One thing we’ve consistently heard from our customers is that using legacy SOAR solutions to build AWS automations and workflows is complex and painfully slow.
Why? Because legacy SOAR solutions typically use Python to do anything, and to make Python work for you, you have to be an expert in it. Python is often complex and requires writing scripts to execute most commands. And, often times, Python scripts create a single point of failure, where the person who wrote the scripts is the only one in an organization that knows them – if that person leaves, the scripts leave with them.
Torq, however, integrates with AWS CLI, which eliminates the Python problem by allowing you to run AWS CLI commands directly from the Torq Hyperautomation platform. This saves you time and effort when automating in the cloud and lets you do more.
Torq is the only hyperautomation solution that offers integrated AWS CLI functionality. Other platforms force you to learn the API for AWS for every single workflow or automation. With Torq for AWS CLI, you don’t have to learn API calls – it cuts out APIs altogether.
With AWS CLI, you can run any type of command you want in Torq – you don’t have to write the hundreds of steps you’d typically have to with Python Boto3 scripts. It simplifies your scripts into a concise workflow, making it easier to troubleshoot, build, and reuse automations.
For example, if you wanted to produce a list of all of your active S3 buckets, all you have to do is find the command in AWS CLI documentation, type it into the AWS CLI in Torq, and it’ll return that list. It’s a super flexible way to run commands.
Torq with AWS CLI also lets you test workflows while you’re building them, which is a much less complex alternative to writing intricate Python scripts. And you can unlock the true power of Torq’s limitless integrations with solutions like Slack, Snyk, Wiz, and Orca Security, when you tie them together and build workflows that interact with AWS using the CLI command.
And with the addition of Torq’s AI completions functionality in the AWS CLI command tool, your job just got even easier. You can use native language to find commands, saving the time you’d have spent digging into documentation to find the correct commands. Now, you can find and run AWS CLI commands without ever leaving the Torq platform.
Want to see how Torq with AWS CLI can help you escape Python’s stranglehold and overcome slow automations? Get a demo.
The benefits of hyperautomation are well documented. But it can be challenging to determine where to get started.
Maybe you’ve been burned by outdated and antiquated solutions, like legacy SOAR, that were so complex, costly, and time consuming that a path forward seemed impossible.
Let’s examine each of the three phases of the hyperautomation journey.
Phase 1: Task Automation
The journey starts by determining which specific tasks require significant manual effort from SOC analysts. The goal is to automate repetitive, rule-based tasks – it’s essentially laying the bricks for your cybersecurity foundation. We use APIs and event feeds to pull data and automate tasks that would otherwise consume your team’s valuable time.
During this phase, you can automate a broad spectrum of task-based workflows, such as IOC enrichment, ticket triage, audit processes, and tasks related to handling vulnerabilities.
This phase can run anywhere from two weeks to three months based on your organization’s maturity and whether you’ve pre-determined what to automate. The timing is also dependent on the priority your organization places on automation creation and implementation.
It gives you a solid start on your hyperautomation journey. Once completed, you’ll have automated roughly 15% to 20% of SOC processes.
Phase 2: Process Automation
Now that you’ve laid the foundation, the second phase focuses on automating process-based workflows. Here is where we automate entire security workflows and processes, not just tasks. You’ll automate rules-based decision making and allow for a few exceptions where human judgment is required. Internal and external event triggers help in seamless flow to create a more robust, responsive, and intelligent automated system.
Process automation requires extensive communication with your technology stack and tailoring use cases from start to finish. During this phase, multiple tasks converge to serve a specific use case, where Torq bridges all of the different elements, reducing user dependency. The goal is to involve users solely in critical decision-making aspects.
The result is quicker identification of threats and risks, which allows for immediate action and a reduction of the window of exposure.
Based on organizational maturity and the priority your organization puts on automation creation and how much time to spend, this phase ranges from a few weeks to six months.
Once phase two is completed, you’ll have automated 30% to 65% of SOC processes.
