Planning with AI: Minimizing Uncertainty, Maximizing Trust

By Gal Peretz

November 21, 2024

6 Minute Read

Gal Peretz is the former Head of AI & Data at Torq. Gal accelerates Torq’s AI and data initiatives, applying his deep learning and natural language processing expertise to advance AI-powered security automation. He also co-hosts the LangTalks podcast, which discusses the latest AI and LLM technologies.

To stay ahead of today’s threats, you must do more than keep pace — you need to equip your team with tools that enable smarter, faster responses. For SOC analysts, runbooks in case management systems are essential guides for handling security alerts step-by-step. The prospect of automating these runbooks with AI is enticing, promising to streamline daily operations and free up time for more critical tasks.

However, some are rightfully skeptical. They worry that AI automation could introduce unexpected issues without careful planning and collaboration, potentially hindering productivity and increasing risk. This blog explores how collaborating with AI during planning and setting AI guardrails can enhance predictability, transparency, and trust in AI automation.

The Importance of Runbooks in Security Operations

Runbooks are structured, step-by-step guides enabling SOC analysts to respond to security incidents consistently and accurately. They are particularly crucial for Tier 1 analysts, who often serve as the first line of defense against a high volume of alerts.

These runbooks provide clear instructions for the following:

Triaging alerts
Investigating potential threats
Determining when to escalate issues

By standardizing responses, runbooks reduce human error and ensure efficient handling of all incidents, even in high-pressure situations. Automating runbooks with AI presents an appealing option for scaling operations, accelerating repetitive tasks, and allowing analysts to focus on more complex, high-stakes cases.

The Need for AI Guardrails in Runbook Automation

While automating runbooks with AI is a game-changer, granting AI too much freedom can quickly backfire. Most runbooks are designed with human readers in mind, presenting step-by-step guides that make sense to analysts but can be confusing for AI.

When left to interpret these text-based instructions independently, AI might:

Misinterpret steps
Make unexpected decisions
Produce unintended results

AI can become unpredictable without a structured plan and human alignment, risking accuracy and eroding your team’s trust in automation. A collaborative planning phase to ensure AI guardrails is crucial as it provides SOC analysts visibility into how the AI “interprets” the runbook and plans to automate it. This transparency allows analysts to refine the AI’s approach, ensuring the plan aligns with real-world needs before execution begins.

Collaborative Planning: Aligning AI and Analysts

To understand the value of Torq’s approach to runbook automation, let’s consider a common SOC runbook for investigating phishing reports. Such runbooks guide analysts through tasks like checking attachments, analyzing email headers, and escalating incidents when certain conditions are met.

*Example SOC investigation runbook for User Phishing Reports*

Automating these tasks with AI is more complex than simply running through the steps. Many runbooks are written for human understanding and involve actions that may be ambiguous or beyond direct AI capabilities. Torq’s plan-and-execute approach addresses this challenge by separating the process into distinct planning and execution phases, giving analysts more control and visibility over the AI’s actions.

1. Planning Phase

In this phase, the AI:

Reads through the runbook
Converts instructions into a structured, transparent plan
Break down each instruction into clear, atomic steps
Identifies steps it can automate and those requiring human intervention
Highlights gaps where it lacks necessary tools or access

This transparency allows SOC analysts to modify the plan, choosing where the AI should pause for guidance or where additional human-defined workflows are needed. In scenarios where full automation isn’t feasible, such as in highly secure or restricted environments, this collaborative planning ensures that the AI aligns closely with human intent and avoids unnecessary errors.

2. Execution Phase

Once the analyst reviews and approves the plan, execution follows this carefully vetted blueprint.

This approach:

Strips ambiguity and indeterminism from the execution
Provides transparency and reliability
Fosters trust in the automation process

Analysts can be confident that AI will follow the exact plan, making the automation more efficient and dependable without sacrificing control or accuracy.

To reinforce the concept further, let’s consider how Socrates, our AI SOC analyst, would function without the ability to add tags while focusing on his communication skills and resistance to AI hallucination.

Socrates, even without the capability to add tags, would still demonstrate its effectiveness in several ways:

Clear communication of limitations: When faced with a task it cannot perform, such as adding a tag, Socrates would explicitly state its limitations. For example, it might say, “I’m unable to add the tag ‘Malicious IOC’ as I don’t have that capability. This step requires human intervention.”

Requesting user input: Socrates pauses the process and asks for user input when the necessary tools or permissions are lacking. This demonstrates its ability to recognize boundaries and seek assistance when needed.

Proceeding with available tools: For steps where Socrates has the required capabilities, it would continue to execute them efficiently. These actions would be marked as completed or “green” in the process.

Detailed explanations: Throughout its analysis and decision-making process, Socrates provides clear, thorough explanations of his reasoning, helping analysts understand its thought process even when it couldn’t perform specific actions.

Suggesting alternatives: When unable to perform a specific action, Socrates might suggest alternative approaches or provide information that could help the human analyst complete the task manually.

Focusing on these aspects can highlight Socrates’ ability to communicate effectively, recognize its own limitations, and resist AI hallucination by not claiming capabilities it doesn’t have. This approach emphasizes AI’s role as a collaborative tool that enhances human decision-making in the SOC rather than attempting to replace human judgment entirely. See what this looks like below:

Example of an email analysis workflow generated by the Torq AI SOC Analyst that outlines 11 automated steps for security checks, with green checkmarks indicating executable actions except for two manual breaks serving as AI guardrails by requiring human intervention for tagging “Malicious IOC” and “VIP” cases. — *Example of an email analysis workflow generated by the Torq AI SOC Analyst that outlines 11 automated steps for security checks, with two manual breaks that serve as AI guardrails.*

Strengthening Security Through Transparent AI Collaboration

Trust and transparency are fundamental to building an effective security strategy in today’s rapidly evolving threat landscape. Torq’s AI capabilities prioritize collaboration and clarity, transforming how SOC teams handle automation. By structuring automation as a two-phase process — planning and execution — Torq ensures that AI usage is efficient, bounded by AI guardrails, and aligned with human oversight and intent.

This collaborative approach allows human SOC analysts to:

Maintain control over automated processes
Reduce uncertainty in AI actions
Trust in the predictability and reliability of AI-driven tasks

Fostering a security environment where AI and human expertise work together can strengthen organizations’ SOC capabilities and enhance overall security posture. See Torq’s AI in action — schedule a demo.

Learn more about building trust in AI and how structured, evidence-backed summaries generated by AI enable seamless SOC shift transfers.

Learn six key strategies for anti-phishing automation and automated phishing response.

AI Product

Take Control with Torq’s AI Data Transformation

By Brian Higgins

November 15, 2024

3 Minute Read

Data interoperability is the backbone of building reliable and efficient hyperautomated workflows. However, manipulating and formatting massive amounts of data from various sources — especially in complex JSON files — can feel overwhelming and consume significant time and resources, particularly for those still gaining technical expertise. Teams often lack or have maxed out dedicated resources to wrangle this data.

