AI Hyperautomation

Why Financial Institutions Need No Code Security Automation

By Torq
February 22, 2025
5 Minute Read
Financial no code workflow automation security platform for financial institutions

Contents

For financial institutions, the pressure to outpace fraudsters, stay ahead of regulators, and defend sprawling infrastructures is endless. Yet inside too many SOCs, it’s still the same story: manual processes, brittle legacy tools, and security workflows held together by spreadsheets and custom coding.

That’s changing fast.

Modern financial institutions are turning to no code workflow automation to eliminate inefficiencies, reduce risk, and scale operations. They’re moving away from legacy SOAR platforms that require months of scripting just to get basic use cases up and running. With Torq, teams are deploying powerful, cross-functional automations in days.

From regional banks to asset giants like Blackstone, the shift is clear: No code isn’t just easier. It’s better. Faster. More secure. And it’s how the smartest financial orgs are staying ahead of the threats, and the competition.

Why Financial SOCs Are Turning to No Code Workflow Automation

Financial and bank SOCs face a perfect storm:

  • Rising attack volumes and sophistication
  • Burdensome regulatory oversight 
  • Analyst shortages and burnout
  • Pressure to do more with less

What Financial SOCs Are Automating First

Most financial customers come to Torq after hitting a wall with legacy SOAR. They’re tired of vendor sprawl, compliance nightmares, and tools that require a full engineering and professional services team just to run. 

Finance orgs prioritize use cases that deliver fast wins in compliance-heavy, high-risk environments. The most common starting points are:

They choose Torq because it’s secure by design: zero-trust architecture, native SOC 2 compliance, and a platform built to scale. They stay because it just works.

Blackstone: From SOAR to 80+ No Code Automated Workflows

Legacy SOAR platforms require custom scripting and complex coding to implement basic use cases. This dependence on coding creates massive bottlenecks in financial organizations that juggle dozens of tools and deal with an evolving threat landscape. It slows everything down, requires specialized talent, and makes scaling automation nearly impossible.

That’s why financial leaders are ditching SOAR for no-code security automation solutions. With intuitive, drag-and-drop tools, analysts — not just engineers — can build powerful, scalable automations across fraud detection, IAM, phishing response, and more.

Blackstone, the world’s largest alternative asset manager, spent years keeping just a handful of workflows alive in their legacy SOAR. After switching to Torq, they launched 30+ automations in six months. Today, they’ve scaled to over 80 workflows across incident response, fraud, threat hunting, and IAM.

What changed?

  • A no code workflow automation platform built for security teams that actually works
  • A scalable Hyperautomation solution that meets the rigor of financial controls
  • A true partnership — not just another vendor with a steep learning curve

How a Leading U.S. Bank Beat Zelle Fraud with No-Code Workflow Automation

Preventing fraud is a top challenge for financial institutions. As attacks become more sophisticated and digital-first payment methods become increasingly more common, the scale of financial fraud is escalating beyond the reach of legacy defenses. 

With the Torq platform’s no-code workflow automation, security teams can connect SIEMs, fraud detection systems, case management tools, and identity services with real-time, orchestrated workflows. Financial institutions can spot fraud faster, reduce false positives, and take immediate, coordinated action. 

Case in point: After a surge in Zelle fraud forced a top 30 U.S. bank to suspend Zelle services under SEC pressure, they turned to Torq. In just 90 days, they built over 100 automated workflows, including a no-code system that autonomously locks down compromised accounts.  

They were quickly able to reinstate Zelle services, and the fraud response time decreased from hours to seconds while automation expanded beyond the SOC into fraud, GRC, and IT. This is the power of no-code security workflow automation in action — fast, scalable, and built for high-stakes financial environments.

​​Why Torq Wins in High-Stakes Financial Environments

Financial institutions are highly regulated, highly targeted — and often highly siloed. That’s why they need automation that works, scales, and earns trust. Torq delivers:

  • No code architecture: Secure, scalable, built for both on-prem and cloud
  • Multi-tenant capabilities: Support for global SOC structures with centralized oversight
  • Fast, responsible AI: With Socrates and our multi-agent system, Torq lets humans direct strategy while AI handles Tier-1 remediation.
  • Audit-ready evidence: Every action is logged with full context and metadata.

Financial customers want to get it right the first time. With Torq, they can.

The Future of Financial SecOps Is Automated 

Banks, insurers, and fintechs are under pressure to modernize fast without compromising security or compliance. Legacy security automation and orchestration won’t cut it. No code workflow automation built for financial security teams is the only path forward.

Torq Hyperautomation gives you:

  • Faster outcomes
  • Fewer manual handoffs
  • Stronger compliance posture
  • Real ROI from day one

And we integrate with the tools you already use. Here’s just a few of our integrations:

  • IT: ServiceNow, JIRA
  • Cloud: Wiz, Microsoft 365, Azure/Entra, AWS
  • SIEM & Logs: Splunk, Elastic, Chronicle, Stellar Cyber, Microsoft Sentinel
  • Identity: Microsoft Entra, Okta, SailPoint
  • Endpoint & Threat Detection: CrowdStrike, Defender, SentinelOne, Tenable
  • Phishing: Proofpoint, Abnormal Security
  • Threat Intelligence: VirusTotal, Recorded Future, AlienVault
  • Third-Party Risk: SecurityScorecard

Whether you’re replacing SOAR, launching security automation for the first time, or scaling into new business units — Torq is the partner to get you there. 

Get a Demo

Share

Related Articles

Integrations Use Cases

How to Automate Cloud Security with Wiz and Torq

By Torq
February 19, 2025
7 Minute Read
Wiz and Torq cloud threat detection

Contents

One of the Torq Hyperautomation platform’s superpowers is its ability to integrate with anything. By partnering with top security vendors like Wiz, Torq empowers SOC teams to automate and streamline critical cloud security workflows, dramatically improving security posture while freeing up analyst time.

Wiz is known for delivering rich context and visibility into cloud risk. Torq takes those alerts and turns them into real-time action. Together, they help security teams address high-priority issues and the long tail of medium- and low-priority vulnerabilities that often slip through the cracks.

With Torq and Wiz, SecOps teams can build fully automated or human-on-the-loop remediation flows for tasks like expired secrets, unused privileged access keys, or public S3 buckets. These cloud security automations are more flexible and powerful than legacy SOAR platforms offer.

Below are three key examples of how to automate cloud security with Torq and Wiz.

Handle Wiz Alerts For Public AWS S3 Bucket With Sensitive Data

Looking for a simpler way to deal with Wiz alerts for when public AWS S3 buckets contain sensitive data? You’re in luck.

This workflow receives an alert from Wiz when an AWS S3 bucket with sensitive personal data is found to be exposed to the public. The alert triggers on Wiz ID wc-id-1264.