Phase 3: AI-Driven Hyperautomated SOC
The third and final phase of your hyperautomation journey is harnessing the power of AI to hyperautomate your SOC. It’s this phase where you integrate AI and machine learning to deal with complex decision-making processes. Torq processes unstructured events to deliver contextual insights through cognitive automation. To do this, you’ll leverage your processes and technology solutions alongside large language models (LLMs).
The goal of this phase is to streamline day-to-day tasks through a combination of workflow automation, your security stack, and AI – all driven by your unique business logic. It combines the power of both process and AI to enhance efficiency and address your business needs.
This phase varies in duration based on the time it took for you to complete the first two phases. But once completed, you’ll achieve true automation and will have successfully automated more than 90% of your SOC processes.
Achieve True Hyperautomation
Once you’ve completed all three phases of the journey, you’ll have evolved from basic task automation to an advanced, AI-driven, hyperautomated SOC. You’ll have automated more than 90 percent of your SOC processes, and your security team will be able to focus on only the most complex and nuanced issues. And your SOC analysis will be relieved to have automations that can support them 24/7.
You’ll have achieved true hyperautomation.
Ready to start the journey to true hyperautomation? Request a demo.
How Hyperautomation Unblocks the Events Processing Bottleneck
By Torq
December 4, 2023
2 Minute Read
Legacy SOAR offers limited events processing. That’s just the way it was built. SOAR is a standard monolithic architecture in which the entire application is deployed as a single entity, which typically runs on a single server or cluster of services. This dramatically restricts SOAR’s processing capacity, and it’s time-consuming and costly to try and extend SOAR beyond these restrictive configurations – it typically would require an entire rebuild and redeploy to upscale.
The only ways to deal with that is by either underprovisioning or overprovisioning your legacy SOAR. But that also creates problems. Underprovisioning creates poor performance, slow response times, and reduced availability. This affects the user experience and your solution’s ability to identify and remediate threats effectively. Overprovisioning allocates more resources than are actually needed to ensure there is always enough capacity to meet demand, but that method boosts costs, reduces efficiency, and increases risk with an extended infrastructure footprint.
Hyperautomation provides limitless horizontal scalability that allows individual components and services to be independently scaled based on specific demands.
Hyperautomation allows you to sift through the noise, prioritize events, close false positives, and more – all at scale and with precision accuracy. Plus, it’s entirely automated.
Hyperautomatn ensures specific event types are directed to relevant owners and automatically enriched with decision-supporting data.
Hyperautomation empowers you to automate the orchestration and handling of diverse technical solutions that best suit your requirements, including CNAPP, CSPM, CWPP, EDR, XDR, EASM, IAM, SAST, and DAST.
Hyperautomation enables you to have SLAs for different events to ensure the flood of events from one type or source does not prevent the system from processing other events.
Through dynamic defenses, security hyperautomation allows you to unblock the events processing bottleneck. Read more about how hyperautomation outperforms SOAR in our “SOAR is Dead” manifesto.
Torq for MDR: Increase Margin and Onboard Customers Faster
By Torq
November 29, 2023
3 Minute Read
Managed detection and response providers (MDRs) are at an inflection point. They previously relied on legacy SOAR to secure their customers. But SOAR solutions struggle to keep up with the evolving and maturing threat landscape, and were not designed to scale into cloud environments.
As a way to break free from SOAR’s shortcomings, MDRs are turning to hyperautomation.
Torq gives MDRs:
Increased margin: Automate more components in your alert investigation, analysis, and response, and handle securityevents more efficiently with less human involvement.
Faster customer onboarding: Automate customer onboarding and ramp-up, share workflows and use cases across customers, and automate in multiple environments.
Limitless integrations: Integrate with every tool within your customers’ security stacks to increase business value and widen total addressable market.
Torq for MDR is a significant evolution from legacy SOAR, and gives managed detection and response providers the ability to perform up to 90% of Tier-1 case analysis tasks with an autonomous agent; 10 times faster onboarding and provisioning of new customer environments, and the ability to handle 5 times more security events without adding headcount.
“With Torq Hyperautomation, we are significantly increasing productivity and efficiency, ensuring that our customers gain better evidence, analysis, and control over their cybersecurity, while staying protected from external threats and operational risks,” said Charlie Thomas, CEO, Deepwatch.
