Product Use Cases

Five Ways to Automate Threat Hunting in Your SOC

By Torq
August 8, 2024
4 Minute Read

Modern threats don’t come crashing through the front door — they slip quietly through gaps in the side of your house that your legacy tools don’t even know exist. Automated threat hunting is how you find threats before they find your sensitive data. 

Automated Threat Hunting Overview

Automated threat hunting uses rule-based logic, AI, automation, and real-time telemetry to identify suspicious behaviors across your environment. While manual threat hunting is resource-intensive and dependent on expertise, automation levels the playing field. 

With Hyperautomation tools, security teams can automate detection queries, enrich findings with threat intelligence, trigger searches across systems, and initiate immediate responses.

Automated threat hunting enables your SOC to:

  • Continuously monitor and detect threats at scale
  • Investigate faster and cut root cause analysis time in half
  • Shrink time from detection to response (MTTR)
  • Apply proven threat hunting strategies automatically
  • Handle multiple threat hunting sessions simultaneously
  • Give your analysts time back

What is automated threat hunting?

Automated threat hunting is the practice of using automation and AI to continuously search for hidden threats across an organization’s environment. Unlike traditional reactive monitoring, threat hunting is proactive, and when automated, it removes the bottlenecks of manual investigation, helping decrease a potential threat’s “exposure window”.

Let’s break down five ways to automate threat hunting in your SOC.

1. Automate EDR, XDR, SIEM, and Anomaly Detection Queries

Your stack is loaded with tools. Torq seamlessly integrates your stack to make them work together. When EDR, XDR, SIEM, and anomaly detection platforms are paired with automation, these tools can detect threats and act on them.

With threat hunting automation, you can: 

  • Trigger a SIEM alert to automatically query EDR logs
  • Parse XDR telemetry to extract IOCs and enrich investigations
  • Respond to anomaly detection with distributed searches across email, cloud, identity, and endpoint logs

2. Share and Standardize Threat Hunting Templates 

Every SOC team uses custom automation templates, which are shared with team members to ensure the most efficient threat hunting workflows. These threat hunting templates serve as playbooks for automating investigations received from the SIEM/EDR/XDR queries.

Teams can:

  • Standardize how alerts are prioritized and triaged
  • Automatically detonate suspicious files in sandboxes
  • Use natural language prompts to build or modify workflows

This makes threat hunting more accessible, scalable, and consistent. Now, even junior analysts can execute expert-level investigations.

3. Trigger Search Processes With Workflows

Manual searching is slow. Automated workflows can activate search processes across various systems to identify further events and evidence. 

These workflows can:

  • Trigger endpoint and log searches across EDR, MDM, and SIEM platforms
  • Perform cross-system correlation to identify lateral movement
  • Enrich alert data using threat intelligence and vulnerability scanners

This reduces the time analysts spend manually digging through data, allowing them to focus on high-value tasks.

4. Use Playbooks for Automated Incident Response

Threat hunting without response is just research. Turn detection into action with instant, automated incident response.

Build workflows to:

  • Isolate compromised systems
  • Revoke access or reset credentials
  • Trigger notification workflows to stakeholders
  • Update case management systems

5. Automate Threat Remediation

Once a threat is confirmed, it’s go time. Depending on the threat, workflows may automate remediation by:

  • Quarantining compromised files using EDR
  • Removing malware from cloud storage or inboxes
  • Blocking malicious IPs and updating firewall rules
  • Rolling back affected systems from backups

Automated Threat Hunting with Torq

With Torq, threat hunting can be fully automated with our AI-driven Hyperautomation platform. Here’s how we do it: 

  • Automated Case Management: Torq Hyperautomates case management by automatically creating, updating, and managing cases in response to incoming alerts. High-fidelity signals get prioritized instantly, and cases are enriched in real-time with contextual data from across your stack. 
  • Observables: Observables like IPs, hashes, URLs, and domains are more than just data points. They’re trackable objects tied directly to cases and alerts, fully compliant with OCSF standards. This lets security teams link activity across seemingly unrelated investigations and surface patterns faster than ever before.
  • Relationship Tracking: Torq’s platform allows security teams to implement correlation, enrichment, and contextualization logics in their workflows, leveraging the relationships between observables, cases, and alerts. This helps security analysts identify patterns and uncover hidden threats.

As cyberattacks grow more advanced, real-time visibility and rapid response aren’t optional — they’re essential. Automated threat hunting enables SecOps teams to stay proactive, reduce alert overload, and handle complex multi-vector attacks faster.