When the trigger is received, the workflow pulls the bucket’s public access settings and tags and looks for an owner tag. If one is not found, it sets notifications to a specific Slack channel.

From there, it checks the public settings on the S3 bucket to see if the issue was resolved before the alert from Wiz was triggered. If it is still publicly accessible, it will ask to limit access to the bucket. 

Once the user agrees, the bucket settings are updated, and the Wiz alert is moved to in progress. If the user does not agree or the question times out, a Jira issue is opened to track the issue, and the issue ID will be added to the Wiz alert.

It’s important to note that this workflow will set the public block settings on the S3 bucket to “true” and block all public access. Your application may need a more granular update to the JSON policy to block the existing access; the existing policy will be provided in the Slack message.

The bottom line: 2-4 hours of time saved per alert. 

Depending on your existing process, the time it currently takes to find the questionable S3 bucket manually, assess the data sensitivity, verify public access, dig through logs or tags to identify the bucket owner, and finally adjust the public access setting when the owner responds may vary. With Hyperautomation, however, the entire process can be executed in minutes. 

The risk of allowing sensitive data to live in a public AWS S3 bucket is high and incredibly time sensitive, making it the perfect use case for hyperautomation. The longer sensitive data is publicly exposed, the higher the probability of it leaking into the wrong hands. 

Pairing Torq with Wiz ensures immediate, efficient, and accurate response, reducing the organization’s overall risk and saving analysts from spinning tires on these high-volume alerts.

Enable AWS S3 Bucket Encryption On Alert From Wiz

This workflow is a simple and effective way to ensure encryption is turned on for an AWS S3 bucket. 

First, the workflow receives an alert from Wiz and is triggered by an event with the control name “S3 bucket default encryption disabled.” If the owner tag is found, the owner will be contacted or notified in the Slack channel about the issue. 

This workflow then checks the bucket’s encryption status to see if it is still disabled and suggests remediation by enabling the default AES256 encryption on the bucket. 

If the user or Slack channel rejects the notification, the workflow collects a reason, opens a follow-up ticket, and updates the notes on the Wiz issue. 

The bottom line: 30-60 minutes of time saved per alert. 

While seemingly a simpler workflow than the previous public access to sensitive data risk, manually handling this high-volume, low-complexity Wiz alert requires context, attention to detail, and switching back and forth between a few different platforms.

Ensuring encryption is turned on for an ASW S3 bucket is more of a proactive security measure. It is often a risk factor deprioritized, forgotten, or inconsistently enforced across the cloud environment. Again, a perfect scenario to let Hyperautomation take the reins. 

There is still a significant risk associated with an unencrypted AWS S3 bucket. If a data breach or successful ransomware attack were to occur, gaining access to the unencrypted data would be a walk in the park for the bad actor, and likely one of the first places they would look.

Using Wiz to identify this risk in your cloud environment and Torq to Hyperautomate the remediation ensures consistent and efficient encryption across all AWS S3 buckets, records a clear audit trail for compliance, and prevents SOC analysts from burning out by eliminating mundane, repetitive, and low-risk alerts. 

Remediate AWS EC2 Instance With Open SSH Access From Wiz Alert

This workflow receives an alert from Wiz and is triggered by an event with the control name “Instances with open SSH to the world in AWS.”

If an owner tag is found, the user will be looked up in Slack; otherwise, the Slack channel will be updated. The user or channel is then asked to remediate the instance by shutting it down or removing the open SSH rule in the Security Group and adding a specific network rule allowing SSH from a corporate-owned network.

The user or channel will also have the option to open a Jira issue instead of doing the remediation. A Jira issue is opened for any process issue and will be added to the issue notes in Wiz.

The bottom line: 1-3 hours of time saved per alert.

The most time-consuming part of investigating an AWS EC2 instance with open SSH access is communicating with the developer or system owner. The risk here is high and urgent, and it needs to be handled immediately, but also with care and precision, as incorrectly disrupting a critical production instance could significantly negatively impact the business. 

This could make analysts hesitant to take action without additional context, extending the length of the investigation and the potential risk. Worse, the instance owner could push back, claiming that the access is intentional and required (Don’t worry; we have an answer for this, too… See Bonus use case! below). 

Hyperautomation not only handles the communication on behalf of the security team but also takes action immediately upon response, reducing the time it takes for the security analyst to find the system owner, wait for the reply, and modify the access in the AWS console. Together, Wiz and Torq ensure contextual remediation strategies are presented to the correct stakeholders and take rapid action in response to a critical threat without disrupting business as usual.

Bonus Use Case! 

While leaving SSH open to the world is a significant security risk and generally discouraged, there are still a few niche reasons why a developer may push back against shutting down access for a legitimate business reason. Even still, these use cases should be considered an exception to the rule and handled with care. 

Hyperautomation offers a better, more secure alternative through self-service just-in-time (JIT) access. This allows only certain users to gain temporary SSH access for only a short period of time — rather than opening the flood gates completely — controlling who has permissions through IAM policies and minimizing risk to the organization.   

These are just three of the myriad ways that Wiz and Torq partner to help SOC teams achieve smarter, faster cloud defense.

Wiz + Torq is the Future of Cloud Security Automation

With Wiz delivering deep cloud visibility and Torq translating that insight into real-time remediation, security teams can respond to threats faster, smarter, and more consistently. 

Together, they provide a proactive, efficient defense posture that legacy SOAR tools simply can’t match. Whether it’s public S3 buckets, disabled encryption, or open SSH ports, every second counts. By combining Wiz and Torq, you gain precision, speed, and control — hallmarks of a truly modern cloud security strategy.

Ready to transform your cloud security strategy? Watch our demo with Wiz.

Share

Related Articles

Product

JSON for Beginners: Building Blocks for Workflow Automation

By Torq
February 13, 2025
7 Minute Read
Learn JSON basics.

Contents

Automation workflows add a lot of value to an organization’s day-to-day operations. At a minimum, they streamline the execution of complex, multi-step processes, allowing people to focus on higher-value tasks. On top of that, automation workflows can provide valuable insights through the metrics that they gather – including the number of requests, the date and time they were requested, the time it took to complete each request, who made the request, and much more.

At first, automated workflows functioned much like a basic assembly line, where workers only know how to perform one step in the whole process. Now, modern automation solutions like Torq’s no-code platform are able to use the data passed into a certain step, together with the data generated in that step to make decisions about retries, failures, and next steps in the process.

In the beginning, these workflows functioned much like a basic assembly line, where workers only knew how to perform one step in the whole process. Now, modern automation solutions can use the data that’s being passed into a certain step, together with the data that’s generated in that step to make decisions about retries, failures, and where to send the request next.

This is especially important when it comes to security and auditing. While gathering more context to achieve a more complete record of what is happening, that context can also be used to decide what a requester can send or receive at each step. For example, while someone in the payroll department can access salary data that someone on the help desk cannot, both can see who the employee’s manager is.