Torq Hyperautomation empowers MDRs to provide more value to customers to increase stickiness and reduce churn, while increasing SLA attainment. It also streamlines security operations and reduces costs by consolidating tooling and effortlessly integrating disparate tools managed by different teams for increased efficiency. At the same time, Torq Hyperautomation automates workflow management across an MDRs’ entire customer base, with the added flexibility of fine-tuned customization.
Torq also gives MDRs no-code, low-code, and full-code support; the ability to automate more processes; accelerated case management with AI; and a scalable, resilient infrastructure, all of which help MDRs improve efficiency and increase margin, while saving costs and scaling service offerings.
Automating Incident Response: Exploring the Latest Conversational AI Tools
By Torq
November 17, 2023
3 Minute Read
Hagai Shapira, Torq’s Director of Product spoke at DeepSec 2023 about different levels of automation approaches for incident response, culminating in the latest additions of conversational AI tools. In this interview (originally posted on DeepSec) Hagai answers questions about his talk and provides key insights on how to leverage AI to streamlineincidentresponse processes and improve their overall security posture.
Interview:
Please tell us the top 5 facts about your talk.
Most sec ops teams are still immature when it comes to utilizing automation for their detection and response and incident response procedures.
Powerful automation and efficiency improvements can be achieved without software engineers using modern security automation tools.
Some of the most time consuming tasks in incident handling are tasks that require interaction with other people (employees or users) and waiting for their responses.
Simple primitives for asking questions in messaging platforms are key for enabling many automation use cases.
Recent advancements in LLM models and AI agent architectures have expanded the realm of what is possible to automate, including most Tier-1 level cases in day-to-day SOC operations.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
This talk is based on my experience and work with security teams over the last three years in automating their incident response. However, my exploration into use cases for the latest top-of-the-line LLM models and how AI agent architectures, such as ReAct, can be used for security automation, has driven the most recent and exciting frontiers in this field and are the focus of the talk.
Why do you think this is an important topic?
There are several reasons why this is an important topic. Firstly, the workload of security operations teams has significantly increased over the past few years due to the proliferation of security tools and sensors that they need to monitor, as well as the sheer volume of data and alerts these tools generate. Secondly, it has become increasingly difficult to hire qualified security professionals, exacerbating the problem. Given these challenges, automating security operations is the only rational solution to alleviate the burden on security teams.
Is there something you want everybody to know – some good advice for our readers maybe?
If there is something I’ve learnt from my three years trying to automate the world of security operations is that there is no magic behind it. You cannot expect a magical solution to solve all your problems. However, if you invest resources and prioritize automation, you can achieve returns and efficiencies that would be impossible to achieve otherwise.
A prediction for the future – what do you think will be the next innovations or future downfalls for your field of expertise / the topic of your talk in particular?
I definitely look forward to seeing even more improvement in the performance of LLM models, solving some issues they still suffer from like hallucination, and a reduction in the cost of completions. These changes and improvements will surely be key in seeing even more use of LLMs in automations, in more complicated investigations and at a scale that is required for supporting some of the bigger organizations in the world.
What does that mean? It means that your monitoring point products, like legacy SOAR, just don’t cut it any longer. They can’t scale in today’s hybrid cloud and multi-cloud environments without piling on more tools, further fueling tech stack sprawl.
The report notes that SOAR, SIEM, XDR, and EDR were conceived as on-premises solutions and security’s shift left – the idea that security begins at the time of code development – was not considered. This creates an inherent inability to scale. Additionally, the tools are often too complex and their effectiveness has dwindled in today’s modern, often cloud-based, security environments.
“No matter how you slice it, the cybersecurity platform strategies of today are holding on by a narrow margin. Too many processes are still being done manually,” IDC Research Vice President, Security & Trust Products Christopher Kissel writes, later adding, “Without continually adding new point products and appliances (which also take time to install), none of the current detection and response platforms are going to scale no matter how experienced or disciplined a security operations team is. “
But all is not lost. Hyperautomation and its many benefits can help pull enterprises out of the legacy point product pit of despair.