Torq gives security professionals the automation edge they need to hunt smarter, not harder. See how Torq can elevate your automated threat hunting strategy today.

Get a Demo
Share

Related Articles

News

Black Hat 2024: Torq Takes Over Vegas

By Torq
August 7, 2024
3 Minute Read

Our Arrival: Black Hat 2024

Subtlety has never been our specialty. Our arrival in Las Vegas for Black Hat 2024 had the city abuzz with excitement as our HyperTrucks blazed through the street, broadcasting that “SOAR is dead.” Our team traveled from across the globe, and converged to make this event unforgettable. We were not just attending; we were here to revolutionize how security operations are perceived and executed.

Torq HyperSOC™: The Demo that Broke Black Hat

Torq HyperSOC™ was undeniably the star of the show. Our demo booths were consistently surrounded by security teams waiting for their turn to witness the groundbreaking capabilities of our latest solution. The reactions were phenomenal—visitors were blown away by the efficiency and innovation that Torq HyperSOC™ brings to the table. The non-stop lines at our demo stations were a testament to the immense interest and excitement generated by our cutting-edge technology. 

“I’ve never seen anything like it in 20-something years of doing this.”

Mick Leach, Field CISO at Abnormal Security

Torq for Good

To raise awareness of the cyber skills gap and to encourage the next generation of young professionals to consider a career in cybersecurity, we committed to donate $10 for every person who visited our booth to Tech Queen Elite Training Institute. They caught our eye as a local Vegas non-profit organization that trains students in coding, business communication skills, and digital marketing technologies. We are also donating a pair of premium socks for every visitor to our booth via the Communities In Schools, Nevada organization. This donation is designed to inform kids about the value of a SOC career while also providing them with a useful back-to-school item. Communities In Schools is the nation’s leading dropout prevention organization. Its mission is to assess needs and deliver resources that remove barriers to success. It supports more than 100,000 students at 110 schools. 

Hyperautomation™ Reaches New Heights

Our booth at Black Hat 2024 was not just a display; it was an experience. The buzz and energy were palpable, with attendees continually stopping by to see what the excitement was all about. We made it loud and clear that “SOAR is Dead,” and the hundreds of security professionals we spoke to agreed.

Torq, Out. 

Black Hat 2024 was a monumental success for Torq, as we showcased our commitment to pushing the boundaries of cybersecurity and automation. Stay tuned for more exciting updates and innovations from our team – and be sure to catch us back in Vegas next month for Fal.Con.

Share

Related Articles

News

Torq Delivers SOC(ks) for the Community

By Torq
July 25, 2024
3 Minute Read

Torq Gives Back and Supports the Next Generation of Cyber Talent

For the second year in a row, Torq is pleased to make donations to charities that invest in supporting the next generation of young professionals and encourage them to consider STEM-related career paths. 

Torq will be at Black Hat, one of the cybersecurity industry’s leading trade shows, August 6-8 at Mandalay Bay, Las Vegas. We’ll be exhibiting Torq Hyperautomation at our booth, including the AI-driven Torq HyperSOC, a purpose-built solution that automates, manages, and monitors critical SOC (Security Operations Center) responses at machine speed. This innovation has been game-changing for tech workers in the SOC and is helping alleviate the cybersecurity skills gap that’s leading to global labor shortages and burnout.

To raise awareness of the cyber skills gap and to encourage the next generation of young professionals to consider a career in cybersecurity, Torq will donate $10 for every person that visits its booth (#960) to Tech Queen Elite Training Institute. It’s a non-profit organization dedicated to training students in coding, business communication skills, and digital marketing technologies. Tech Queen Elite Training Institute helps eliminate barriers so students can earn globally-recognized credentials and become gainfully employed, in fields that include cybersecurity and AI.

“We’re grateful to Torq for making such a generous investment in the career paths of Tech Queen Elite Training Institute students,” said Dr. Duana Malone, Founder of Tech Queen Elite Training Institute. “Our goal is to ensure every student we work with has an opportunity to devote themselves to meaningful skills development that enables them to elevate their future potential, as well as their community at large. Torq’s donation will make a real difference for many students in Nevada.”