JSON Basics: The Building Blocks for Workflow Automation

Since modern intelligent automation workflows are built around their data, that data needs to have a consistent format across all steps in the workflow. The format that Torq uses to contain that data is JavaScript Object Notation, better known as JSON.

Because JSON is a text-based, self-describing format, it is easy to work with and very flexible. Compared to older and more formally structured formats like XML (eXtensible Markup Language), it requires less overhead to process and less storage space to archive. It is also easier to extend on the fly without needing to refactor multiple schemas to ensure backwards compatibility.

JSON Basic Structure

JSON is also human-readable, since it is based on the concept of key:value pairs and follows basic formatting rules. In this case, the only purpose of white space is to make it easier for humans to read. You must use a valid format, which normally means beginning and ending with curly brackets (i.e. { }), although square brackets (i.e. [ ]) are used in some cases. In addition, every element except the last one needs to be followed by a comma so that everyone knows there are more values to follow.

In the following JSON key:value example, the keys are shapes and the value of each key is the number of corners that the shape has.

{    “triangle”: 3,

    “square”: 4,

    “octagon”: 8

}

Basic JSON key:value Example

Data Types

When it comes to values, there are really only three data types. However, the values can be stored in arrays or objects, as defined below:

TypeDescriptionExample
StringAlphanumeric sequence (written in double quotes).“day”: “Saturday”“time”: “2021-03-11”
NumberAn integer (not in double quotes).“guestsNumber”: 25
BooleanValue can be true/false (not in double quotes).“surpriseParty”: false

Note: Numbers and Boolean values don’t need to be contained in quotes. However, string values and key names must be contained in quotes.

What Is a JSON Object?

JSON objects are items defined with multiple unique key:value pairs below them. Objects are contained within curly brackets, which is why most JSON data that is handled within these workflows will start and end with curly brackets. In fact, all of the data used within a workflow is one single object containing multiple sub-objects.

If we extend our previous example to include the number of sides as well as corners, we’ll end up with a unique object for each shape:

{    “triangle”: { “sides”: 3, “corners”: 3 },

    “square”: { “sides”: 4, “corners”: 4 },

    “octagon”: { “sides”: 8, “corners”: 8 }

}

JSON Object Example

JSON Arrays

Now you know how to create simple key:value pairs and unique objects. Sometimes, however, you need to record things as data using a common format, but the data itself is unique for each item. In such cases, you would define an array using square brackets ( [ ] ) around the set of key value pairs that need to be stored in the data.

For example, you can make a single object called “shapes” that contains an array for the data: 

{    “shapes”: [

        { “type”: “triangle”, “sides”: 3, “corners”: 3 },

        { “type”: “square”, “sides”: 4, “corners”: 4 },

        { “type”: “octagon”, “sides”: 8, “corners”: 8 }

    ]

}

JSON Array Example

How to Use JSON to Reference Data

Now that you know what the structure of JSON looks like and how easy it is to follow, we’ll explain how to address specific places inside the JSON data. To do so, you can either target the retrieval of the current state or grab an entire array.

How to Reference JSON Objects / Arrays

Let’s start with the basics of accessing data from an object. JSONpath is built using dot notation, which is a common type of syntax used in many programming languages to access the properties of an object. The basic JSONpath for accessing an entire object is “$.” These two characters will be at the beginning of every JSONpath in Torq.

For instance, to access the value of “triangle” in the first example (a simple JSON with a few key value pairs), you’d begin the path with the root “$.” and add the name of the key that you want to retrieve. So, in our example, “$.triangle” would return the value of 3.

Let’s say you wanted to access something that’s multiple levels down in the object. Using the JSON in the second example, you’d build on the base of “$.triangle” and add “.sides.” So, in this case, “$.triangle.sides” would return the value of 3.

Referencing JSON Arrays

Arrays are handled slightly differently, since they consist of multiple instances of data in a single object. To access data in an array, you can use square brackets and specify the desired record number. Or, if you leave the square brackets off, you’ll get the entire object back.

For instance, using the JSON in the third example, you’d start with the base and ask for all of the records in shapes with the “$.shapes” JSONpath. You would use “$.shapes[0]” if you only wanted the first record. (In JSON, record numbers start at zero, not one.)

You can also pull back the number of sides in every record without pulling the rest of the data. The syntax is similar, except that you replace the index number with a colon to access all records. So, “$.shapes[:].sides” would return “{ 3,4,8 }” as the result.

Once you’ve mastered the art of navigating JSON, you can start to do more advanced filtering within JSONpath. Using the third, “$.shapes[?(@.sides>5)]” would return a record of every shape in the array that has more than 5 sides.

There are many online tools that you can use to validate that these examples really work (like JSONpath.com).

JSON-Based Workflows

Now that you know what the data structure looks like in JSON, as well as how to reference specific values in that data with JSONpath, you have the option to build highly customized workflows to bring sanity and a sense of control to the most challenging manual work within your organization… Not that you’d need it, since Torq offers data-driven, zero-code security automation.

Get a Demo
Share

Related Articles

Product

How to Automate Intune Reports for Device Compliance with Torq

By Torq
February 6, 2025
2 Minute Read
Torq intune reports

Contents

Whether for managing remote teams, supporting ‘bring your own device’ (BYOD) policies, or simply another layer in a data protection strategy, services like Microsoft Intune offer greater control over the devices on your network. But using the data from these services often requires tedious prep work, and this process is likely repeated multiple times a week, if not daily. 

Tedious, repetitive, structured: these are all signs that a process can and should be automated. Torq offers dozens of pre-built templates to help security teams add efficiency to processes like these. Here we’ll show a workflow that automatically generates a daily report on device compliance from Intune, and delivers it to Slack. 

How Torq can Automate Device Compliance Reports  

The default trigger for this workflow is set to run once a day, but you can customize the duration based on your needs. Similarly, the default chat application is Slack, but changing to Microsoft Teams or other apps takes just a few clicks. 

Here’s how it works:

  1. Torq will generate an access token and pull the list of devices from Intune, then filter for the ones that are tagged as non-compliant. 
  2. It will loop through each of those devices to look for a registered user, then split the list based on whether or not a user is found.
  3. Next it generates the actual report, which is built from a set of pre-defined messages that you can customize.
  4. Finally, the last step is to send everything to a designated Slack channel. 
A segment of the workflow template available in Torq

This is a good example of how a relatively simple, pre-built template can make a big impact on recurring security activities. With just a few minutes of setup, you can eliminate hours of tedious work and improve your compliance efforts. 

Get the Workflow Template

Already a Torq customer? You can find this workflow, and many more in the template library. Just add it to your Torq account, provide your Microsoft credentials, specify the report frequency, and enjoy.

Get Started Today

Not using Torq yet? Get in touch for a trial and see how our no-code automation platform can add efficiency to your operations and improve overall security posture.