Today, we’re introducing AI Data Transformation, a powerful AI-accelerated operator that simplifies complex data transformation. It provides the testability, flexibility, and control required to manage enterprise-level workflows without writing a single line of code.

Why Data Transformation is Crucial

In hyperautomated workflows, seamless data flow between steps is crucial for optimal performance. AI Data Transformation achieves this with maximum efficiency by intelligently manipulating data as it flows to downstream steps. This powerful capability enables smooth operations by efficiently handling critical tasks such as attribute mapping, filtering, conditional statements, and aggregation functions — proactively addressing data compatibility between steps. In short, Data Transformation keeps workflows running at peak efficiency.

How AI Data Transformation Helps Security Teams

Torq’s AI translates natural language prompts into JQ commands, simplifying and democratizing JSON transformations. For those savvy in JQ, there’s full flexibility in modifying individual instructions and the generated code. Torq’s approach stands out for:

Customizability: Edit or rewrite any command to suit your needs.
Testability and Reproducibility: Test transformations and validate results for precise control.
Flexibility: Easily tweak transformations without disrupting your workflow.
Visibility: See prompts, code, and results at every step — zero guesswork.

While other solutions leave you in the dark, using monolithic parsing that makes it challenging to edit or troubleshoot, Torq keeps you in control through micro-transformations. Every transformation in Torq is testable, customizable, and modified with just a click, ensuring your automation runs precisely as intended.

Gif showing AI Data Transformation in action

Get Started

Transforming data is simple:

Drag the transform operator into your workflow.
Input the contextual JSON data you intend to transform, then click define transformation.
Enter your prompt in natural language (e.g., “extract vulnerabilities”).
Review the AI-generated JQ code and the output. Validate and edit if needed by fine-tuning with dynamic code generation or direct code editing.
Transform your data with complete visibility and control.
Save your work and reuse transformations as custom plans in the future.

Example Prompts

Need ideas? Here are a few natural language prompts and the associated JQ commands the Data Transformation operator could generate:

Natural Language Prompt	AI Translated JQ Command	Security Impact
“Extract all high severity vulnerabilities”	.vulnerabilities[] \| select(.severity == “high”)	Quickly prioritize critical security threats
“Group alerts by source IP”	group_by(.source_ip)	Identify potential attack patterns or compromised assets
“Calculate the average CVSS score”	[.[].cvss_score] \| add / length	Assess the overall vulnerability landscape

Read more about AI Data Transformation in Torq’s documentation or schedule a demo to see how it works.

News

What’s New With Torq: November 2024

From an AI Workflow Builder to upgraded Case Management, explore the latest releases in Torq’s AI-driven...

Build Security Workflows in Seconds with AI Workflow Builder

Transform your security processes with the AI Workflow Builder.

A key area for building trust in AI in the SOC? Ensuring that AI-generated summaries have the right structure and evidence to ensure seamless SOC shift transfers.

Building Trust in AI: Structured, Evidence-Backed Summaries for Seamless SOC Shift Transfers

art building trust in AI. Learn how structured, evidence-backed AI-generated summaries enable seamless SOC shift transfers.

News Product

What’s New With Torq: November 2024

By Brian Higgins

November 7, 2024

3 Minute Read

As we close out 2024, Torq is rolling out powerful new updates to help security teams start the new year with even greater efficiency and impact. These recent enhancements are designed to streamline operations, boost productivity, and support seamless collaboration.

Here’s a look at the latest features set to transform your security operations.

AI Workflow Builder: Build Workflows in Seconds

AI Workflow Builder enables any security team to quickly create powerful, automated workflows, no coding required. Just describe your workflow in natural language, and AI will generate a fully functional, customizable workflow in seconds. Choose from over 4,000 pre-built actions and 300 integrations to tailor workflows to your security needs, freeing your team to focus on strategy, not setup.

AI Workflow Builder goes beyond the template library by offering fast, flexible automation that meets your organization’s unique security requirements without extensive manual configuration.

Learn More

Case Management: Accelerating Analysts and Team Leads

We’ve significantly upgraded Torq’s Case Management capabilities to provide more control and flexibility in handling security incidents.

You’ll find the following enhancements:

Create Cases from JSON Objects: This new step offers greater flexibility than the standard Create a Case step, allowing you to define additional attributes like custom fields, custom SLA timers, quick actions, and runbooks within a JSON object.
Configure Torq HyperSOC Case Settings: Adjust the auto-refresh interval for the Cases page and enable the option to mark notes and comments as public.
Granular Permission Controls: Create custom analyst roles without deletion permissions, ensuring only authorized team members can delete cases.
Case Note Improvements: For your subsequent work of art, we’ve increased the character limit to 65,000, added easy image resizing with aspect ratio preservation, and added an option to view full-size images.
Bulk Update Cases’ Custom Fields: Use the Input mode dropdown to select whether to update a single field or multiple fields. For multiple fields, provide the key-value pairs in JSON format.

These new additions enable teams to handle incidents faster and more efficiently, from routine alerts to complex, large-scale security events. On to the next!

Interact: Bridge the Gap Between Security and Business

Torq Interact has become the central hub for cross-organizational security collaboration and automation. Now, you can create a portal interface for your internal organization’s end users. This seamless interface enables users to interact with and execute Torq Interact workflows, enhancing operational efficiency through cross-organizational process execution for streamlined, automated actions and real-time data access.

Learn More

Additional Enhancements

Import or Export Workflows with Custom Steps and Integrations: Easily share and replicate your custom workflows across different environments, including custom steps and integrations.
Eliminate Reliance on User Presence with Service API Keys: Create a Service API key to remove your workspace’s dependence on individual user presence. Unlike private API keys, which can break if a user is removed from a workspace, Service API keys are associated with the workspace itself and can be created by workspace owners.
New Integrations and Templates: Torq constantly expands the library of integrations and templates. Check out the latest additions in the October Digest.

Watch this space for more updates as Torq continues to transform security automation.

Product

What’s New With Torq: September 2024

Check out the latest new capabilities designed to make security analysts' lives easier and more efficient.

Build Security Workflows in Seconds with AI Workflow Builder

Transform your security processes with the AI Workflow Builder.

Building Trust in AI: Structured, Evidence-Backed Summaries for Seamless SOC Shift Transfers

art building trust in AI. Learn how structured, evidence-backed AI-generated summaries enable seamless SOC shift transfers.

GigaOm Declares Torq the Autonomous SOC Leader, Dramatically Outpacing Legacy Vendors

By Torq

October 29, 2024

5 Minute Read

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. GigaOm applies proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation, empowering enterprises to successfully compete in a changing business atmosphere.

GigaOm recognizes Torq as the only Hyperautomation vendor capable of delivering true autonomy to the SOC without vendor lock-in.