In addition, for every visitor to our Black Hat booth, Torq will donate a pair of premium socks to local kids in need via the Communities In Schools, Nevada organization. This donation is designed to inform kids about the value of a SOC career, while also providing them with a useful back-to-school item. Communities In Schools is the nation’s leading dropout prevention organization. Its mission is to assess needs and deliver resources that remove barriers to success. It supports more than 100,000 students at 110 schools. 

“Communities In Schools, Nevada, is very happy to have Torq contribute to the back-to-school packages we’re providing our students this year,” said Hayden Havon, Events Coordinator, Communities In Schools, Nevada. “Together with our other partners, Torq is helping ensure kids have the essentials they need to get up and running for their 2024-2025 academic sessions.”

“Every employee at Torq worldwide is proud to help make a positive impact in the communities in which we do business,” said Ofer Smadari, CEO, Torq. “We’re very happy to contribute to the wellbeing of students and for them to be exposed to the possibilities of cybersecurity as a fulfilling and valuable career option for the future. All of us are incredibly impressed by Tech Queen Elite Training Institute and Communities In Schools, Nevada, and we encourage others to also step forward and support their amazing work.”

Share

Related Articles

Customers Use Cases

Three-Time Torq Hyperautomation™ Customer Achieves Unparalleled Productivity and Efficiency

By Torq
July 24, 2024
3 Minute Read

The following is from a conversation between Torq and Kevin Rickard, VP of IT and Security at Jobcase, Inc. Jobcase is an online community dedicated to guiding and advocating for the world’s workers. Read on to learn how Kevin and his team have used Torq Hyperautomation to automate many security workflows.

From Torq Customer to Hyperautomation Enthusiast

Kevin Rickard is not just a repeat customer of Torq; he’s a three-time advocate for the transformative power of Torq Hyperautomation. What keeps him coming back? The exceptional quality of Torq’s pre-and post-sales support.

“The folks at Torq have been top-tier, and their expertise and support have made a world of difference,” Kevin shared. Compared to other SOAR products, Torq Hyperautomation stands out, offering unmatched agility and productivity. Kevin and his team at Jobcase have been able to deploy use cases within hours—something they hadn’t achieved with other solutions.

“Nothing compares to the agility and productivity I’ve achieved with Torq Hyperautomation.”

Kevin Rickard, VP of IT and Security at Jobcase, Inc.

Seamless Collaboration with the Torq Team

Jobcase’s collaboration with the Torq team has been both productive and ROI-driven. From the outset, Torq has been deeply engaged with the team, providing initial drafts for Jobcase’s workflows and demonstrating a deep understanding of their needs and processes. This personalized support has been instrumental in optimizing their security operations.

Top Hyperautomation Use Cases at Jobcase

Kevin’s team has found Torq particularly useful for a variety of IT and security processes, both large and small. One standout area is phishing analysis. With Torq Hyperautomation, they can quickly identify phishing threats and significantly reduce the alert fatigue caused by false positives. Additionally, automating employee onboarding and offboarding has improved operational efficiency and satisfaction among internal customers by eliminating many manual tasks.

With Torq Hyperautomation, Jobcase has streamlined workflows through Slack messages, automating everything from user welcome emails to complete enrollment processes. This automation has saved valuable time, eliminated repetitive tasks, and streamlined processes, allowing the team to allocate their efforts to more impactful and strategic initiatives.

How Torq Hyperautomation is Different from SOAR Offerings

Kevin’s experience with multiple SOAR platforms underscores the unique advantages of Torq Hyperautomation. Unlike traditional SOAR platforms, which often require extensive experience and substantial time investments, Torq’s ease of use and rapid deployment capabilities are game-changers. Teams can go from development to full production in just days.

Moreover, previous SOAR solutions often fell short in their tiered support structures, sometimes necessitating additional financial investments for adequate assistance. Torq, on the other hand, provides a seamless and supportive user experience, ensuring rapid and efficient operationalization of security workflows without extra costs.

In summary, Torq Hyperautomation has revolutionized how Jobcase manages its security workflows, driving unprecedented productivity and efficiency. Kevin Rickard’s continued reliance on Torq is a testament to its superior capabilities and exceptional support.Want to learn more about Torq Hyperautomation? Get a demo.

Watch the Full Interview

Share

Related Articles

Hyperautomation MSSP

The 5 Hidden Costs of SOAR for MSSPs

By Torq
July 22, 2024
3 Minute Read

SOAR is yet another set of cybersecurity tools and technologies that’s exciting to talk about, looks good on paper, but is fraught with financial difficulties for MSSPs seeking to deliver an outsourced security solution that maintains a healthy ROI.