Share

Related Articles

News Product

Torq Signed the CISA Secure by Design Pledge

By Aner Izraeli
February 5, 2025
7 Minute Read

Contents

At Torq, our commitment to security has always been at the forefront of our mission to empower businesses through our SaaS platform.

Today, we’re proud to announce a significant step forward in our security journey: Torq has signed the CISA Secure by Design Pledge.

This pledge underscores our dedication to ensuring that our customers can trust our platform to uphold the highest security standards, enabling customers to focus on their goals without concerns about their security posture.

Advancing Security by Design

The CISA Secure by Design Pledge perfectly aligns with our approach to security. This initiative emphasizes the importance of building security into the foundation of all products and services.

For Torq, this means integrating robust security measures throughout our development lifecycle, from initial concept to deployment and beyond.

By signing this pledge, we are reinforcing our commitment to:

  • Proactive security measures: Embedding security into every layer of our platform, ensuring our customers’ data is protected at all times.
  • Transparency: Providing clear, actionable information about managing and securing data, empowering our customers to make informed decisions.
  • Continuous improvement: Regularly evaluate and enhance our security practices to stay ahead of evolving threats.

What This Means for Our Customers

When you choose Torq, you’re not just selecting a SaaS solution but partnering with a company that prioritizes your security. Our adherence to Secure by Design principles means:

  • Minimal configuration risks: Our platform is designed to work securely out of the box, reducing the burden on your team to configure complex security settings.
  • Enhanced resilience: With built-in safeguards and automated protections, your organization’s security posture remains robust despite emerging threats.
  • Ongoing support: We’re committed to providing tools, resources, and guidance to help you confidently navigate security challenges.

This blog post outlines our commitment, investments, and transparency in those Secure by Design principles and our plans for the upcoming security year 2025.

Multi-factor authentication (MFA)

“Within one year of signing the pledge, demonstrate actions taken to measurably increase the use of multi-factor authentication across the manufacturer’s products.”

Torq’s customer’s default application authentication is SSO-based via federation through external identity providers, ensuring uncompromised authentication standards for our customers.

This approach ensures consistent MFA configuration and enforcement with their identity provider’s MFA settings.

Torq supports SAML 2.0 and OpenID Connect with code flow and implicit grant type. It’s compatible with many enterprise IDPs, including:

  • Google
  • Microsoft Entra ID
  • Okta
  • OneLogin

Supported SSO Methods and Protocols

  • Open ID connect
  • SAML 2.0

Default passwords

“Within one year of signing the pledge, demonstrate measurable progress towards reducing default passwords across the manufacturers’ products.”

Torq’s customers are invited to their new workspace by an invite email directly sent to their corporate mailbox.

The invite email contains a unique invite link, and clicking it invokes the authentication process.

When a customer’s admin user logs in to their Torq account using the invite link, they use their email and self-generated password; hence, no default passwords are involved.

Per policy, customers are informed that 2FA is necessary to continue.

The user must scan the QR code presented or enter the activation code into a recognized authenticator application on their cellular device.

Upon completion, the customer can set up the organization’s SSO, which neglects password usage thereafter.

Torq’s application password policy enforces the following criteria:

  • Between 8 to 20 characters
  • At least one capital letter
  • At least one lowercase letter
  • At least one number
  • At least one special character

Reducing entire classes of vulnerability

“Within one year of signing the pledge, demonstrate actions taken towards enabling a significant measurable reduction in the prevalence of one or more vulnerability classes across the manufacturer’s products.”

Torq adopts a “security by design” approach to effectively minimize attack surfaces that are vulnerable to potential threats.

That said, to effectively deal with zero-day attacks and reduce vulnerabilities, Torq has a few key components aiming at that goal, such as:

  • Penetration testing
  • Scanning Torq’s supply-chain pipeline, including code dependencies (open source), containers (dockerfiles), code (SAST), Secrets, and IaC as part of SDLC and CICD
  • Utilizing the world’s best-of-breed CNAPP
  • Utilizing Distroless cloud workloads
  • Utilizing an EDR vulnerability scanning module on Torq’s laptop devices fleet and addressing findings through automation

Looking ahead:

Over the course of the following year, we intend to focus on improving runtime visibility, gaining better and higher vulnerability verdict.

Security patches

“Within one year of signing the pledge, demonstrate actions taken to measurably increase the installation of security patches by customers.”

As a SaaS offering, Torq’s application is updated continuously through a process where Torq manages the deployment of new features, bug fixes, and security patches. Customers benefit from automatic updates without needing to install new versions manually. Torq’s Continuous integration and deployment (CI/CD) pipelines enable rapid, frequent updates, allowing it to deliver improvements and patches quickly while ensuring stability and performance.

No action is necessary on the customer’s part to have these patches automatically applied to their workspaces.

Customers are notified through Torq’s “what’s new” segment and through https://kb.torq.io/en/

Vulnerability disclosure policy

“Within one year of signing the pledge, publish a vulnerability disclosure policy (VDP).”

In addition to Trust Center, where customers can obtain up-to-date reports, policies, and the status of Torq’s security posture, Torq also maintains a Security and Compliance public page within its torq.io commercial website – https://torq.io/security-compliance/

At the bottom of this page, visitors are introduced to Torq’s privacy and security mail accounts for any security-related matter, including vulnerability disclosure.

Torq addresses and responds to any approach made.

https://torq.io/security-compliance/

As a continuous improvement, the process could be enhanced by having a dedicated online form for a better vulnerability disclosure experience within Torq’s security-compliance page.

CVEs

“Within one year of signing the pledge, demonstrate transparency in vulnerability reporting.”

At Torq, we take security seriously and continuously monitor our platform for vulnerabilities. Unlike traditional software that requires customers to manage their own patches, SaaS platforms like ours are centrally managed, allowing us to rapidly mitigate security issues without requiring customer intervention.

CVE (Common Vulnerabilities and Exposures) program focuses on publicly disclosed security vulnerabilities in software products, hardware, and firmware.

Torq is a SaaS offering that, by its operational fashion, is non-distributable and installed on its customers’ end. Hence, it does not directly fit and is obligated to issue CVEs disclosure.

We believe in transparency and proactive security measures.

Our approach to vulnerability management includes:

Continuous monitoring and rapid patching – We detect and remediate security issues before they impact customers.

Customer notification – We will notify impacted customers if a vulnerability affects data security or compliance.

Third-party component reporting – If an issue involves open-source or third-party software, we may issue a CVE when appropriate.

Security bulletins – We publish important security updates via our Trust Center.

Regulatory compliance – We align with industry standards (e.g., SOC 2, ISO 27001, FedRAMP) to ensure best-in-class security.

Evidence of intrusions

“Within one year of signing the pledge, demonstrate a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products.”