For years, security teams have grappled with relentless alert fatigue and burnout, exacerbated by disjointed security tools like SIEMs and SOARs. Legacy security vendors have tried to address this by cramming disconnected solutions into “all-encompassing” SecOps platforms, and many have now falsely tacked on “autonomous SOC” and “Hyperautomation” claims to their products.

Security teams can’t afford to invest in another expensive, hard-to-maintain platform that doesn’t deliver on its promise of autonomy and automation — so where should they turn?

GigaOm’s newly-released Autonomous SOC Radar Report confirms: Torq Hyperautomation is the clear frontrunner in realizing the autonomous SOC vision and delivering the autonomy SOC teams have long been promised.

What is an Autonomous Security Operations Center (SOC)?

While legacy vendors now claim to offer SOC autonomy, true autonomy isn’t achieved by locking users into rigid, all-in-one platforms. These legacy solutions contributed to the very burnout problem that led to a talent shortage of 4 million security professionals. Their proposed solution? Dump more cash into the same outdated platforms.

A genuinely autonomous SOC leverages advanced automation and AI to handle manual and routine security tasks, accelerating response times, enhancing threat management, and ultimately safeguarding the well-being of SOC analysts. The most efficient path to this goal involves breaking down silos between security tools, enabling seamless communication and streamlined security operations across a modern, best-of-breed tech stack.

Simply put, it isn’t possible to achieve an autonomous SOC without automation. Torq is the only vendor solely dedicated to empowering security teams to automate more, faster.

“Torq is the only vendor positioned in the Innovation/Feature Play quadrant, as it is the only non-SIEM solution featured in the report, which also explains its differentiated position.“

– Andrew Green, Research Analyst for Networking & Security, GigaOm

Torq is the Only Hyperautomation Vendor Listed in GigaOm’s Autonomous SOC Report

Hyperautomation is the next evolution in scalable autonomous security operations. By definition, Hyperautomation requires enterprise-grade scalability, availability, and connectivity — essentially solving the challenges caused by these large legacy vendors. While the idea of the autonomous SOC is centered around the ability to automate everything, similarly, Hyperautomation is built on a foundational ability to integrate with anything.

Torq’s recognition as the only Hyperautomation vendor in GigaOm’s Autonomous SOC Radar report underscores that unique position in the security operations landscape.

Frameworks coming into law, such as DORA in the EU and CCSPA in Canada, spotlight the need for vendor diversity to reduce single points of failure and enable redundancy. Torq is the only autonomous SOC vendor enabling organizations to seamlessly integrate best-of-breed solutions — free from vendor lock-in.

Torq combines this vendor-agnostic approach with advanced technologies like purpose-built AI and Hyperautomation, engineered to create intelligent end-to-end solutions for security processes.

And GigaOm isn’t alone in recognizing Torq as the leader of autonomous SOC — industry analysts across the board are taking note.

“Torq is the first solution we’ve seen that effectively enables SOC professionals to mitigate issues including alert fatigue, false positives, staff burnout, and attrition. We’re impressed by how its AI augmentation capabilities empower these staff members to be much more proactive about fortifying the security perimeter.”

– Chris Kissel, Vice President, Security & Trust Products, IDC Research

By choosing Torq, organizations are embracing the future of security operations, as recognized by industry experts — with an approach that’s creating a more agile, effective, and strategic security operation.

Leveraging AI to Drive SOC Autonomy

Torq integrates purpose-built AI capabilities such as generative AI and large language models (LLMs) to evolve SOC operations fundamentally and deliver on the promise of an autonomous SOC. This enables security teams to focus their efforts on proactive security measures, resulting in greater efficiency and accuracy in decision-making processes.

“80% of our security alerts are assisted and accelerated by Torq workflows. To analyze, enrich, and also autonomously respond to alerts is a paradigm shift that brings unprecedented efficiencies.″

– Joshua Blackwater, Deputy CISO, SentinelOne

Socrates, Torq’s AI SOC Analyst, exemplifies this by automating 90% of Tier-1 tasks through AI-powered triage and investigation. Socrates accelerates analyst response times by summarizing case data and providing immediate insights. It also automates 95% of security cases from investigation to response, intelligently assigning critical cases to human analysts when necessary. This augmentation empowers analysts at all levels to achieve machine-speed response times while supporting ongoing learning and skills development.

The Sole Winner: Torq’s Unique Position

GigaOm’s report highlights the critical importance of AI-powered autonomous SOCs. As the sole Hyperautomation solution free from platform constraints, Torq provides the agility and innovation necessary for modernizing security operations in an increasingly demanding environment.

For organizations seeking to enhance their SOC capabilities without sacrificing flexibility or risking vendor lock-in, Torq offers the only comprehensive solution designed to meet these challenges head-on. Schedule a demo to see it in action.

Get the Report

Squish the Phish: 6 Automated Phishing Response Strategies

What is Hyperautomation’s role in phishing defense?

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

SecOps automation eliminates manual security tasks, reduces alert fatigue, and empowers lean teams.

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

What is an AI SOC Analyst? Learn how Torq Socrates drives the autonomous SOC.

AI Use Cases

AI in SOC Operations: 3 Use Cases That Show How Socrates Supercharges Analysts

By Brian Higgins

October 23, 2024

3 Minute Read

How AI in SOC operations frees your analysts from repetitive tasks

Despite the rapid evolution of security technologies, many SOCs are still weighed down by manual processes and outdated tools. Analysts are burdened with repetitive tasks, inefficient workflows, and disjointed incident response mechanisms. This broken system is leaving SOCs reacting to incidents instead of preventing them.

There’s a better way forward. With Torq’s AI SOC Analyst, Socrates, security teams are redefining how they operate — moving from reactive to proactive and supporting efficiency at every level. Unlike traditional GenAI assistants, Socrates uses a Multi-Agent System (MAS) to plan, execute, and learn across every stage of incident response. Socrates enables security teams to automate mundane, repetitive tasks and take contextual action faster, moving towards an autonomous SOC and freeing analysts to focus on higher-order work.

Let’s explore how Socrates revolutionizes security operations by addressing three key use cases for AI in the SOC.

1. Intelligently Prioritized Cases

The average SOC is inundated with alerts, making it challenging to identify and prioritize critical cases. Manual case assignments consume valuable time and often result in misassignments that delay threat response.

With Socrates acting as the SOC’s AI OmniAgent, manual case assignment bottlenecks become a thing of the past. Socrates automatically triages incoming alerts, determines their priority level, and assigns them to the appropriate team or individual in real time.

This enables analysts to immediately focus on resolving high-priority cases without having to sift through data or determine who should handle what. The result is improved incident response speed and accuracy, reducing time-to-remediation, and easing the burden on your SOC team.

2. Smarter Human-in-the-Loop Remediation

Despite advancements in automated workflows, there are times when human input is essential for nuanced decision-making. Many SOCs struggle to effectively balance automation with human expertise. Legacy models often fail to integrate humans seamlessly into the process, leading to efficiency gaps.