The IDC report notes that hyperautomation enables:
Visibility and control of the heterogeneous network real estate, and all environments and for all processes and role players.
The ability to predict security gaps, proactively assess the network, and ultimately secure the network.
Proper contextual awareness including more than security logs (firewall, NetFlow, antivirus, etc.), and integration fabrics
Automation of everything that can and should be automated
Extensible capabilities using no code, low code, or full code with potential leveraging of generative AI to automate even more tasks.
How does that stack up against legacy SOAR? Here’s IDC’s breakdown:
According to the IDC report, hyperautomation is proactive, where legacy SOAR is reactive; hyperautomation connects devices, clouds, containers, and processes, where legacy SOAR connects devices; hyperautomation delivers enterprise-grade extensibility, where legacy SOAR offers connectivity only as strong as the sum of its APIs; and hyperautomation matches the resources needed for outcomes, while legacy SOAR has to either be over- or under-provisioned.
And when it comes to hyperautomation, Torq is leading the charge.
“The Torq hyperautomation approach is more comprehensive than what is offered in contemporary cybersecurity tooling,” the report states, adding “ Torq provides an end-to-end visibility, prevention, and detection application that entails the entire digital estate of a business.”
It wasn’t long ago that we at Torq proclaimed “SOAR is dead!”
And it didn’t take long for the industry to catch on. Leading analyst firm GigaOm in its recent GigaOm Radar report named Torq a leader and an outperformer in the security automation market, namely for our hyperautomation capabilities that legacy SOAR just can’t touch. And our competitors have also started jumping on the hyperautomation bandwagon since we shifted our focus to this model.
While SOAR was innovative and effective nearly a decade ago, it has become stagnant and beleaguered by its inherent complexity, management overhead, and high costs. Security pros have neither the time, the resources, nor the money to throw at legacy SOAR.
Enter hyperautomation.
An ‘Outperformer’
Let’s hear it directly from the source.
In the report, GigaOm praises Torq for our “extensive feature set” and “impressive portfolio of customers.” And beyond that, the firm gave Torq top marks across many of its key criteria, including case management and collaboration; automated alert prioritization; triage and curation; autonomous operations; and validation and red teaming.
GigaOm gave Torq Socrates, our just-announced Tier-1 analysis AI Agent – the first in cybersecurity – a nod for its use of AI to hyperautomate key security operations activities, like alert triage, contextual dataenrichment, and indecent investigation, escalation, and response.
“Torq offers autonomous operations features for both the workflow design process and the workflow run time of processing security events,” the GigaOm report states. “Design-time capabilities consist of assistive development of automated processes, such as summarization for successful collaboration, improvement, development co-pilots, and the like. Run-time capabilities consist of data enrichment and data-driven suggestions to assign specific teams or analysts based on their profile, ownership, and history, and to recommend investigative steps to help understand the issue and containment actions that can help stop the negative effect and allow remediation as part of a process to resolve the issues completely.”
Additionally, the firm dubbed Torq’s Case Management as “exceptional” in how it hyperautomates security signal detection, streamlines decision making, and automatically
“For case management and collaboration, Torq offers a built-in case management system developed in-house and integrated with the solution’s event-driven architecture and security automation capabilities,” the report states. “Torq also offers out-of-the-box bi-directional integrations with leading case management systems such as ServiceNow, Jira, and Zendesk, as well as communication platforms like Slack, Microsoft Teams, and Cisco WebEx. Torq supports in-the-platform virtual war rooms as part of its case management, and its multi-workspace architecture and granular RBAC can involve multiple teams across organizational disciplines: security, IT, engineering, business lines, and human resources.”
It’s clear through GigaOm’s latest report that Torq Hyperautomation is helping organizations overcome the limitations and challenges of legacy SOAR and empowering security pros with solutions that take out the complexity while also freeing up their time and budget for meatier projects.
The GigaOm Radar report confirms that we’re on the right path in our unwavering commitment to hyperautomation and our quest to make it as easy as possible for enterprises to fortify themselves against cyber threats without sacrificing protection.