Torq generates audit logs. These logs provide a comprehensive record of events within a workspace, capturing various actions and changes. They record events such as user activities, workflow changes, and resource modifications. Typically, log entries are created immediately after an action is taken. The audit logs include the event occurrence, timestamp, the user or service that initiated the action, and the affected entity.

To enhance the security and oversight of your workspace, audit logs could be streamlined to a SIEM or bucket using Torq workflows, steps, or API.

Looking Ahead

As cyber threats evolve, Torq’s security journey doesn’t stop here. Signing the CISA Secure by Design Pledge is just one of many steps we’re taking to ensure our platform remains a trusted partner for businesses worldwide. Our team will continue to innovate, collaborate, and advocate for security practices that benefit not only our customers but the broader digital ecosystem.

We’re excited about this new chapter and its meaning for our customers. By seamlessly integrating security into our solutions, we’re not just mitigating risks — we’re enabling your success.

Stay tuned for more updates on how we’re driving security excellence at Torq, and feel free to reach out if you have any questions about our Secure by Design journey.

Share

Related Articles

Integrations

Cloud Security Automation with Torq + Sweet Security

By Torq
February 4, 2025
5 Minute Read
Learn how Torq and Sweet Security empower SOCs to detect threats in real-time with cloud security automation, neutralizing threats in minutes, not days.

Contents

For security teams, resolving a cloud incident takes an average of 10 days — time attackers can exploit to cause further damage. The problem? SOCs often lack the context and cloud security automation they need to respond faster. That’s where the partnership between Torq and Sweet Security changes the game.

Why SOCs Need Torq and Sweet Security

Sweet Security delivers the real-time, cloud visibility SOCs need to identify threats quickly and accurately. Torq takes it further by automating the response process, bridging the gap between detection and action. Together, they empower SOC teams to neutralize threats in minutes — not days — reclaiming control over their cloud environments and staying ahead of attackers.

Sweet Security: Raising the Bar for Cloud Detection and Response

Sweet Security approaches cloud protection with precision and expertise that stands apart. Their platform combines unified cloud visibility across the cloud infrastructure, workloads, and applications with deep runtime context, enabling SOCs to detect and neutralize real-time threats as they unfold. By integrating cutting-edge, cloud-native technologies, Sweet equips security teams to handle even the most sophisticated attacks with confidence and resilience. 

Sweet’s Detection & Response capabilities reduce MTTR by enriching incident insights with detailed information on human and non-human identities, including roles, users, and service accounts. By correlating siloed cloud events into a comprehensive attack story and leveraging an advanced threshold mechanism to minimize false positives, Sweet ensures deeper context and alerts only on high-probability malicious incidents. Seamless orchestration with Torq further amplifies these capabilities.

Torq Hyperautomation: Transforming SOC Operations

Torq has redefined what’s possible for SOCs by enabling Hyperautomation across workflows. With Torq, SOC teams can design, deploy, and scale automated incident responses — reducing manual work and freeing analysts to focus on critical decision-making. Whether it’s accelerating the triage process, auto-remediating threats, or optimizing collaboration between tools and teams, Torq’s platform brings unmatched speed and precision to security operations.

Together, Torq and Sweet Security’s integration achieves what was once thought impossible: full-spectrum cloud protection, automated at scale.

What the Integration Delivers to SOC Teams

Torq and Sweet’s integration creates a seamless threat detection and resolution pipeline. Here’s how:

  1. Unified cloud visibility meets real-time automation: Sweet Security provides SOCs unparalleled insight into cloud environments, while Torq transforms these insights into automated actions. When Sweet’s platform identifies an anomaly, Torq can immediately trigger a workflow to respond to the threat.
  2. Proactive incident response: Cloud attacks often unfold in seconds, leaving SOC teams little time to react. With this integration, Sweet’s real-time detection feeds directly into Torq’s cloud security automation workflows, enabling SOCs to mitigate threats faster. For example, Sweet’s advanced capabilities allow for the detection of the human identity responsible for an incident and the ability to directly question the user about their activity — without requiring SOC intervention.
  3. Customizable workflows for every cloud environment: No two organizations operate the same cloud stack. Torq’s no-code platform allows security teams to tailor response workflows that align perfectly with their unique cloud setups, ensuring that Sweet Security’s detections are met with tailored, effective responses.
  4. Enhanced SOC efficiency and morale: Automation doesn’t just eliminate repetitive tasks — it empowers SOC teams to operate at their best. By integrating Sweet’s intelligence with Torq’s workflows, analysts are no longer bogged down by manual processes, allowing them to focus on strategic initiatives that strengthen overall security posture.

A Use Case: From Detection to Mitigation in Minutes

Imagine this scenario: Sweet Security identifies unusual activity in a cloud environment, flagging a misconfigured container with potential malware. The alert triggers a prebuilt Torq workflow that:

  • Enhances alerts with additional context from threat intelligence sources, as well as data from cloud provider APIs and log services, such as AWS CloudTrail and CloudWatch.
  • Automatically reaches out to asset owners through Slack or Microsoft Teams, enabling them to remediate minor issues without involving the SOC.
  • Isolates the container while verifying the presence of malware.
  • Deploys a remediation script to correct the misconfiguration.
  • Directly engages the suspected user to verify their activity — eliminating the need for SOC intervention.

All of this occurs in minutes — not hours or days — significantly reducing the attack’s impact.

Example cloud security automation workflow with Torq and Sweet Security.

Looking Ahead: Strengthening the Future of Cloud Security

The Torq and Sweet Security partnership isn’t just about solving today’s cloud security challenges — it’s about preparing SOCs for the future. With the increasing sophistication of cloud-native attacks, the ability to integrate real-time detection with scalable automation will be a non-negotiable for every security team.

At its core, this collaboration underscores a simple but powerful truth: when detection meets automation, SOCs can achieve extraordinary outcomes. By combining Sweet Security’s advanced cloud-native detection with Torq’s Hyperautomation platform, security teams are no longer playing catch-up. They’re setting the pace.

Ready to See Cloud Security Automation in Action?

For a detailed walk-through on integrating Torq and Sweet, check out the Knowledge Base article

To learn more about how Torq and Sweet Security are transforming cloud security, schedule a demo today and experience the future of SOC operations firsthand. 

Share

Related Articles

Insights

Torq Announces 300% Revenue Growth and Opens EMEA HQ in London

By Don Jeter, CMO, Torq
January 28, 2025
4 Minute Read
Torq’s new London headquarters

Contents

Last year was an absolutely amazing year for Torq. The stats are just mind-blowing: 300% revenue growth and 200% employee growth. We also closed our $70M Series C round, bringing our total funding to $192M.