Costs lurk around every corner – from response and resolution penalties, to the operational headaches caused by legacy infrastructure, and the unspoken need to go above and beyond the call of duty in order to facilitate continuous improvement across an outsourced security stack.

90% of security professionals claim SOAR solutions require significant investment to fulfill a baseline set of outsourced security obligations.

Change is here.

Torq automates 100% of SOAR workflows, and allows MSSPs to work smarter with the resources at hand, by providing scalable hyperautomation that eliminates the need for button-bashing resolutions to common cybersecurity problems

Let’s lift the veil and explore some of the hidden costs involved with implementing and maintaining a SOAR solution.

1. SLA Adherence

SOAR contracts revolve around an MSSP’s ability to effectively triage, investigate and remediate organizational security events. Granular SLAs take into account each individual alert, ensuring that MSSPs are held financially accountable for the promises they make during the pre-sales process.

To minimize costly service penalties, resolution time is king. From onboarding through to service provision, and incident resolution, hyperautomation improves completion time for manual tasks, triages events the moment they occur, and manages security incidents so that teams are able to stay one step ahead of contractual target times.

2. Legacy Security Environments

MSSPs are faced with an earnest demand from their customer base to consult on the removal or optimization of incumbent security technology that is out of date, ineffective, and represents a high risk to end user organizations.

Constructing a scalable differentiated service that replaces legacy architecture – across multi cloud, on-premise, and hybrid setups – is often impossible to adequately cost, and leads to scope creep, and a suboptimal onboarding experience.

3. Complex Integration Requirements (Legacy Systems)

The recent explosion in SAAS security product adoption, and the ever increasing number of data sources available that feed into contemporary TDIR workflows, means that MSSPs are often hamstrung in their ability to deliver baseline SOAR operations across a global client base.

Torq Hyperautomation allows you to connect to anything and everything, using  native platform integrations, no-code to full-code customization, and container-based integrations that level-up an organization’s use of internal and external security platforms.

4. Alert Volumes

Throwing additional resources at an alert queue eats into an MSSPs ROI, and creates an operational environment that relies on constant manual intervention to remain effective.

Torq automates over 90% of low-level SOAR operations – including Tier-1 alert management – significantly reducing the time and labor costs associated with threat management. This enhancement in service delivery efficiency directly improves the gross margin for MSSPs.

5. Ongoing Optimization

Organizations demand continual improvement across threat detection and incident response routines, over and above an MSSPs standard obligations as an outsourced provider, including a single common detection layer to rely on.

Customers expect a curated and optimized SOAR environment that places significant financial and operational demand upon MSSPs responsible for delivering a streamlined, automated security service.

Torq Hyperautomation allows you to stay one step ahead of operational requirements, and construct solutions that facilitate ongoing optimization between multiple security workflows, without the need for costly periodic evaluations.

SOAR isn’t working…

MSSPs deserve better than reactive, pre-built SOAR solutions that are far from solution-centric and don’t deliver on ROI. Hyperautomation is here to stay. Make the change now and realize immediate cost savings.

Share

Related Articles

Customers Hyperautomation MSSP

Leading MSSP Increases Service Delivery with Hyperautomation

By Torq
July 19, 2024
2 Minute Read

The following is from a conversation between Torq and Brian Brown, CISO at Solis. Solis delivers best-in-class managed cybersecurity services and incident response to small businesses around the world. Read on to learn how Brian and his team have used Torq Hyperautomation to exponentially increase the number of workflows running to prevent and respond to cyber threats.

Introduction to Solis

Solis is a full-spectrum MSSP and DFIR company. It has been in business for over 20 years and serves a range of customers from SMBs to enterprises, with a core focus on small- to medium-sized businesses. 

“I consider Torq’s automation format to be best in class from everything we’ve evaluated in the market.” – Brian Brown, CISO at Solis

The Benefits of Hyperautomation for MSSPs

Solis has experienced multiple benefits since adopting Torq Hyperautomation. Efficiency and agility (without sacrificing security) are crucial to delivering the service they promise to their customers, as managing the security practices of multiple clients simultaneously comes with a great deal of responsibility. 

The team has evaluated many automation options in the market, and they’ve come to consider Torq’s automation format to be the best in class. Solis cited the integration support and the speed at which development happens within Torq as “amazing.” 