Download the full GigaOm Radar report now and read how hyperautomation is shaking up the sluggish SOAR category. And try Torq Hyperautomation for yourself: https://torq.io/demo/
Solving the Integration Problem at Scale: How Torq Connects With Any Tool Using Hyperautomation
By Hagai Shapira, Director of Product
September 21, 2023
8 Minute Read
Setting up your security tools to work together seamlessly is often easier said than done, leading to time-consuming tasks and potential security gaps, especially without the proper tools. You must have both the ability to connect to any product, using APIs, CLIs or proprietary protocols, and do that in a simple no-code manner, without having to know the ins and outs of each technology. Without these, the ability to quickly automate is greatly diminished – as in legacy SOAR products.
Torq hyperautomation solves that by providing a powerful automation engine and a true no-code step creation ability. This combination empowers you to connect and work with any other product or tool in your security stack and, right out of the box, to create near-limitless automations. Torq also provides a fast-growing library of official integrations and automation actions that feature any of your products, both legacy and new, right when you need them.
Scalable orchestration platform to support your event loads and computation.
Simple language to create this automation.
Great connectivity and integration with your entire security stack, across multiple cloud and on-prem environments.
As the cybersecurityecosystem is ever-evolving and most security organizations adopt several new tools each year, meeting all three of these requirements can be exceptionally challenging. Maintaining an up-to-date library of integrations for the latest tools, plus easily onboarding new tools required, becomes a major undertaking.
How legacy SOAR attempts to solve it, and why that doesn’t work
Legacy SOAR is renowned for having poorly addressed this last problem of connecting to any tool quickly. Integrations in legacy SOAR products are based on building dedicated code modules for every single new product you interact with. This requires specialized software developers to build these integrations, making it an expensive, slow, and time-consuming effort to develop in-house. Waiting for the SOAR providers themselves to integrate new tools would take many months or years until that specific integration was completed. Integrating any homebrew or internal system is out of the question unless you have dedicated software developmentresources for this purpose.
Example code snippet to establish rudimentary connectivity to a third-party application
How newer no-code tools attempt to solve it, and why that also doesn’t work
After the frustration with legacy SOAR products’ difficulty integrating with new platforms, a host of newer, no-code tools emerged. They claim to integrate with any product without any integration-building required.
This is based on the assumption that most products today provide some HTTP-based APIs available to interact with. Then, these no-code tools provided a Postman-like experience for creating HTTP calls.
Example Postman HTTP call
Though this approach is definitely a league more flexible than the legacy SOAR pace, at scale, it often fails. Enterprises try to integrate with systems that don’t provide any clear HTTP APIs. The ability to integrate with proprietary protocols, perform remote RPC calls, or even run a small script is often the last crucial piece in building a full enterprise-grade automation process. Plus, requiring users to build their own HTTP calls for every action on every product has become a burden on the security operations team.
Instead of focusing on automating their processes, analysts are forced to be experts in the specificities of each of the APIs of their security tools. They must stay up to date with any changes in the APIs of these ever-evolving tools, otherwise, the connectivity often breaks, preventing automations from running. With no-code, the responsibility to maintain these HTTP calls falls on the shoulders of the security team instead of on the no-code automation tool itself.
Sampling of Torq’s ever-expanding pre-built integrations that are managed and maintained by Torq to provide the latest functionality without breaking your connectivity.
How Torq solves the content problem – Orchestrating any containerized logic
The understanding that an automation platform should be able to orchestrate any kind of technology, both new or legacy, was in our minds from the very first days of developing Torq’s hyperautomation platform.
This principle was introduced into our product design goals and led to the decision for a step in Torq to be any kind of containerized logic. Containers have become the ubiquitous technology for shipping and deploying software and the orchestration of each kind of logic, and even executing it in different environments, means that Torq can support communicating with any kind of tool in an organization’s security stack over any kind of technology. This can range from the latest HTTP-based API, a proprietary database protocol, any command line interface (CLI), or even a homebrew system, using the ability to bring your own containerized logic and run it from the same simple, no-code UI.