Socrates streamlines human-in-the-loop workflows by notifying analysts when their input is needed. Analysts can quickly step in to guide the remediation process — whether it’s approving a firewall block, escalating an alert, or providing context for an investigation.

This real-time collaboration between AI agents and human expertise is designed to eliminate burnout without sacrificing control.

3. Automated Case Documentation and Admin Work

SOC analysts often dread documentation as it takes time away from real security work. Case notes, incident logs, and reports are necessary for compliance and auditing — but they can be a time drain.

Socrates alleviates the burden by automatically documenting cases as they evolve. Using natural language processing and contextual awareness, Socrates automatically logs actions, summaries, and case updates from start to finish. This reduces the need for manual input, prevents human error, and ensures consistent documentation across the board. By handling admin work in the background, agentic AI in the SOC frees analysts to focus more on proactive security efforts.

Why AI Agents Are the Future of AI in SOC Workflows

The pain of relying on legacy SOAR tools and manual processes is over. By integrating Hyperautomation with AI through Socrates, SOC teams unlock new levels of efficiency, accuracy, and strategic value. Socrates modernizes your SOC, from automatic case assignment and streamlined human-in-the-loop workflows to hands-free documentation.

Experience the power of Socrates — the AI SOC Analyst that keeps pace with today’s most intense challenges.

See Socrates in Action

Squish the Phish: 6 Automated Phishing Response Strategies

What is Hyperautomation’s role in phishing defense?

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

SecOps automation eliminates manual security tasks, reduces alert fatigue, and empowers lean teams.

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

What is an AI SOC Analyst? Learn how Torq Socrates drives the autonomous SOC.

AI Hyperautomation Insights

How to End SOC Alert Fatigue (Before It Ends Your Team)

By Torq

October 10, 2024

6 Minute Read

Every day, analysts are buried under a mountain of low-value and often meaningless alerts. And they’re expected to triage, investigate, prioritize, and respond to all of them — faster, better, and with fewer people. With this comes alert fatigue, which can lead to missed threats, slower response times, and SOC analyst burnout.

The good news is that SOC analysts don’t have to live like this anymore. Not if you have the right kind of AI working for you. This blog explores what alert fatigue is, the causes, and how agentic AI can kill your SOC alert fatigue.

What Is SOC Alert Fatigue?

Alert fatigue occurs when security analysts are inundated with more alerts than they can handle, many of them false positives. More than half of security teams say false positives are a huge problem, and 62.5% are overwhelmed by sheer data volume.

Without effective triage or prioritization, it becomes harder to distinguish real threats from background noise. This leads to slower detection and response, missed incidents, and higher stress on already-stretched SOC teams, which in turn increases risk to the business.

What’s Fueling SOC Alert Fatigue?

Alert fatigue is the result of too many notifications with too little value. And it’s a problem that only gets worse as security environments become more complex. Here’s what’s driving it:

False positives: When your tools cry wolf 24/7, your team stops listening. Eventually, real threats slip through while your analysts are focusing on other tasks.
Lack of context: SOC alerts that show up without background info or severity indicators force analysts to spend time investigating the wrong things.
Lack of integration: Most enterprise environments are filled with tools that don’t work well together. Without correlation and consolidation, alert volume skyrockets.
Poorly defined management processes: Vague incident response plans — or worse, none at all — mean alerts hang around with no apparent owner or action path.
Too few hands on deck: SOC teams are often understaffed and overworked. The more alerts pile up, the harder it is to keep pace.
Limited customization: If you can’t filter or customize your alerts, even basic issues start to add unnecessary noise.

The Number One Cause of Alert Fatigue: Legacy SOAR

Legacy SOAR is the #1 driver of SOC alert fatigue. It’s a rigid, SIEM-dependent model that treats every alert like a five-alarm fire. It floods analysts with noise, drowns them in contextless data, and racks up costs with every added integration. And because most legacy SOAR platforms are stuck on-prem, they can’t scale or flex with today’s modern security environments.

Here’s what you get with legacy SOAR:

Difficulty finding helpful information and managing vulnerabilities
Slower time to identify and respond to actual threats
Higher rates of SOC analyst burnout, which drives attrition
Too many tools, not enough context

The Cost of Alert Fatigue

Cybersecurity alert fatigue doesn’t just slow your team down — it puts your security posture and business at risk. Here’s what happens when your SOC is buried in noise:

False sense of security: When analysts are bombarded with alerts, real threats start blending in with the false positives. Eventually, they stop paying attention, and that’s when things slip through the cracks.
Slower response times: Tired teams don’t move fast. Critical SOC alerts sit untouched, and threats have time to escalate.
Wasted resources: Teams overwhelmed by junk alerts often require more headcount. That’s expensive and inefficient.
Burnout and turnover: Drowning in noise leads to stress, frustration, and SOC burnout. More than 70% of SOC analysts report experiencing burnout, and more than half have considered leaving the field. With them goes the knowledge and expertise that takes years to develop.
Reputation damage: When a preventable breach hits the headlines, the fallout can be massive.
Legal and compliance issues: Missed threats can turn into breaches. Breaches mean SEC reporting, fines, investigations, and answering a whole lot of questions.

The average cost of a data breach was $4.9M in 2024, a 10% increase year over year. On the flip side, organizations that fully embraced security AI and automation saved an average of $2.2M compared to those that didn’t, according to IBM.

How Torq HyperSOC Uses Agentic AI to Fix Fatigue

Legacy SOAR can’t scale. Torq HyperSOC™ can.

Built on an event-driven architecture and powered by agentic AI, Torq HyperSOC processes and prioritizes alerts at machine scale, handling volumes that legacy SOAR can’t even come close to. It dynamically filters, enriches, correlates, and aggregates alerts in real time, ensuring analysts see what actually matters.

Unlike SOAR, which forces teams to hand-map fields and manually manage triggers, Torq automates everything, from data parsing to trigger conditions to workflow execution. And because Torq also offers horizontal scalability, it can support a vast number of processes without slowing down or racking up costs.

With agentic AI, we’ve replaced repetition with relevance. Our multi-agent system takes on the tasks that drain analysts most — triage, enrichment, correlation, case summaries, even full remediation… and executes them autonomously. That means fewer panicked 2am Slacks and “Why am I still doing this manually?” moments.

“Torq HyperSOC is the first solution we’ve seen that effectively enables SOC professionals to mitigate issues including alert fatigue, false positives, staff burnout, and attrition.”
IDC: Achieving Machine Speed Detection and Response

An autonomous SOC powered by agentic AI eliminates SOC alert fatigue. With 95% of Tier-1 tasks hyperautomated, analysts aren’t stuck chasing false positives or drowning in duplicate alerts. SOC teams can focus on high-value incidents, with full context and enriched data at their fingertips.

Even Gartner backs it up: By 2026, AI will increase SOC efficiency by 40%. With Torq, that future isn’t years away; it’s already here.