“Having an assigned Sales Engineer, having an assigned team, and having ready access to them, all while having them understand the product from top to bottom, has been absolutely critical to the speed we’re trying to deploy this,” Brown added. “Additionally, having the Torq team available to answer our questions at any time has been extremely valuable. Outside of the technology being best in class, the service and support has been what has really pushed Solis forward.”

Experience Using Torq Hyperautomation

Solis has been pleasantly surprised at how quickly they have developed and deployed over 273 workspaces and over 5,823 workflows. Using Torq gave Solis the efficiency to build out automations that are consistent between workspaces as needed and the flexibility to fully customize those same workflows for each client’s environments and requirements. “The speed in which our automations run and the security around isolating those workspaces has been advantageous for us as well,” Brown commented. 

Want to learn more about Torq Hyperautomation? Get a demo.

Watch the Full Interview

Share

Related Articles

Hyperautomation MSSP

Why the World’s Top MSSPs are Ditching Legacy SOAR for Hyperautomation

By Torq
July 16, 2024
5 Minute Read

Managed Security Service Providers (MSSPs), desperate to automate repetitive tasks, initially turned to SOAR to reduce their workload and improve threat response times. Unfortunately, legacy SOAR tools still face scalability, flexibility, and integration challenges. As the complexity and volume of cyber threats continue to grow, the limitations of legacy SOAR have become more apparent, necessitating the move towards more advanced automation technologies like Torq Hyperautomation. Unfortunately, MSSPs that continue to rely on legacy SOAR solutions to manage security orchestration and automation across a broad customer base are destined to find themselves on a collision course barrelling towards the worst fate that the internet has to offer any business in 2024. They are going to get “memed”

Scalability Issues – SOAR Chokes Under Pressure

One of the significant challenges with legacy SOAR is its inability to handle large volumes of events efficiently. When there is a substantial influx of security alerts, the SOAR scheduler often gets overwhelmed, leading to significant delays in event processing. This bottleneck prevents a timely response to potential threats and impacts the overall performance of the SOC. For an MSSP, delayed response time is a massive risk to the security of their customers and can quickly become a detriment to their business’ revenue and overall reputation. The need for a more scalable solution is evident as cyber threats grow in frequency and complexity. This is where Torq Hyperautomation steps in, offering enhanced scalability to manage large volumes of events without compromising speed or efficiency.

Lack of Multitenancy

Legacy SOAR tools often struggle with multitenancy, a simple concept in which one instance serves multiple customers while maintaining separate environments. This design flaw means an issue affecting one customer can cascade to others, causing widespread performance degradation. This is especially problematic for MSSPs as they simultaneously manage multiple customer environments. If a flood of events from one customer overwhelms the system, it can delay responses and degrade performance for other customers using the same playbook. This lack of isolation risks compromising service quality and makes it challenging to guarantee client SLAs. In contrast, solutions like Torq Hyperautomation are built with robust multitenancy capabilities, ensuring performance issues or high event volumes from one customer do not impact others. This isolation is crucial for MSSPs delivering consistent and reliable security services across a diverse client base.

Integration Complexity

Creating custom integrations in legacy SOAR can be labor-intensive, requiring significant effort and maintenance. This complexity is especially evident when dealing with APIs and specific data-handling needs. Organizations must often develop custom integrations to meet their unique requirements, as out-of-the-box options may fall short. This demands substantial development resources and ongoing maintenance to ensure compatibility and performance, increasing costs for MSSPs. More often than not, professional services become necessary to help build these custom integrations, further increasing the SOAR investment while delaying the value returned. By contrast, Torq Hyperautomation simplifies the integration process, offering more flexible and user-friendly options for creating and managing custom integrations. This ease of use reduces the overhead of maintaining custom code and allows security teams to focus more on threat detection and response rather than integration challenges.

High Maintenance Costs

Legacy SOAR products often come with high maintenance costs in terms of time and resources. For example, an organization might use around 25 different playbooks for different services and integrations, each requiring regular updates and optimization. This complexity leads to a significant overhead in management and operational costs. In contrast, Torq Hyperautomation offers a more streamlined approach, reducing the need for intensive maintenance. Its intuitive interface and robust automation capabilities allow for easier management of playbooks and workflows, significantly lowering the time and cost involved in maintaining the system. This makes it a more sustainable and efficient solution for modern cybersecurity needs.