Example of Torq connecting to systems via webhook, SSH with embedded commands or scripts and HTTP-based API requests
How Torq solves the content problem – Calling any HTTP API and making it a no-code step with flexibility
While having the ability to run any container and CLI command from a single interface is extremely powerful, today, most security products expose an HTTP-based API (REST or GraphQL) to allow integrating and communicating with them. InTorq,q you can quickly call any of those products using the “Send an HTTP request” step. This step exposes a simple UI to model any type of HTTP call, with any authentication required, and built-in support for OAuth and JWT auths, just like the Postman app. It even automatically translates a cURL command, available from many API references, to the proper fields in the step, making connection with new API-driven products a breeze.
How Torq solves the content problem – Create new content at scale using Torq’s step builder to drive hypergrowth of no-code integrations and steps
Having the ability to easily create HTTP API-based steps is significant for quickly connecting with new tools and never having to stop automation building. Messing around with raw HTTP mode isn’t that useful over time and is a lot more complicated for new team members who want to use true no-code steps. This is exactly why we developed the Torq step builder. A simple builder that takes your raw HTTP steps and turns them into true no-code steps, complete with the appropriate parameters, descriptions, and examples on how to operate the specific step you’re building. Torq eliminates the complexities of formatting JSON and handling the authentication for a specific API. These custom steps can be saved to your workspace’s custom step library, and shared with your team members to enable them to build further automations with no-code simplicity.
To create new steps and content, there’s no need to start from scratch each time. Torq allows you to take any API-based step from the Torq public library and switch it over to its raw HTTP mode. You can then modify it to fit any specific need or requirement, like adding new optional parameters, updating API paths, or making any other changes, and convert it back into its fully no-code parameterized form. These new versions of steps can again be saved to your custom steps library. Should you choose to share them with the entire Torq user community, they can also be published to the public step library.
Torq’s step builder which allows building true no-code steps from HTTP based steps.
Torq’s content team and technical partners use precisely this method to expand Torq’s public step library. They build Torq steps with Torq’s step builder, test them by using them in automations, and finally, after validation, publish them. By having these extremely quick building and testing processes, in-app, new content in Torq can be published within hours instead of weeks and months in legacy SOAR systems, all while providing a mature content management system, complete with seamless content updates, notifications, and tracking for changes.
Conclusion
Torq has reimagined the approach to security automation by focusing on security hyperautomation and seamless content creation, unlike legacy SOAR solutions that necessitate specialized software development skills to achieve simple integrations. Torq provides an extensible platform that leverages containerized logic and an extensive, user-friendly library of no-code steps to get you automating in minutes. Our approach frees your security analysts from the constraints of needing to become API experts and instead lets them focus on what matters most: securing your organization and digital assets.
Want to learn more about how Torq can dramatically enhance your security workflows so you can stay ahead of emerging threats? Test drive Torq Hyperautomation, here: https://torq.io/demo/
Redefining Cybersecurity Operations: The Power of Torq’s Workflow-Centric Case Management
By Dor Morgenstern, Senior Product Manger
September 7, 2023
7 Minute Read
Cybersecurity is a landscape forever in motion, an arena where threats evolve at an alarming pace. The tools we employ to counter threats should match this pace and anticipate the unforeseeable. Still, a chasm exists where tools are not keeping up with the changes, particularly regarding case management.
I’m Dor Morgenstern, lead PM for Case Management at Torq. With a background rooted in cybersecurity, I’ve seen firsthand the evolving challenges that securityoperations face. In this blog, I aim to shed light on the transformational power of workflow-centric case management and how it addresses these challenges head-on.
The Sunset of Legacy SOAR Solutions
From their start, case management and SOAR solutions carried the promise of transforming cybersecurity operations. They introduced playbooks, welcoming an era that promised seamless automation and rapid response to threats. On paper, they’re the perfect solution.
But the reality has been disappointing. Instead of simplifying the security process, these platforms layer automation onto existing ticketing or case management solutions. Like placing a new engine in an old car chassis–it might run faster, but it still can’t navigate the modern digital highway efficiently.