In 2024, we officially closed the door behind us on SOAR and blew open the door ahead for Torq Agentic AI security solutions, which are now used by some of the biggest names in cybersecurity, consumer packaged goods, industrial automation, retail, and telecommunications. We’re talking about companies you know and love, like Abnormal Security, Check Point Security, Chipotle Mexican Grill, Deepwatch, Inditex (you may know them better by their brands Zara, Bershka, and Pull & Bear), Informatica, PepsiCo, Procter & Gamble, Siemens, Telefonica, and Wiz. And our unique security operations approach was validated by Gartner, IDC, Forrester, and GigaOm

EMEA Expansion and New London HQ

Well, guess what? We’re just getting started. In 2024, Torq achieved incredible market penetration across North and South America, and APAC, where Torq HyperSOC and Torq Hyperautomation products are now firmly established as the premiere Agentic AI and autonomous SOC solutions of choice for global enterprises. And now, I’m so pleased to let you know we’ve dramatically expanded operations across EMEA. 

We’ve got brand new EMEA headquarters in London, and we’ve appointed Usman Gulfaraz as our new VP of EMEA Sales. Usman is a high-octane, phenomenal leader, who was most recently responsible for global revenue at Speechmatics. Previously, he ran EMEA for Tessian, which he helped lead to acquisition by Proofpoint. And prior to that, he ran EMEA for Shape Security which he helped lead to acquisition by F5.  We’ve also just appointed Jaicee Matthews as our Head of EMEA Marketing. Jaicee previously led marketing teams for GTT, Edgio, and Lumen Technologies. Both of them are based in London.

I asked Usman for his thoughts and here’s what he told me: “I’m absolutely elated to join this world-class team of cybersecurity professionals making such a huge difference for enterprises around the world. Every day, I’m increasingly hearing from EMEA customers and prospects about their excitement about Torq HyperSOC featuring our Agentic AI Multi-Agent Framework. Demand is so high for Torq, I barely have time to write this quote for you, Don. The sky’s the limit for Torq and the fact that my email and phone are constantly blowing up says it all.”

Accelerating EMEA Partner Momentum

Our EMEA partner base is also increasing by leaps and bounds. It already includes AdvanceSec, Bytes Software Services, Check Point, GlobalDots, Nubera, Nueva Group, Softcat, Tata Group, Wiz, and WWT, with dozens more about to sign. 

Here’s what Adam McCaig, Head of Security Strategy and Services at Bytes Software Services, had to say: “We’re thrilled to partner with Torq and continue to deliver innovation that matters to our customers. Demand for Torq’s game-changing Hyperautomation Platform and Torq HyperSOC continues expanding exponentially. Together, Torq and Bytes Software Services are making enterprise SecOps teams across EMEA more productive and focused with their AI-driven SecOps and autonomous SOC solutions, ensuring organizations can mitigate existential security issues before they have a chance of creating adverse impacts.”

Focus on Autonomous SOC

In 2025, you can expect even more generational, transformational shifts from Torq as we take our AI-driven, autonomous SOC focus to the next level. You’re going to witness some of the most innovative product and capability unveilings in the history of modern cybersecurity. We’re going to deliver on the promise of true autonomy and introduce SecOps efficiencies and productivity boosters the likes of which you’ve never seen before.

We can’t wait to show you what’s coming up!

Share

Related Articles

AI

Maximizing AI Autonomy: Achieving Reliable AI Execution Through Structure and Guardrails

By Gal Peretz
January 21, 2025
5 Minute Read

Contents

Gal Peretz, Head of AI & Data at Torq

Gal Peretz is the former Head of AI & Data at Torq. Gal accelerates Torq’s AI and data initiatives, applying his deep learning and natural language processing expertise to advance AI-powered security automation. He also co-hosts the LangTalks podcast, which discusses the latest AI and LLM technologies.

Our previous blog post explored how planning with AI systems can set the stage for smooth collaboration between humans and machines. However, a solid plan alone isn’t enough. The next step is orchestrating the execution — ensuring that the AI system can carry out tasks autonomously while maintaining guardrails that prevent errors, hallucinations, or false actions.

The Challenge of Direct Execution: LLMs Alone Aren’t Enough

Moving from a free-text runbook to execution without a structured schema is where most AI implementations fail. While large language models (LLMs) are powerful, they continue to struggle with AI autonomy due to:

  • Hallucinations: Making incorrect assumptions or executing invalid steps.
  • Ambiguity: Choosing the wrong tools or extracting incorrect arguments from the execution context to pass to the next step.
  • Lack of Determinism: Struggling to execute tasks consistently without a clear structure, often leading to indeterministic execution where the AI agent may jump between steps out of order or skip them altogether.

Simply put, letting the LLM orchestrate execution without structure and guardrails lacks the precision needed for a reliable execution process.

Streamlining the Execution of a Clear and Reliable Plan

To address this, Torq implements a concrete structured execution scheme that ensures Torq’s AI system performs tasks deterministically and without ambiguity. Once the high-level plan is developed, the AI extracts each step as an atomic unit — clear, precise, and sequential. 

This structured approach eliminates the risks of indeterministic execution, where the AI agent might skip steps, go out of order, select incorrect tools, or misinterpret arguments due to vague instructions. 

Think of it like following a recipe step by step: after deciding to ‘make dinner,’ you break your activities into clear, sequential micro-tasks like ‘bring water to a boil’, then ‘add pasta to the water.’ 

Similarly, Torq built our AI to execute a detailed plan one micro task at a time, in the right order. This allows Torq’s AI system to analyze and break down instructions and examples for each step, ensuring the AI completes the overarching task accurately. By eliminating ambiguity, the structured execution guides the AI to select the right tools and arguments at every stage, delivering consistent and reliable results.

AI Guardrails: Balancing AI Autonomy and Control

While we aim to maximize AI autonomy, balancing it with guardrails is critical to ensuring its safe and reliable execution. These guardrails act as safety nets that prevent the AI from taking false or unintended actions, ensuring human oversight remains available when necessary.

The key is for the AI to be able to break down the execution process into atomic steps that it can handle precisely. The system then focuses on clear micro-tasks for each step, reducing ambiguity and enabling the AI to perform confidently. 

However, when the AI encounters uncertainty — such as ambiguous context, missing tools, or incomplete arguments — it pauses execution and escalates the decision to a human operator. This human-in-the-loop mechanism mitigates the risks of hallucinations or incorrect tool usage, providing a safety checkpoint before the AI proceeds.

By combining structured execution with these dynamic guardrails, we can push the boundaries of AI autonomy. This allows the AI to operate efficiently and autonomously in most cases, saving significant time and resources while ensuring that safety and accuracy are never compromised.

Screenshot showing an example of an AI system seamlessly delegating control to a human when it lacks permission to execute a critical task, demonstrating how AI autonomy and human oversight work together seamlessly.
Figure 1: Example of an AI system seamlessly delegating control to a human when it lacks permission to execute a critical task, demonstrating how AI autonomy and human oversight work together seamlessly.