Lack of Customization and Flexibility

One of the critical shortcomings of legacy SOAR is its limited customization and flexibility. These tools often restrict the import of many Python libraries due to security concerns, limiting the ability to create custom functions and workflows. For instance, users can’t import essential libraries like the CrowdStrike Python SDK, hindering their ability to develop tailored solutions for specific tasks. This lack of flexibility forces organizations to rely heavily on pre-defined steps and actions, which may not always align with their unique security requirements. In contrast, Torq Hyperautomation provides a more versatile platform, allowing for easier customization of steps and actions without extensive Python scripting. This enhanced flexibility enables security teams to tailor the system to their specific needs, reducing the overhead of maintaining custom code and improving overall operational efficiency.

Join the World’s Top MSSPs in Ditching Legacy SOAR

For MSSPs, maintaining a positive customer experience and staying ahead of threats requires a robust, adaptable, and scalable toolset. Legacy SOAR tools are increasingly falling short of meeting the complex demands of modern security operations. Torq Hyperautomation addresses these challenges by offering enhanced flexibility, seamless integration, and cost-effective solutions that streamline security workflows and improve response times. This transition bolsters an organization’s cybersecurity posture and ensures that security teams can operate more efficiently and effectively, delivering better outcomes in protecting customer environments.

Ready to join the world’s top MSSPs in ditching Legacy SOAR for Hyperautomation? Get a demo today.

Share

Related Articles

Hyperautomation Insights News

Global SOC Survey Reveals Hope for SecOps Teams As Post-SOAR Hyperautomation Boosts Analyst Retention and Tenure

By Torq
July 3, 2024
4 Minute Read

The SANS 2024 SOC Survey, a comprehensive new Torq-sponsored study, reveals that for the first time in decades, the tenure of SOC and Security Analysts is increasing. They’re choosing to remain at their posts for three-to-five years, up from an average of one-to-three years.

Modern post-SOAR hyperautomation solutions are playing a significant role in alleviating the burdens these cybersecurity pros face. Historically, they’ve been prone to severe, soul-destroying burnout related to dealing with endless manual alert processes, resulting in alert fatigue and a deluge of false positives that create constant, unnecessary fire drills that drain energy and motivation.

The report further states that staffing challenges and automation needs remain a red alert critical issue. The continued lack of skilled staff available further underlines the criticality of SOC pro retention.

SANS surveyed more than 400 cybersecurity pros from across the world, with a focus on security administrators and analysts, security managers and directors, incident responders, and threat hunters. Geographies represented include the US, Canada, Europe, South America, Asia, the Middle East, Australia/New Zealand, and Africa. The survey represents industries including financial services, banking, insurance, government, and high tech. 

Save the Analyst:
Hyperautomation Drives Unprecedented Efficiency

According to the survey, the positive trend 30 percent of respondents are experiencing in retention and employee satisfaction underlines the value of new security automation solutions, such as the AI-driven Torq Hyperautomation Platform. Torq Hyperautomation automates every SOC process at scale, liberating SecOps pros from the manual threat identification and remediation grind. It collects, analyzes, and organizes unprocessed events and signals into contextually-enriched cases in real time. It then intelligently and intuitively orders them according to severity, priority, and field of ownership. Next, it auto-remediates the majority of cases across multiple organizational functions and escalates only the most critical and complex threats for human intervention.

“The positive impact Torq Hyperautomation is having on the productivity, efficiency, and job satisfaction for Citadel’s SOC team is significant,” said Moti Caro, CEO, Citadel. “With Torq Hyperautomation, the vast majority of the thousands of daily threat alerts and signals our team used to handle manually are now automatically and instantly processed, analyzed, identified, and remediated. Our SOC team is now able to place significantly more focus on proactive measures and longer-term strategic projects, with 100% confidence in how Torq Hyperautomation precisely handles threat response.”

“Torq has transformed efficiency for all five of my security teams and enabled them to focus on much more high-value strategic work, instead of manual detection and remediation tasks.” said Yossi Yeshua, CISO, Riskified. “Riskified is a ‘Torq-first’ company that’s seeking to take maximum advantage of its incredible hyperautomation capabilities at every opportunity.”

Boosting SOC Professionals’ Mental Health

The survey reflects a significant shift from January 2024, during which TechTarget assessed that, “Nearly a third of cybersecurity experts say they consider leaving the profession on an occasional (21%) or regular (9%) basis – citing stress associated with the career as the top reason. Coupled with SANS’ previous “It’s Time to Break the SOC Analyst Burnout Cycle” feature that revealed it takes seven months to two years to fill a SOC role, it becomes clear that the mental health benefits of the shift to new security automation approaches pays multiple dividends.