Legacy SOAR gives people clunky configuration panels resembling aircraft cockpits. Analysts and SOC architects are forced to mentally sift through a mess of switches, knobs, and redundant options. Instead of enabling rapid response, the tools become a stumbling block. More often than not, critical response actions get delayed by the sheer complexity of the tool meant to streamline them. SOAR is not alone in this complexity problem, of course, as Ross Haleliuk pointed out in a recent blog:
“…every product today has hundreds of configurations, options, and knobs that security practitioners need to turn a certain way to achieve a particular outcome.”
That’s where workflows come into play.
The Intuitive Power of Workflows
At the heart of this new paradigm shift in cybersecurity lies the idea of dynamic workflows. Instead of getting bogged down in static configurations and limited predefined settings, why not design a system that evolves and adapts on the fly?
Workflows act like dynamic decision trees, charting a course through the complexity of security incidents. They are inherently flexible, allowing for real-time adaptation based on the unique characteristics of each security event. Teams are no longer forced to stick to a rigid script; instead, they can navigate the ever-changing terrain of cybersecurity threats.
Simple, drag-and-drop interface that you can create complex no-code workflows.
The distinction between legacy configuration panels and workflows is clear– where configuration panels are static, workflows are dynamic. Where panels force users into a one-size-fits-all mold, workflows adapt and mold themselves around the unique life cycle of each case. Workflows breathe life into the cybersecurity process, transforming it from a static chore into a dynamic dance of defense.
Torq’s Hyperautomation: A New Dawn in Cybersecurity
Our approach at Torq is a game-changer in case management. Instead of bolting automation onto dated case management systems, we’ve designed our case management system as an integral part of a powerful no-code automation foundation, ditching the messy bolt-on experience most SOC teams struggle with for an organically embedded case management process. What does this mean in practical terms? Let’s break it down with some clear examples:
1. Dynamic Case Tailoring: Consider a scenario where suspicious activity is detected from a list of IP addresses. With traditional systems, you might be constrained by pre-defined case layouts and parameters. With Torq, the case can be dynamically modified on the fly using workflows (i.e., surfacing relevant information or even remediation workflows as quick buttons to the case), adapting to intel as it comes in.
Automatic alert triage and investigation mapping malicious IP address activity to MITRE ATT&CK framework techniques with intelligent automatic investigation and remediation workflows
2. Intuitive Workflows Over Configuration Panels: Torq liberates SOC architects from sifting through overwhelming configuration panels. Want to add a new dataenrichment step? Simply tweak the workflow. It’s as straightforward as connecting a new step in a visual editor, without a single line of code.
Drag and drop simplicity of connecting steps in a visual editor.
3. Automated Remediation Built-In: Remediation isn’t an afterthought; it’s part of the process. If the case’s workflow identifies a malicious email, it can automatically initiate remediation steps, like isolating affected systems or revoking email access, all within the same case environment.
4. Intelligence at Your Fingertips: Traditional SOAR systems separate threat intelligence from case data, requiring teams to hop between different platforms. With Torq, observables and indicators of compromise (IOCs) like IP addresses and file hashes are first-class citizens, easily accessible and actionable within the case.
Automatic analysis of IP address reputation with the attack origin locations and contextual information allowed with the associated tactics, techniques, and procedures from third-party threat intelligence information.
5. Lifecycle Triggers for Contextual Actions: The dynamic nature of Torq empowers SOC architects to set up triggers based on case milestones. For instance, when a case moves to the investigation stage, a workflow could automatically pull in additional forensic data, notify team leads, or modify the case’s layout as it evolves.
The numerous and varied case management triggers that can be customized to meet your organization’s needs.
The power of automation is harnessed when it’s organically embedded into the case management process, not slapped on as an afterthought. This provides a more cohesive and efficient system for handling security events.
Our emphasis is not on rigid configuration panels that can stifle response flexibility. Instead, Torq’s system is designed to harness the full potential of dynamic workflows. We empower analysts and architects to craft unique response strategies tailored to specific threats and organizational needs. Security professionals are not restrained by the limitations of their tools. With Torq, they are free to innovate, adapt, and respond with unparalleled precision.