Legacy SOAR vs. Torq HyperSOC™: Solving Alert Fatigue

Here’s how Torq HyperSOC™ stacks up compared to legacy SOAR systems when it comes to fixing alert fatigue.

Legacy SOAR	Torq HyperSOC
SOC alerts are treated like a five-alarm fire, with no intelligent prioritization	Agentic AI triages and prioritizes alerts with semantic, episodic, and procedural memory
Inflexible, SIEM-dependent pipelines for noise reduction and enrichment	Hyperautomation eliminates SIEM dependency and enriches data on the fly
Manual alert triage leads to SOC burnout and delays	AI-driven triage, investigation, and remediation reduce analyst burden
Rigid, on-prem architecture limits scalability and flexibility	Cloud-native architecture scales effortlessly with your environment
Siloed tools and alerts, lacking unified context	Multi-agent system correlates alerts into unified incidents with full context
Slower response times due to disconnected systems and workflows	End-to-end automation delivers sub-minute response times
High analyst turnover from alert overload and frustration	AI offloads repetitive work, reducing burnout and improving retention

By taking over the repetitive, time-consuming tasks that drive SOC burnout, agentic AI lets analysts do the work that actually matters. You know, the reason they got into security in the first place.

Ready to kill SOC alert fatigue? Learn how to migrate from legacy SOAR to Torq.

Get the Migration Guide

Squish the Phish: 6 Automated Phishing Response Strategies

What is Hyperautomation’s role in phishing defense?

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

SecOps automation eliminates manual security tasks, reduces alert fatigue, and empowers lean teams.

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

What is an AI SOC Analyst? Learn how Torq Socrates drives the autonomous SOC.

AI Insights

Building Trust in AI: Structured, Evidence-Backed Summaries for Seamless SOC Shift Transfers

By Gal Peretz

October 4, 2024

6 Minute Read

Gal Peretz is the former Head of AI & Data at Torq. Gal accelerates Torq’s AI & Data initiatives, applying his vast expertise in deep learning and natural language processing to advance AI-powered security automation. He also co-hosts the LangTalks podcast, where he discusses the latest in AI and LLM technologies.

Staying ahead of evolving cyber threats means more than just keeping up — it means outsmarting the adversary with intelligent, proactive solutions that supercharge your team. This blog kicks off our latest series focused on building trust in AI in Security Operations Centers (SOCs).

As we navigate this new era of AI, Torq recognizes that integrating intelligent systems into existing security workflows is both new and essential. And it can’t be just deploying advanced technology, it’s about building solutions that seamlessly collaborate with your team and earn their trust. Our mission is to create AI systems that enhance efficiency while embedding naturally into daily operations like SOC shift handoffs, ensuring that technology and human expertise work hand in hand.

The Challenge of Relying on Naive Summarizations in SOC Shift Handovers

Consider a scenario where an outgoing SOC team provides an AI-generated summary during a shift handover. The summary reads:

“A phishing alert was reported by an employee regarding an email from [email protected] with the subject ‘Your package is ready, needs to be released from customs.’ The email passed DMARC and SPF checks but contained several red flags indicating a phishing attempt.” [figure 1]

At first glance, this summary appears concise and informative, but the trained eye will notice it lacks more critical structure and detail. It doesn’t specify what exactly happened beyond a general phishing alert, when the events took place, or how the conclusion of a phishing attempt was reached. Moreover, it fails to cite any original evidence or analyses that support its findings.

This absence of structured information and verifiable evidence leaves the incoming team with unanswered questions like:

Which systems were affected?
What specific red flags were identified?
Were there malicious attachments or links that need immediate attention?

Without this crucial information, the incoming team may misinterpret the severity of the threat or overlook essential steps needed for mitigation. The lack of evidence-backed details also opens the door for AI hallucinations — incorrect or fabricated information generated by AI — which can mislead the team into focusing on the wrong areas.

Instead of facilitating a smooth transition, the unstructured and unsupported summary creates confusion, delays response times, and potentially allows the threat to persist or escalate.

Example of how a naive AI-generated case summary doesn't have enough information for reliable SOC shift transfers — Figure 1: Naive Case Summary Doesn’t Cut It for Reliable SOC Shift Transfers

The Torq Standard: Structured, Evidence-Backed Summaries

Now, imagine the same scenario we just discussed, this time the outgoing SOC team provides an AI-generated, structured, and evidence-backed summary. The summary is organized into clear sections — What happened, When it happened, and How it happened — each supported by direct citations to original forensic evidence.

“What happened: A phishing alert was reported by an employee regarding an email purportedly from [email protected] with the subject “Your package is ready, needs to be released from customs” [1]. The email contained malicious attachments (invoice.doc and QRCode.png) and included a suspicious link (hXXps://wood82c2[.]jayden1077[.]workers[.]io/c64ed9ed-b68b-4f61-b26e-20d32f0f13ab) [1]. The ‘Reply-To’ address differed from the ‘From’ address, indicating a potential phishing attempt [2].

When it happened: The phishing email was reported on August 5, 2024 [1]. Subsequent analyses and confirmations occurred between August 24 and September 2, 2024 [3][4][5][6].

How it happened: The email passed DMARC and SPF checks, but the discrepancy in the ‘Reply-To’ field raised suspicion [2]. Email body analysis flagged several phishing indicators: a non-legitimate link, a demand for information via a link, a false sense of urgency, and a lack of sender details [3][4]. Sandbox analysis of the attachments confirmed them as malicious, detecting unauthorized network activity and potential application crashes [5][6].” [Figure 2]

Citations:

Phishing Alert Email received by an employee, dated August 5, 2024.
Email Header Analysis Report, conducted on August 24, 2024.
Email Body Content Analysis Summary, dated August 25, 2024.
Suspicious Email Indicators Checklist, referenced on August 26, 2024.
Attachment Scan Results from Antivirus Software, dated August 30, 2024.
Sandbox Analysis Report of Email Attachments, completed on September 2, 2024.

With this structured summary and direct citations, the incoming team can quickly grasp the situation’s full context. They have immediate access to the supporting evidence, allowing them to validate the AI’s conclusions and understand the threat’s specifics without delay. This reduces the risk of misinterpretation and ensures that critical details aren’t overlooked.

The inclusion of citations linking back to original forensic evidence not only mitigates the risk of AI hallucinations but also builds trust in AI-generated insights. Team members can verify each point, ensuring that their actions are based on accurate and reliable information. This structured, evidence-based approach transforms the shift handover into a seamless transition, empowering the incoming team to act swiftly and effectively against the cybersecurity threat.

By adopting this method, Torq has developed AI-based security automation solutions that reflect the analytical thought processes of SOC professionals. The structured summaries not only enhance clarity but also empower team members to validate AI findings, thereby building trust in AI and facilitating more effective collaboration between humans and AI systems.