SANS’ findings correlate with another recent perspective on how Torq Hyperautomation alleviates SOC burnout from IDC.

“Every day, IDC is engaged with SOC professionals who communicate the existential challenges they’re facing, both in terms of keeping up with ever-escalating threat complexity and volume, and the incredible burden that places on the shoulders of their teams,” said Chris Kissel, Vice President, Security & Trust Products, IDC Research. “Torq HyperSOC is the first solution we’ve seen that effectively enables SOC professionals to mitigate issues including alert fatigue, false positives, staff burnout, and attrition. We are also impressed by how its AI augmentation capabilities empower these staff members to be much more proactive about fortifying the security perimeter.”

GET THE SURVEY

Torq is making the SANS 2024 SOC Survey available at no charge to qualified cybersecurity professionals. To submit your request for access, please fill out this form.

Share

Related Articles

Insights

Exploring the Future of SOC Automation with Francis Odum

By Torq
June 25, 2024
5 Minute Read

Contents

The future of SOC automation is dynamic and rapidly evolving, promising to revolutionize how security operations centers (SOCs) tackle their most pressing challenges. As cybersecurity threats grow in volume and sophistication, SOC teams are increasingly overwhelmed by alert fatigue, false positives, and a critical shortage of skilled professionals.

We recently sat down with Cybersecurity Researcher and Analyst Francis Odum to discuss his report exploring trends in SOC automation and how Torq HyperSOC™  solves the challenges legacy solutions failed to deliver on. 

The Evolution of SOC Automation

Early Days: Bespoke Scripts

In the early days of SOC automation, bespoke scripts were the primary tools used to streamline security operations. These scripts were often handcrafted by experienced analysts to automate repetitive tasks such as log parsing, alert triaging, and basic threat detection. While these custom scripts provided some level of efficiency, they had significant limitations. They were often brittle, difficult to maintain, and heavily reliant on the expertise of individual analysts who created them. This made scaling automation across the SOC challenging. Moreover, the scripts lacked the intelligence and adaptability to handle the growing complexity and volume of cyber threats. Despite these drawbacks, bespoke scripts laid the groundwork for future advancements in SOC automation, highlighting the potential for automation to alleviate some of the workload from human analysts.

The Rise and Fall of SOAR Platforms

As the limitations of bespoke scripts became apparent, we saw the emergence of Security Orchestration, Automation, and Response (SOAR) platforms. Legacy SOAR platforms were designed to bring a more structured and scalable approach to SOC automation. They integrated various security tools and data sources, enabling automated workflows that could handle complex threat scenarios more effectively. SOAR platforms made hefty promises of increased efficiency and scalability in the SOC. Unfortunately, SOAR’s monolithic, rigid architecture led to a lack of integrations, limited flexibility, and major complexity issues. Today, SOAR solutions are being phased out by SOC teams looking for a more modern, scalable approach to security automation.

Torq HyperSOC™: The First Purpose-Built Hyperautomated SOC Solution

Hyperautomation represents the next frontier in SOC automation, pushing the boundaries of what is possible. Unlike earlier approaches, hyperautomation aims to automate virtually every aspect of SOC operations, from threat detection and response to compliance and reporting. By leveraging AI and machine learning, hyperautomation can continuously learn and adapt to new threats, making SOCs more resilient and proactive. Additionally, hyperautomation platforms can orchestrate complex workflows that involve multiple tools and systems, providing a unified approach to cybersecurity management. As organizations face increasingly sophisticated cyber threats, Torq HyperSOC™ offers a scalable and robust solution, enabling SOCs to operate at peak efficiency while freeing human analysts to focus on more strategic tasks.

What’s Next in SOC Automation

Automating Tier-One Analyst Tasks

Tier-one tasks, such as initial alert triage, data enrichment, and basic investigation, are often repetitive and time-consuming. Analysts can focus on more complex and critical issues by automating these processes. Automation not only speeds up response times but also reduces the chance of human error. Furthermore, it helps maintain high productivity even during high alert volumes, preventing burnout among analysts. Torq HyperSOC™ offers automation capabilities that ensure tier-one tasks are completed swiftly, allowing SOC teams to allocate their resources more strategically. This leads to a more effective security operation, where skilled professionals can focus on tasks that truly require their expertise.