Reliable AI-Powered Execution at Scale

Orchestrated execution unlocks AI’s full potential by combining precision, autonomy, and control. By leveraging a step-by-step structure, AI can focus on atomic tasks, ensuring consistency and reliability at every stage. This approach streamlines workflows requiring constant human intervention, enabling AI to act efficiently while remaining grounded in a structured plan.

For Security Operations Center (SOC) teams, this translates to faster and more reliable execution of security runbooks at scale. This reduces the need to micromanage AI-powered SOC processes or perfect the prompts to control the AI, giving SOC teams more time for higher-value tasks while ensuring confidence in the AI’s structured execution.

The Future of AI Autonomy in the SOC

Choosing solutions that orchestrate AI execution with appropriate guardrails is critical for building trust, efficiency, and precision in today’s SOC operations. AI that structures execution as a series of deterministic micro steps and balances AI autonomy with human oversight allows SOC teams to confidently rely on AI systems to streamline their workflows.

This collaborative approach enables SOC analysts, engineers, and managers to:

  • Maintain control over automated processes
  • Trust in AI’s reliability for step-by-step execution
  • Focus on higher-value work while reducing uncertainty

The result is a stronger, more efficient autonomous SOC environment where human expertise and AI capabilities work seamlessly together. Schedule a demo today.

Read the rest of Gal’s blog series about AI in the SOC:

Share

Related Articles

Hyperautomation Product Use Cases

Impossible Travel Detection with Torq: Defend Against the Most Prominent and Expensive Breach

By Brian Higgins
January 13, 2025
5 Minute Read

Contents

With widespread remote work and global access, organizations face mounting challenges in securing user identities against sophisticated threats. One critical identity risk signal is impossible travel, where a user appears to log in from two unrecognized, geographically distant locations within an unrealistic timeframe, indicating the possibility of compromised credentials or session hijacking.

Identity is the New Security Perimeter

According to IBM, stolen or compromised credentials account for up to 40% of malicious incidents in Fortune 500 companies. These breaches also rank among the most expensive, adding over $1 million in costs per incident. Despite best practices like multi-factor authentication (MFA) and employee security training, the human element remains the weakest link — 68% of breaches stem from social engineering or user error.

To address identity-driven threats efficiently, organizations must shift from reactive security models to automated, identity-centric operations (IdentityOps). Torq enables security teams to detect and remediate compromised credentials in real time without adding operational burden.

Automating Identity Threat Detection with Torq

To save security analysts from legacy systems and alert fatigue, Torq created an Impossible Travel Detection workflow to eliminate reliance on legacy, manual security processes. Torq automates Impossible Travel Detection with your existing best-of-breed toolstack. 

With 300+ integrations, this workflow can integrate with Okta, Microsoft Entra (Azure AD), Google IAM, and other leading identity providers, leveraging geolocation, user behavior analytics, and AI-driven security automation to identify and block suspicious logins instantly.

How To Detect Impossible Travel

Torq autonomously triggers its detection workflow based on successful login events from your identity access management (IAM) provider of choice (i.e., Okta, Microsoft Entra, Google IAM, etc.) and follows this streamlined identity-centric process:

  1. Login Event Capture → Activates the workflow when a user logs into Okta (or another IAM solution).
  2. Geolocation Analysis → Determines the IP address’s physical location via integrated intelligence tools.
  3. Historical User Behavior Comparison → Compares the login’s geolocation with previous locations stored as identity baselines.
  4. Distance & Speed Calculation → Uses the Haversine formula to determine the travel distance and computes implied travel speed.
  5. Anomaly Detection → Flags logins that exceed a predefined speed threshold (e.g., 1,000 km/h).
  6. Risk Scoring & Identity Context Awareness → Incorporates additional risk intelligence to minimize false positives.

By analyzing real-time user behavior and risk signals, Torq enables automated, intelligent decision-making to determine whether a login attempt is legitimate or an identity-based attack.

Beyond Geolocation: Intelligent Identity Threat Analysis

The power of IdentityOps lies in your ability to integrate across the security ecosystem — leveraging multiple threat intelligence and user behavior signals to detect, assess, and remediate compromised identities dynamically.

Advanced Risk Signals Integrated into Torq’s IdentityOps Workflow

Torq enriches Impossible Travel Detection with best-in-class security integrations, ensuring high-fidelity threat identification through:

  • IP Reputation Enrichment → Queries VirusTotal, Recorded Future, or CrowdStrike to determine if the login originates from a known malicious or suspicious source.
  • User Behavior Profiling → Establishes a historical baseline of each user’s login habits to detect anomalous patterns.
  • Context-Aware Decisioning → Analyzes additional identity context, VPN usage, corporate IP addresses, and cloud service access patterns to reduce false positives.

These multi-layered identity security checks ensure precision threat detection while maintaining a seamless user experience.

User Verification and Automated Remediation

With this workflow, Torq detects potential takeovers. Then, Torq automatically engages users and security teams for real-time resolution.

Step 1: User Notification & Verification

When a potentially suspicious login is detected, Torq immediately alerts the user with a contextual security challenge:

🚨 Suspicious Login Detected

We noticed a suspicious login to your account from [Geo IP City]; your last login was from [Cache Geo IP City].

📍 Distance between logins: [Calculated Distance]

❓ Do you recognize this login as yours? [Yes] / [No]

This proactive approach serves three key purposes:

  1. Alerts the user of potential credential compromise.
  2. Provides contextual insight into login activity.
  3. Engages users in real-time identity verification.

Step 2: Adaptive, Automated Remediation

If the login is verified as legitimate, Torq updates the user’s location history, adds a security audit log, and continues normal operations.

If the login is denied (or is ignored or times out), Torq automatically initiates remediation by:

  1. Forcing an immediate password reset.
  2. Sending a secure password reset link to the user via email.
  3. Notifying the security team via Slack, SIEM, or ITSM.
  4. Creating an incident ticket for tracking and investigation.

Optional: AI-Driven Investigation & Escalation

If a high-risk event is detected, Torq triggers an escalation workflow that can automate additional security responses — such as disabling the account, revoking OAuth sessions, or requiring reauthentication through step-up MFA.

IdentityOps with Complete Flexibility & Customization

Torq is a highly flexible, fully integrated no-code/low-code solution that allows security teams to tailor IdentityOps workflows to exact requirements with:

Organizations can fine-tune Impossible Travel Detection to align with their unique security policies, compliance needs, and identity protection strategy.

Bringing IdentityOps to Life with Torq

By shifting to IdentityOps automation, security teams can radically transform how they detect, manage, and respond to identity threats. Torq’s Impossible Travel Detection workflow offers a scalable, intelligent, and automated approach to protecting user accounts — reducing incident response times, analyst workloads, and security gaps.

Instead of relying on reactive security controls and manual investigations, Torq proactively enforces identity security at scale — ensuring only trusted users access your most sensitive resources. 