Example of how a a structured, evidence-based AI-generated case summary can help with building trust in AI in your SOC operations — Figure 2: Structured Summary with Forensic Evidence-Based Citations

Strengthening Your SOC with Trustworthy AI

Innovation and trust go hand in hand, especially in the critical field of cybersecurity. The challenges we’ve discussed highlight the necessity for AI solutions that do more than automate — they need to enhance trust, collaboration, and efficiency within your team.

This is where Torq’s AI capabilities become your trusted partner in navigating the complexities of security operations. By providing structured, evidence-backed summaries, AI Case Summaries ensure that every piece of information is transparent and verifiable. It empowers your SOC by enabling team members to work faster, make informed decisions with confidence, and seamlessly transition between shifts. By reducing uncertainty and mitigating the risks of AI errors, it streamlines operations and strengthens your entire security posture.

Together, we’re fostering a collaborative environment where AI and human expertise unite to safeguard your organization more effectively than ever before.

Squish the Phish: 6 Automated Phishing Response Strategies

What is Hyperautomation’s role in phishing defense?

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

SecOps automation eliminates manual security tasks, reduces alert fatigue, and empowers lean teams.

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

What is an AI SOC Analyst? Learn how Torq Socrates drives the autonomous SOC.

Insights MSSP

4 MSSP Trends: Differentiate Your Business with CTEM, AI SOC, and More

By Torq

October 1, 2024

7 Minute Read

MSSPs have huge potential for growth as more and more companies turn to experts to outsource their cybersecurity. Tailwinds such as escalating cyber threats, the need to protect more customer data than ever before, and growing compliance requirements are driving the managed security services market’s growth at a compound annual growth rate of 15.4% from 2023 to 2030.

But competition is fierce in a market crowded with thousands of MSSPs — and the landscape is constantly evolving in response to seismic shifts like the rise of AI.

How do you stand out from the MSSP crowd while adapting to major changes? Below we break down four key trends forward-thinking MSSPs are capitalizing on to differentiate their business and win.

MSSP Trend #1: Budgets are Shifting to More Proactive Security Solutions

In 2024, over 70% of businesses increased spending on proactive security solutions, outstripping spending in preventative and reactive measures.^[1] It’s pretty easy to see why: a proactive approach helps organizations get ahead of threats before vulnerabilities can be exploited — rather than constantly dealing with the fallout from attacks that have already happened.

Proactively identifying and remediating exposures can lower the overall security workload over time while decreasing the likelihood of downtime, data breaches, lost productivity, and lost revenue from attacks. To win business amidst this spending shift, MSSPs need to evolve their approach, services, and messaging towards a proactive stance.

Why this is great for MSSPs: Not only are clients increasingly looking for proactive security solutions, adopting a proactive posture also makes a better business case for MSSPs.

It’s difficult to attach clear ROI to a reactive, defensive stance because lack of failure is hard to quantify. Flipping the script to an offense-oriented, proactive posture enables more tangible measurement of harm mitigation and risk reduction. This helps MSSPs make a stronger business case to clients, and in turn, helps their clients demonstrate effective results to their own leadership when justifying budget allocation for security investments.

MSSP Trend #2: CTEM Brings Opportunity to MSSPs Through Prioritized Threat Remediation

A proactive approach to security must be implemented programmatically in order to succeed. Gartner, Inc. introduced the concept of Continuous Threat Exposure Management (CTEM) as a new methodology for security teams to reduce future exposure amidst a dynamically shifting threat landscape.

Not every vulnerability is created equal — a key component of CTEM is to prioritize vulnerabilities based on urgency, exploitability, and potential impact on the business.

According to Gartner, Inc., by 2026, organizations that prioritize their security investments based on a continuous exposure management program will be 3x less likely to suffer a breach.

Why this helps MSSPs differentiate: A prioritized approach to threat remediation recommendations enables clients to focus their resources where they will have the most impact: critical vulnerabilities. This efficiently maximizes risk reduction — and helps MSSPs redefine their role as strategic partners, rather than just service providers.

Strategic recommendations also help MSSPs improve collaboration with clients’ internal teams when remediation actions are needed. Rather than lobbing an unmanageable barrage of issues that need fixing over the fence to a client’s overwhelmed IT teams, providing high-priority recommendations alongside justification for why the remediation matters to the business will enable client teams to more effectively address their most urgent vulnerabilities.

MSSP Trend #3: SOAR is Out — and Hyperautomation is Maximizing MSSP Margins

A proactive, programmatic security strategy requires a robust tech stack that streamlines processes and empowers human experts. For MSSPs, Security Orchestration Automation and Response (SOAR) was supposed to be the silver bullet to help them automate operations at scale. However, SOAR’s monolithic architecture and reliance on proprietary connectors failed to deliver even the most basic functionality required to effectively automate security operations — and it’s left MSSPs locked-in to a rigid vendor stack, unable to scale, and bleeding margins.

Enter Hyperautomation. Cloud-native, built for multi-tenancy, and with limitless security integrations and automations, the Torq Hyperautomation platform is changing the game for MSSPs. Hyperautomation:

Offloads repetitive tasks by instantly automating any security process using thousands of pre-built integration steps and AI-generated workflows.
Frees up MSSP teams to focus on high-value work by proactively identifying threats, prioritizing investigations, and only elevating cases to the appropriate analyst when human-in-the-loop intervention is needed.
Onboards new clients in minutes and reduces onboarding costs by securely sharing workflows across environments.
Seamlessly integrates with every tool in your clients’ existing security stack.

Why this matters to MSSPs: The supercharged efficiency gains from Hyperautomation means your MSSP can do more, faster — without increasing headcount. This translates to reduce customer acquisition costs, boosted margins, faster-time-to-value, and improved SLAs. Sounds like a win-win-win-win.

The latest MSSP trend? Ditching SOAR for Hyperautomation. Get the Managed Services Manifesto to learn why SOAR is dead.

MSSP Trend #4: AI-Powered SOCs are Rapidly Becoming the Future of Security Operations

MSSP SOCs are under siege from a tsunami of threats growing in severity and complexity, exacerbated by an ongoing talent shortage. Security analysts can only address half of the alerts they’re assigned each day, and nearly half say average detection and response time has increased within the past two years,^[2] impacting MSSPs’ ability to meet SLAs. This can lead to penalties, customer churn, and reputational damage.

AI has radically changed the security world — and it’s key to helping MSSP SOCs beat burnout and stay ahead of evolving threats. Leveraging AI in security operations is not about replacing analyst jobs, but rather augmenting and upleveling existing staff so they can make informed decisions faster without being bogged down by low-level alerts.