AI Integration: LLMs and Beyond

AI integration has become a cornerstone of modern SOC automation, with large language models (LLMs) leading the way. These advanced AI models can process and analyze vast amounts of textual data, providing deeper insights into threat intelligence and incident reports. LLMs can assist in generating detailed incident summaries, recommending remediation steps, and even automating threat-hunting activities. Other applications of LLMs include unlocking the ability to create new integrations or build out automations using natural language, removing the barrier of entry for analysts who don’t have the necessary coding skills demanded by SOAR connectors and integration builders. Beyond LLMs, AI integration encompasses various machine learning algorithms designed to detect anomalies, predict potential threats, and optimize response strategies. The ability of AI to learn from historical data and adapt to new threat landscapes makes it an invaluable asset for SOCs. Furthermore, AI-driven analytics can correlate data from disparate sources, offering a more comprehensive view of the security environment. As AI technology continues to evolve, its integration into SOC operations will undoubtedly enhance the efficiency and effectiveness of cybersecurity measures. 

The Vision of a Fully Hyperautomated SOC

A fully Hyperautomated SOC has already become a reality as we look at the modern security landscape. The modern SOC relies heavily on Hyperautomation to amplify the capabilities of human analysts, not replace them. Envision a system where sophisticated AI algorithms are continuously informed by vast troves of historical and real-time data, with humans providing the strategic oversight necessary to navigate the evolving threat landscape. This is precisely what Hyperautomation is already delivering and where SOAR solutions failed to rise to the challenge. In this modern Hyperautomated SOC, technology not only detects and counteracts threats faster but also forecasts and preemptively strengthens defenses against potential vulnerabilities. This level of human-guided automation promises to improve the speed of incident detection and mitigation, delivering expedited yet carefully vetted responses to emerging threats. A human-centric, hyperautomated SOC would ensure seamless compatibility with broader enterprise systems, promoting an integrated security orientation that comprehensively covers an organization. 

Get a Demo

If you’re ready to experience the future of SOC automation, contact us to get a demo today.

Share

Related Articles

Hyperautomation Insights

Gartner Says “SOAR Is Obsolete” in ITSM Hype Cycle

By Torq
June 20, 2024
2 Minute Read
Gartner Hype Cycle graph

Gartner just hammered another nail into the coffin of SOAR. The just-released “Gartner IT Service Management software (ITSM) Hype Cycle” report confirms SecOps professionals are profoundly unhappy with antiquated, legacy SOAR products and vendors. In fact, it places SOAR at the very bottom of its “Trough of Disillusionment” column, meaning “the innovation does not live up to its overinflated expectations.”

According to Gartner, “SOAR requires both development and ongoing operational cycles to maintain, similar to other coding development practices” and that justifying the expense of a SOAR purchase “remains an obstacle for clients.”

In contrast, the report points to modern generative AI-based security automation as a path forward for modern enterprises. It refers to Automated Incident Response solutions, such as the Torq Hyperautomation Platform, as being on the “Slope of Enlightenment,” due to its advanced threat identification, management, and remediation capabilities, and vastly higher ongoing ROI. 

“Workflow automation tools can automate workflows that are part of processes like converting actionable alerts into incidents, opening a communications channel in instant messengers for collaboration, updating the status on a web portal in real time and one-click remediation for existing runbooks,” states the report.

It goes on to applaud modern post-SOAR automation for its unique ability to “remediate and extend incident response capabilities that can integrate with DevOps toolchains.”

Gartner further highlights other critical limitations of SOAR in the report, including:

  • High initial set up and implementation costs
  • High ongoing maintenance and support costs
  • The requirement for specialized personnel and analysts with extensive coding skills
  • Integration and interoperability issues with third-party tools and custom connectors
  • The unrealistic and inaccurate expectation that SOAR can solve all security issues as a standalone solution

In closing, Gartner recommends organizations be extremely critical about their security platform purchase decisions, advising them to “select an appropriate product based on buyer understanding and its applicable use cases, such as SOC optimization, threat monitoring and response, threat investigation and hunting, and TI management.”

Torq professionals are ready to help emancipate organizations from the limitations of SOAR and answer any questions they may have stemming from this report.

If you’re in a trough of disillusionment and ready to ditch Legacy SOAR, contact us to get a demo of Torq Hyperautomation.

Share

Related Articles

See Torq in Action

Torq helps you harness AI in the SOC to detect, prioritize, and respond to threats faster.

Is your security team ready to automate more, faster?