social security numbers, or customer information that needs to be protected. And in this case, if I’m a user and I’m sharing this data through a site like WeTransfer, either maliciously or accidentally, Next DLP can provide real-time data protection by enforcing IT and corporate policy, preventing the taking of sensitive data.
So in this case, we caught the fact that this file contains this sensitive information – email addresses and social security numbers – and that it was leaked out through WeTransfer. Next DLP protected and blocked that activity.
Now as a SOC or security analyst, I don’t need to sit in the Next DLP platform and look through every single alert. With this automation, Torq notifies me with all of the information around the incident: which user violated the policy, what the policy was, that it contains social security numbers, how the data was being exfiltrated, in this case to WeTransfer. I get a link to view the file and the forensic evidence, along with a screenshot of the user’s desktop at that moment in time. So I’m able to launch an investigation to dive down deeper into the context of this user’s activity.
The Power of Torq Hyperautomation
Traditionally, for an analyst or in a SOC, you spend all your time kind of combing through logs and alerts. You have a lot of false positives to deal with. And all the information is presented to you within a powerful UI of most products. But, you have to spend a lot of time going through each alert.
It was super simple to build this automation because I’m combining the powerful open API provided by Next DLP with the really helpful no code workflow UI provided by Torq. Plugging those two together is the best of both worlds. It’s really a fantastic way to orchestrate and connect different systems together and to save me time by automating those manual tasks.
Want to learn more about Torq Hyperautomation? Get a demo.
Stop SOAR From Killing Your SOC Budget With Hyperautomation
By Torq
April 17, 2024
6 Minute Read
Cyberthreats are escalating and SOC budgets are tightening. It’s a recipe for disaster, that is, unless you take advantage of new technologies that keep both in check. The fact is, businesses are now spending nearly a third of their cybersecurity budget towards running an in-house SOC, averaging out to $2.86 million per year, according to Ponemon.
Historically, security teams anchored their SOCs with SOAR. In the distant, fading past, this was intended to improve efficiency and drive standardization across incident response activities. SOARs promised to enable organizations to integrate security solutions within the SOC technology stack, filter and prioritize incident data, and automate processes to improve remediation speed. However, reality quickly set in, and SOC teams experienced disconnected and reactive defenses, narrow visibility and event processing capabilities, and limited inflexible integrations that were putting the organization in danger.
Beyond the technical limitations, organizations found that the myriad of hidden costs associated with running SOAR negatively impacted the investment already made in three key areas of the SOC: People, Time, and Technology.
People
When the SOC receives an alert, three levels of analysts typically work together to cover the entire threat lifecycle. Entry level analysts handle the initial triaging and filtering of alerts, escalating legitimate threats to Tier-2/3 analysts for more advanced investigations, and eventual remediation. However, the need for continuous monitoring, troubleshooting, and maintenance of SOAR solutions creates a bottleneck, slowing down the incident response process at every level. According to ESG, 92% of security professionals agree that leveraging a SOAR effectively demands intensive programming/scripting skills, meaning organizations often find themselves allocating one, if not more, FTEs strictly to SOAR management.
Depending on the size and maturity of the organization, staffing an efficient 24/7 SOC may require between 5-10 analysts, with the average entry-level analyst salary hovering around $90,000 annually. The challenge is, the cyber security space is already dealing with a 4 million global shortage of security staff, and Tier-1 analyst roles are so tedious and demanding that employees don’t stay in these positions long due to high stress, and eventual burnout. This shortage has made finding highly skilled and experienced analysts much more difficult, increasing the competitive salaries organizations must offer throughout the recruitment process.
Improving SOC speed to combat the potential impact of downtime is a key investment area for most organizations, and an area in which SOAR has drastically failed. SOAR’s poorly-scalable architecture and integration rigidity makes the initial implementation and configuration slow, tedious and time-consuming. Once implemented, CISOs and Directors of Cybersecurity commonly report on the mean time to respond (MTTR) to an incident when measuring the efficiency of the SOC. Ironically, the amount of time spent manually triaging, correlating and escalating massive amounts of alerts within a SOAR is often the major contributing factor leading to analyst burnout, and almost 40% of cybersecurity professionals say that their average MTTR is still “months or even years”.
Security teams are overloaded, trying to protect legacy systems, hybrid infrastructures, and emerging technologies with siloed security solutions that do not have pre-built SOAR integrations allowing them to work in harmony with each other, or third-party threat intelligence feeds. The overabundance of security tools meant to safeguard an organization, ends up contributing to operational deficiency known as stack sprawl, where a lack of integration, limited connectivity, and an overwhelming amount of disconnected event data actually decreases SOC productivity. Even building basic SOC automation playbooks and setting up integrations with existing security solutions can often require custom development or lengthy professional services offered by the SOAR vendor, delaying productivity and decreasing ROI.
Maximize ROI with SOC Hyperautomation
Before signing on the dotted line, organizations need to be aware of the budget-busters of SOAR and other legacy SOC solutions that erode their value, lengthen their ROI, and make them downright expensive. Today, building an efficient SOC and maximizing not only the investment made in SOC solutions, but also the resource investment in people and time, requires Hyperautomation.
SOC teams leveraging Torq Hyperautomation easily integrate any security solution, and build effective automations using AI-prompts or no-code, low-code, and full-code support. Purpose-built AI capabilities that leverage LLMs to understand natural language uplevel Tier-1 analysts to perform Tier-3 tasks at machine speed, without the typical learning curve or need for professional services. By applying automation not only to security solutions, but to repetitive investigation, organization, and escalation tasks as well, Hyperautomation not only reduces the workload of SOC analysts, but enables them to act faster on critical incidents with intelligent, dynamic prioritization. Finally, a secure and extensible, cloud-native, zero-trust architecture eliminates scaling or performance ceilings, while maintaining compliance regardless of which best-of-breed solutions or enterprise architecture the organization is working with.
When building out a SOC, the best way to maximize an organization’s ROI is to protect the three key areas of investment; People, Time, and Technology. Torq Hyperautomation not only protects that investment, but enhances the SOC by automating processes at scale, with ease and efficiency – effectively solving the challenges outlined above, and removing the hidden costs associated with SOAR solutions.
Learn more about how Torq Hyperautomation protects your SOC investment, and download our spotlight report “SOAR is Dead: A Manifesto”. And to see Torq in action, schedule a demo.