With Torq, MSSPs harness the power of AI through:

Socrates, the AI SOC Analyst: Socrates can autonomously execute SOC-defined runbooks written in natural language, auto-remediating 95% of cases within minutes. For critical cases, your human analysts can collaborate with Socrates using natural language to summarize case details, request additional information, and trigger complex remediation workflows — upleveling the capabilities of your team and speeding up response times across the board.
AI Workflow Builder: Create custom security automation in seconds by describing your needs in simple, natural language, then previewing and customizing the results — no code required.
AI Case Summaries: Rather than manually slogging through pages of logs and incident details, Torq automatically presents your team with a concise, insightful summary of each case, surfacing critical insights and recommendations so your team can make the right decisions quickly.

Why this helps MSSPs: By automating workflows, speeding up processes, enriching and summarizing cases, and augmenting human expertise, Torq helps MSSP SOC teams achieve machine speed response and start building an autonomous SOC. This results in a faster MTTR to better serve customers — improving their satisfaction and retention.

Not only that, an AI-powered SOC helps eliminate alert fatigue and analyst burnout so your team has the bandwidth to focus on the bigger picture: strategically securing your clients’ organizations.

“We are impressed by how [Torq’s] AI augmentation capabilities empower [SOC] staff members to be much more proactive about fortifying the security perimeter.”

IDC HyperSOC™ Spotlight Report

Unlock Growth and Differentiation: The Power of Proactive, AI-Enhanced Security

Proactiveness, prioritization, Hyperautomation, and AI are the future of security operations — and the keys to MSSP evolution and success. Adopting these now will help you stand out, better serve customers, hold on to your best talent, and boost your margins.

Explore how Torq is helping MSSPs get ahead of the curve and win.

Sources:

Security Magazine, More than 70% of companies increased spending on proactive security, June 2024
Morning Consult and IBM, Global Security Operations Center Study Results, March 2023

Squish the Phish: 6 Automated Phishing Response Strategies

What is Hyperautomation’s role in phishing defense?

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

SecOps automation eliminates manual security tasks, reduces alert fatigue, and empowers lean teams.

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

What is an AI SOC Analyst? Learn how Torq Socrates drives the autonomous SOC.

Hyperautomation

8 Benefits of Using Hyperautomation

By Dallas Young

September 30, 2024

4 Minute Read

Security Orchestration, Automation, and Response (SOAR) was never built for hybrid cloud adoption at enterprise scale. Legacy SOAR’s complexity, critical operational holes, and technical limitations make it the fatal flaw sinking your organization’s ship. Hyperautomation addresses these challenges with scalable, AI-driven orchestration that enhances security posture while reducing operational overhead.

If your SOC is still relying on legacy SOAR, here are eight Hyperautomation benefits that show why it’s time to switch — today.

What is Hyperautomation?

First things first, what is Hyperautomation? Security Hyperautomation combines AI-driven automation, orchestration, and advanced analytics, enabling your security teams to manage complex workflows across multiple platforms autonomously.

Unlike traditional automation methods, Hyperautomation integrates seamlessly with existing security stacks and business processes, enhancing your team’s ability to respond effectively to evolving threats.

8 Hyperautomation Benefits That Deliver

1. Ease of Use and Simplicity

One of the top benefits of Hyperautomation is accessibility. With Torq, anyone on your security team, not just developers, can create powerful workflows in minutes with never-seen-before efficiency. Thanks to its drag-and-drop interface, the solution is powerful enough to handle the most complex threat responses yet easy enough to deploy. Unlike legacy SOAR solutions, multiple teams can eliminate repetitive security tasks with automations that can be created in minutes.

2. Enterprise-Grade Security Architecture

Torq’s Hyperautomation platform is built for scale. Built on cloud-native, zero-trust principles, Hyperautomation ensures extensive security at scale. For example, Torq delivers immutable activity logs, granular role-based access controls, and strict adherence to compliance, addressing critical operational gaps common in legacy SOAR solutions.

3. Measurable ROI and Cost Savings

With dashboards like Torq Insights, security leaders can track real-time gains in productivity, cost savings, and incident resolution times. Many teams see a 10X+ efficiency boost within weeks, as Hyperautomation eliminates repetitive tasks and accelerates key metrics like MTTR and case closure rates.

4. Intelligent Case Management

Another key benefit of Hyperautomation is that it autonomously orchestrates the analysis and remediation of security cases. Rather than manually managing a security case’s progress, Hyperautomation workflows can be triggered by case-specific actions.

When a case severity changes or a new observable is added, Hyperautomation moves the case forward by intelligently adjusting the priority, assigning the appropriate field of ownership, or even beginning the remediation process. This accelerates the detection, analysis, and response of security issues, freeing up significant analyst time to focus on strategic activities.

5. Lower Services Overhead

Unlike traditional SOAR solutions, Hyperautomation platforms don’t need costly professional services to write complex Python scripts that bend rigid pre-built connectors or inflexible use case playbooks.

Torq’s advanced agentic AI capabilities provide guided coding expertise across scripting languages such as SSH, PowerShell, SQL, Python, BASH, Kubernetes, AWS, GCP, Azure CLI, and more. This eliminates the need for any level of coding experience or unexpected expenses from third-party consultants. Achieve your automation goals quickly and efficiently without hidden charges.

6. Secure Connectivity

Hyperautomation eliminates the need for risky firewall modifications or VPN setups. With Torq’s zero-trust containerized agents, outbound-only connections securely integrate your on-premise infrastructure, maintaining security posture across any variation of cloud, hybrid, or on-premise environments.

7. Integrate Anything. Automate Everything.

Automate virtually any task or use case across any solution in your security stack with Hyperautomation’s agentic AI-driven workflow-building experience. Simply describe a workflow, use case, or outcome using natural language to guide Torq’s AI agents as it implements workflows to secure your organization faster than ever before. Or leverage Torq’s library of thousands of pre-built integrations, steps, templates, and AI prompts to inspire your next Hyperautomated security use case.

8. Extensibility Across the Organization

With Hyperautomation, you can empower your organization beyond security by connecting to collaboration, communication, and infrastructure applications — and more. Torq’s near-limitless connectivity enables security teams to interact with non-security employees, streamlining just-in-time access, information gathering, and incident response.

SOAR Is Dead — and Hyperautomation Is the Answer

SOAR promised automation but delivered frustration. It’s slow, complex, and fundamentally not built for modern cybersecurity needs. Security Hyperautomation is the next evolution and the benefits are clear: faster to deploy, easier to scale, and purpose-built for the cloud-native, AI-driven SOC.

Don’t let legacy tools hold your team back. Start realizing the full value of AI-powered automation.

The Kill Your SOAR Guide has all the details on how to migrate from legacy SOAR to Torq.

Get the Guide

Squish the Phish: 6 Automated Phishing Response Strategies

What is Hyperautomation’s role in phishing defense?

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

SecOps automation eliminates manual security tasks, reduces alert fatigue, and empowers lean teams.

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

What is an AI SOC Analyst? Learn how Torq Socrates drives the autonomous SOC.