The Torq Difference: Dynamic Control Across the Lifecycle
Another thing that sets Torq apart is the degree of control we’ve built-in throughout the case’s lifecycle. In traditional SOAR platforms, playbooks–though groundbreaking for their time– are often employed merely as remediation tools. Torq’s approach is more holistic. Every stage, from detection to analysis and finally to remediation, can be steered by dynamic workflows. This ensures that the system is always in tune with what’s occuring in a case, leading to spot-on accuracy and timely responses.
Furthermore, Torq’s platform eliminates the need for redundant back-and-forth between separate systems. Integrating no-code automation into the fabric of case management means that every action, automated or manual, is executed within a unified environment. It’s a symphony orchestra where every instrument, no matter how disparate, plays in perfect harmony.
The Future of Hyperautomation is Here
We’re at a turning point in cybersecurity. On the one hand, threats are multiplying and evolving at a pace that’s hard to keep up with. Conversely, the tools and systems at our disposal are often found wanting. But with Torq’s innovative approach to case management, the tide is turning.
By placing powerful hyperautomation at the heart of our platform, we’ve ushered in a new era in cybersecurity operations that prioritizes agility, precision, and efficiency. Legacy SOAR platforms had their moment in the sun. As the landscape changes, so must our tools. Torq is lighting the way to a safer, more secure digital future in this fast-changing arena.
Want to learn more about how Torq can dramatically enhance your security workflows so you can stay ahead of emerging threats? Test drive Torq Hyperautomation, here: https://torq.io/demo/
Every investment in SOAR is accompanied with the hidden costs of onboarding and troubleshooting. The licensing structure SOAR brings to an organization is outdated and overpriced. The value of SOAR drastically declined when it transitioned its primary focus from being a force-multiplying automation solution to a glorified ticketing system still requiring countless professional service hours. In fact, 90% of security professionals claim that their SOAR needed upfront investment to build automation workflows and response playbooks.
Here are 5 hidden costs of SOAR no SecOps professional can afford to ignore:
1. Initial setup and implementation costs
SecOps is routinely shocked by the astronomical professional services and deployment costs SOAR involves. In contrast, Torq users experience a 10X+ operational and productivity boost just weeks after deployment. From day one, organizations can enjoy serious ROI via Torq’s cost savings by maximizing team productivity and process effectiveness with the Torq Insights dashboard. It granularly measures time savings and operational efficiency for total visibility into the hyperautomation platform’s impact.
2. Ongoing maintenance and support for self-managed infrastructure
As organizations adapt and calibrate their SOAR platforms, they discover the need for continuous monitoring, troubleshooting, and adjustments to ensure peak efficiency and adaptability for evolving threat landscapes. Simply put, the greater the maintenance required, the greater the price tag.
3. Hiring personnel and expertise
Qualified SecOps professionals are getting scarce. They’re in demand and the competition to secure them is severe. This is compounded by existing SecOps teams that are understaffed and burning out. All Torq customers benefit from dedicated technical experts that help organizations achieve their automation goals at no extra cost. Say goodbye to surprise consulting bills that cost more than the automation solution.
4. Cost of custom development required on top of SOAR
What SOAR solution providers fail to disclose is the additional set of expenses necessary to provide custom development. Organizations with a SOAR often find themselves needing customized solutions to align the system with their unique operational requirements and existing security stack.
5. Expensive reconfiguration of inflexible playbooks and workflows
In an effort for organizations to be agile in combating security landscape changes, automation sequences set in an organizations SOAR platform are often not up to par for addressing the complexities of today’s threat landscape. If organizations fail to adapt, they could face delayed response times and decreased agility.
It’s Time to Break Up With Your SOAR…
Seriously, stop settling. There are no strings attached or hidden costs with hyperautomation. The choice is clear. Hyperautomation’s radically different approach delivers a much better correlation between price and value. Need more reasons to ditch your Legacy SOAR? Download our Manifesto to learn exactly why SOAR is Dead.