Sign up for a demo to see it in action. Current users can start customizing the workflow template today.

Share

Related Articles

AI

Cut Through the Hype: Tips for Evaluating AI Solutions for an Autonomous SOC

By Torq
January 9, 2025
6 Minute Read
What are the best AI cybersecurity tools for achieving an autonomous SOC? Learn how to evaluate Agentic AI for SecOps.

Contents

As C-suites and boards are bombarded with headlines about AI revolutionizing cybersecurity, it’s no wonder they’re putting pressure on SOC leaders to adopt AI. The promise of AI in the SOC is rightfully alluring. An AI-native autonomous SOC has the potential to create a world where AI Agents collaborate with each other to take care of repetitive tasks and handle the majority of low-level alerts, freeing your human team up for strategic, proactive work. 

The hurdle? The AI cybersecurity landscape is swarming with vendors — and new ones are seemingly popping up out of stealth mode every day with shiny marketing and grand claims. 

This leaves SOC leaders wading through the noise to figure out which tools are overexaggerated AI-washed vaporware and which ones are truly operational, integrated, and trustworthy. Below are some tips for cutting through the hype to find the right AI solutions to help build an autonomous SOC. 

Start with the End Goal in Mind — and Think Big Picture

How do useful AI cybersecurity tools impact operational outcomes, functional goals, and strategic objectives?

Step back and start with the big picture. To avoid “scattergun” AI adoption in the SOC that leads to a flood of AI-generated alerts with no context or prioritization, begin by defining clear AI objectives aligned with your overarching security strategy. Before you dive into the AI vendor pool, take a moment to reflect on your SOC’s practical needs. What are your biggest pain points? Where could AI make the biggest impact? Are your analysts drowning in a sea of alerts? Or are they having to spend too much time on tedious tasks? Prioritize AI solutions that directly address these day-to-day challenges.

“I believe the successful use of AI in SOC operations shows up in practical outcomes. With Torq Agentic AI, the answer is ‘yes’ to questions such as: Are analysts happier? Are they sticking around? Do they have time to focus on more interesting and complex investigations? Are MTTM and MTTR lower? Torq Agentic AI extends and enhances our team so it can make better decisions more quickly — resulting in stronger security all around.”

– Mick Leach, Field CISO, Abnormal Security

Leverage AI for tasks where human limitations — such as fatigue and information overload — lead to inefficiencies. Generative AI-powered AI Agents are adept at tasks involving natural language processing and the creation of logical workflows. This makes AI ideal for automating repetitive, monotonous tasks, intelligently triaging alerts and autonomously handling incidents, and providing real-time insights and recommended next steps to speed up human decision-making. In turn, human analysts are freed up to focus on strategic activities and make faster, more informed decisions, significantly improving overall efficiency and effectiveness.

Think holistically to maximize the value of your investment. One-off AI tools from different vendors can’t add up to an autonomous SOC because they can’t connect security signals across your stack and provide meaningful, context-rich insights. Prioritize investing in a centralized automation platform with enterprise-grade scalability and the ability to integrate with every solution in your security environment. Purpose-built AI Agents for the SOC built on this foundation can work as a unifying force at the heart of your security stack to correlate disparate event data, uncover deep, contextual insights, and accelerate efficiency gains across your security operations.

Stay ahead of threats by keeping up with autonomous SOC advancements. Hyperautomation is now table stakes for Security Operations, demanding platforms with native, fully embedded AI capabilities rather than bolted-on GPT wrappers. Agentic AI,  the new frontier for delivering on the promise of the autonomous SOC, is now a reality. Torq just announced a groundbreaking Multi-Agent System for security operations with specialized AI Agents that collaborate, plan, and reason to autonomously analyze and resolve security threats. 

“SecOps organizations that adopt GenAI-based Hyperautomation will benefit from the most advanced LLMs ever, enabling analysts to auto-analyze more events and identify novel threats at the beginning of their cascade of potential impact, rather than after they’ve had a chance to create serious damage. GenAI will also further democratize SecOps, so employees at all levels are able to deploy, manage, and monitor Hyperautomation systems.”

– Leonid Belkind, Torq CTO and Co-Founder | 2025 Predictions: How GenAI and Hyperautomation Will Reshape SecOps and Threat Landscapes

Tips for Evaluating AI Cybersecurity Tools for the SOC

Establish your evaluation criteria: Given the potential risks associated with AI solutions, careful third-party risk management is crucial.  Collaborate with IT teams, business leaders, and legal to ensure alignment with company-wide AI usage policies. Below are some key considerations when choosing a vendor for AI in the SOC:

  • Flexibility and integration: Make sure the AI solution you choose can easily integrate with your existing security stack and ingest and intelligently transform data in any format. A flexible platform that can adapt to your evolving needs is essential so you don’t get locked in. 
  • Security and privacy: Any solution deployed in your SOC should meet enterprise-grade security standards and have tiers of controls to protect data confidentiality. 
  • Transparency: One of the most crucial elements for building trust in AI is to ensure the model can explain why it made the decisions it made and how it came to the conclusions it did. 
  • Human-AI collaboration: Effective AI Agents in the SOC facilitate a collaborative, back-and-forth relationship with the human analysts they work with, clearly communicating its capabilities and limitations. When encountering roadblocks, the AI should seek human input or validation.

Ask the right questions: Overexaggerated,  misleading, and outright false claims about AI capabilities are all too common. We’ve got a list of 40 questions to help you understand a vendor’s AI capabilities, integrations, and more, such as:

  1. Is all customer data encrypted in transit? Is stored data encrypted on disk? Is data stored in vendor data centers or only in memory? 
  2. What countermeasures does the solution have in place to prevent AI hallucinations?
  3. Does the system keep immutable records of all inputs and outputs for AI-driven actions?
  4. Does the solution have robust and versatile role-based access controls? 

Refine your shortlist: Use your evaluation criteria to narrow down your list of potential vendors. Consider factors like cost, features, and vendor reputation. Conduct thorough research and request demos from your shortlisted vendors. 

Test before you invest: The proof of whether an AI solution is vaporware or truly operational is in the POC. Ask for demos and conduct a proof-of-concept for a key use case to see the AI solution in action in a controlled environment. Pay attention to the scalability, ease of use, and overall performance. 

Consider long-term partnerships: Build strong relationships with vendors who can provide ongoing support and innovation. Ask about their AI product roadmap.

40 Questions to Ask AI SOC Vendors

To help you sharpen your evaluation of AI solutions for the SOC, we’ve put together this list of 40 critical questions to ask vendors. Cut through the noise of “AI-washed” marketing and dig into the AI’s operational and integration capabilities to ensure you get real value.

Get the List
Share

Related Articles

See Torq in Action

Get a demo to see how Torq helps you harness AI in the SOC to detect, prioritize, and respond to threats faster.

Is your security team ready to automate more, faster?