Insights News

Accelerating Torq’s Vision: Announcing Our Series C Funding Round

By Ofer Smadari, CEO

September 24, 2024

4 Minute Read

I’m excited to share some significant news that marks a pivotal milestone in Torq’s journey. We’ve successfully closed our Series C funding round, securing a $70M investment to propel our mission of revolutionizing SecOps through the Generative AI-based Torq Hyperautomation Platform and cutting-edge Torq HyperSOC solution.

A Journey Fueled by Innovation

When we launched Torq three years ago, our vision was clear: To transform SOC automation and operation teams with solutions that not only defend against sophisticated threats, but also streamline and hyperautomate SecOps at the largest global enterprises. During the past three years, our dedicated team has worked tirelessly to build the Torq Hyperautomation Platform which seamlessly integrates with any existing infrastructure and security tool, providing the unparalleled ability to instantly and precisely remediate security events, and orchestrate complex security processes at scale.

This funding round is more than just a financial boost. It reflects the confidence of our investors and the strength of our technology. We’re thrilled to continue pushing the boundaries of what’s possible in cybersecurity, particularly with a focus on Hyperautomation.

Doubling Down on Generative AI

A key highlight of this funding round is our commitment to double down on Generative AI. We recognize that Generative AI has transformative potential in enhancing cybersecurity. By integrating these advanced technologies into our platform, we aim to provide even more sophisticated threat detection, response automation, and predictive capabilities.

Generative AI will empower our systems to analyze vast amounts of data and generate actionable insights in real-time. This will not only improve the accuracy and efficiency of SecOps, but also enable our customers to stay ahead of adversaries with cutting-edge defensive measures.

What Series C Means for Us and Our Customers

Series C will accelerate our growth in several key areas:

Innovation and R&D: We’ll invest heavily in R&D to enhance our platform’s capabilities, ensuring we stay ahead of emerging threats and provide our customers with state-of-the-art solutions.
Expansion of Our Talent Pool: To drive our vision forward, we need the best minds in the industry. This funding will allow us to expand our team and bring in experts who are as passionate about cybersecurity and Hyperautomation as we are.
Market Penetration and Customer Growth: With this capital, we’ll accelerate our go-to-market strategy and scale our operations to reach more businesses and organizations globally. Our commitment to innovation has already attracted a rapidly growing customer base, and we are excited to extend our reach even further. New and existing customers will benefit from enhanced features, faster deployment, and robust security measures designed to meet their evolving needs.
Customer Success and Support: We’re dedicated to providing exceptional products and ensuring our customers have the support they need to maximize their investment in our technology. This funding will help us enhance our customer success programs and provide top-tier support to our growing client base.

Value for Our Growing Customer Base

Our expanding customer base is clear validation of our approach and the value we deliver. For our existing customers, this funding means we can continue to enhance and refine our platform, offering sophisticated tools and capabilities to keep their operations secure. For new customers, it represents an opportunity to leverage our state-of-the-art technology from a company committed to pushing the boundaries of cybersecurity and automation.

A Thank You to Our Partners and Team

This achievement would not have been possible without the unwavering support of our investors, partners, and incredible employees. Your collective belief in our vision and dedication to our mission have been instrumental in getting us to where we are today.

Looking Ahead

As we move forward, our commitment to innovation and excellence remains steadfast. We’re excited about the possibilities ahead and are more determined than ever to lead the way in cybersecurity and Hyperautomation. Together, we will continue to build a safer, more resilient digital world.

Thank you for your continued support and trust in us. Here’s to the next chapter of our journey!

Squish the Phish: 6 Automated Phishing Response Strategies

What is Hyperautomation’s role in phishing defense?

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

SecOps automation eliminates manual security tasks, reduces alert fatigue, and empowers lean teams.

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

What is an AI SOC Analyst? Learn how Torq Socrates drives the autonomous SOC.

Contents

The Importance of Runbooks in Security Operations

The Need for AI Guardrails in Runbook Automation

Collaborative Planning: Aligning AI and Analysts

1. Planning Phase

2. Execution Phase

Strengthening Security Through Transparent AI Collaboration

Related Articles

Squish the Phish: 6 Automated Phishing Response Strategies

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

Contents

Why Data Transformation is Crucial

How AI Data Transformation Helps Security Teams

Get Started

Example Prompts

Related Articles

What’s New With Torq: November 2024

Build Security Workflows in Seconds with AI Workflow Builder

Building Trust in AI: Structured, Evidence-Backed Summaries for Seamless SOC Shift Transfers

Contents

AI Workflow Builder: Build Workflows in Seconds

Case Management: Accelerating Analysts and Team Leads

Interact: Bridge the Gap Between Security and Business

Additional Enhancements

Related Articles

What’s New With Torq: September 2024

Build Security Workflows in Seconds with AI Workflow Builder

Building Trust in AI: Structured, Evidence-Backed Summaries for Seamless SOC Shift Transfers

Contents

What is an Autonomous Security Operations Center (SOC)?

Torq is the Only Hyperautomation Vendor Listed in GigaOm’s Autonomous SOC Report

Leveraging AI to Drive SOC Autonomy

The Sole Winner: Torq’s Unique Position

Related Articles

Squish the Phish: 6 Automated Phishing Response Strategies

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

Contents

1. Intelligently Prioritized Cases

2. Smarter Human-in-the-Loop Remediation

3. Automated Case Documentation and Admin Work

Why AI Agents Are the Future of AI in SOC Workflows

Related Articles

Squish the Phish: 6 Automated Phishing Response Strategies

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

Contents

What Is SOC Alert Fatigue?

What’s Fueling SOC Alert Fatigue?

The Number One Cause of Alert Fatigue: Legacy SOAR

The Cost of Alert Fatigue

How Torq HyperSOC Uses Agentic AI to Fix Fatigue

Legacy SOAR vs. Torq HyperSOC™: Solving Alert Fatigue

Related Articles

Squish the Phish: 6 Automated Phishing Response Strategies

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

Contents

The Challenge of Relying on Naive Summarizations in SOC Shift Handovers

The Torq Standard: Structured, Evidence-Backed Summaries

Strengthening Your SOC with Trustworthy AI

Related Articles

Squish the Phish: 6 Automated Phishing Response Strategies

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

Contents

MSSP Trend #1: Budgets are Shifting to More Proactive Security Solutions

MSSP Trend #2: CTEM Brings Opportunity to MSSPs Through Prioritized Threat Remediation

MSSP Trend #3: SOAR is Out — and Hyperautomation is Maximizing MSSP Margins

MSSP Trend #4: AI-Powered SOCs are Rapidly Becoming the Future of Security Operations

Unlock Growth and Differentiation: The Power of Proactive, AI-Enhanced Security

Related Articles

Squish the Phish: 6 Automated Phishing Response Strategies

SecOps Automation: How Lean Teams Can Achieve Enterprise-Level Security

The AI SOC Analyst That Offloads 90%+ of Tier-1 Cases — Meet Socrates

Contents

What is Hyperautomation?

8 Hyperautomation Benefits That Deliver

1. Ease of Use and Simplicity