Torq for MDR: Increase Margin and Onboard Customers Faster
By Torq
November 29, 2023
3 Minute Read
Managed detection and response providers (MDRs) are at an inflection point. They previously relied on legacy SOAR to secure their customers. But SOAR solutions struggle to keep up with the evolving and maturing threat landscape, and were not designed to scale into cloud environments.
As a way to break free from SOAR’s shortcomings, MDRs are turning to hyperautomation.
Increased margin: Automate more components in your alert investigation, analysis, and response, and handle security events more efficiently with less human involvement.
Faster customer onboarding: Automate customer onboarding and ramp-up, share workflows and use cases across customers, and automate in multiple environments.
Limitless integrations: Integrate with every tool within your customers’ security stacks to increase business value and widen total addressable market.
Torq for MDR is a significant evolution from legacy SOAR, and gives managed detection and response providers the ability to perform up to 90% of Tier-1 case analysis tasks with an autonomous agent; 10 times faster onboarding and provisioning of new customer environments, and the ability to handle 5 times more security events without adding headcount.
Regarded analyst firms IDC and GigaOm have both noted that hyperautomation is leading the shift away from legacy SOAR solutions and signaling the future of security automation. And one of the country’s largest MDRs, Deepwatch, recently announced it has standardized on Torq Hyperautomation. Ten other MDRs, such as SentinelOne Vigilance and Compuquip, have also joined the Torq for MDR program.
“With Torq Hyperautomation, we are significantly increasing productivity and efficiency, ensuring that our customers gain better evidence, analysis, and control over their cybersecurity, while staying protected from external threats and operational risks,” said Charlie Thomas, CEO, Deepwatch.
Torq Hyperautomation empowers MDRs to provide more value to customers to increase stickiness and reduce churn, while increasing SLA attainment. It also streamlines security operations and reduces costs by consolidating tooling and effortlessly integrating disparate tools managed by different teams for increased efficiency. At the same time, Torq Hyperautomation automates workflow management across an MDRs’ entire customer base, with the added flexibility of fine-tuned customization.
Torq also gives MDRs no-code, low-code, and full-code support; the ability to automate more processes; accelerated case management with AI; and a scalable, resilient infrastructure, all of which help MDRs improve efficiency and increase margin, while saving costs and scaling service offerings.
Automating Incident Response: Exploring the Latest Conversational AI Tools
By Torq
November 17, 2023
3 Minute Read
Hagai Shapira, Torq’s Director of Product spoke at DeepSec 2023 about different levels of automation approaches for incident response, culminating in the latest additions of conversational AI tools. In this interview (originally posted on DeepSec) Hagai answers questions about his talk and provides key insights on how to leverage AI to streamline incident response processes and improve their overall security posture.
Interview:
Please tell us the top 5 facts about your talk.
Most sec ops teams are still immature when it comes to utilizing automation for their detection and response and incident response procedures.
Powerful automation and efficiency improvements can be achieved without software engineers using modern security automation tools.
Some of the most time consuming tasks in incident handling are tasks that require interaction with other people (employees or users) and waiting for their responses.
Simple primitives for asking questions in messaging platforms are key for enabling many automation use cases.
Recent advancements in LLM models and AI agent architectures have expanded the realm of what is possible to automate, including most Tier-1 level cases in day-to-day SOC operations.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
This talk is based on my experience and work with security teams over the last three years in automating their incident response. However, my exploration into use cases for the latest top-of-the-line LLM models and how AI agent architectures, such as ReAct, can be used for security automation, has driven the most recent and exciting frontiers in this field and are the focus of the talk.
Why do you think this is an important topic?
There are several reasons why this is an important topic. Firstly, the workload of security operations teams has significantly increased over the past few years due to the proliferation of security tools and sensors that they need to monitor, as well as the sheer volume of data and alerts these tools generate. Secondly, it has become increasingly difficult to hire qualified security professionals, exacerbating the problem. Given these challenges, automating security operations is the only rational solution to alleviate the burden on security teams.
Is there something you want everybody to know – some good advice for our readers maybe?
If there is something I’ve learnt from my three years trying to automate the world of security operations is that there is no magic behind it. You cannot expect a magical solution to solve all your problems. However, if you invest resources and prioritize automation, you can achieve returns and efficiencies that would be impossible to achieve otherwise.
A prediction for the future – what do you think will be the next innovations or future downfalls for your field of expertise / the topic of your talk in particular?
I definitely look forward to seeing even more improvement in the performance of LLM models, solving some issues they still suffer from like hallucination, and a reduction in the cost of completions. These changes and improvements will surely be key in seeing even more use of LLMs in automations, in more complicated investigations and at a scale that is required for supporting some of the bigger organizations in the world.
What does that mean? It means that your monitoring point products, like legacy SOAR, just don’t cut it any longer. They can’t scale in today’s hybrid cloud and multi-cloud environments without piling on more tools, further fueling tech stack sprawl.
The report notes that SOAR, SIEM, XDR, and EDR were conceived as on-premises solutions and security’s shift left – the idea that security begins at the time of code development – was not considered. This creates an inherent inability to scale. Additionally, the tools are often too complex and their effectiveness has dwindled in today’s modern, often cloud-based, security environments.
“No matter how you slice it, the cybersecurity platform strategies of today are holding on by a narrow margin. Too many processes are still being done manually,” IDC Research Vice President, Security & Trust Products Christopher Kissel writes, later adding, “Without continually adding new point products and appliances (which also take time to install), none of the current detection and response platforms are going to scale no matter how experienced or disciplined a security operations team is. “
But all is not lost. Hyperautomation and its many benefits can help pull enterprises out of the legacy point product pit of despair.
Visibility and control of the heterogeneous network real estate, and all environments and for all processes and role players.
The ability to predict security gaps, proactively assess the network, and ultimately secure the network.
Proper contextual awareness including more than security logs (firewall, NetFlow, antivirus, etc.), and integration fabrics
Automation of everything that can and should be automated
Extensible capabilities using no code, low code, or full code with potential leveraging of generative AI to automate even more tasks.
How does that stack up against legacy SOAR? Here’s IDC’s breakdown:
According to the IDC report, hyperautomation is proactive, where legacy SOAR is reactive; hyperautomation connects devices, clouds, containers, and processes, where legacy SOAR connects devices; hyperautomation delivers enterprise-grade extensibility, where legacy SOAR offers connectivity only as strong as the sum of its APIs; and hyperautomation matches the resources needed for outcomes, while legacy SOAR has to either be over- or under-provisioned.
And when it comes to hyperautomation, Torq is leading the charge.
“The Torq hyperautomation approach is more comprehensive than what is offered in contemporary cybersecurity tooling,” the report states, adding “ Torq provides an end-to-end visibility, prevention, and detection application that entails the entire digital estate of a business.”
And it didn’t take long for the industry to catch on. Leading analyst firm GigaOm in its recent GigaOm Radar report named Torq a leader and an outperformer in the security automation market, namely for our hyperautomation capabilities that legacy SOAR just can’t touch. And our competitors have also started jumping on the hyperautomation bandwagon since we shifted our focus to this model.
While SOAR was innovative and effective nearly a decade ago, it has become stagnant and beleaguered by its inherent complexity, management overhead, and high costs. Security pros have neither the time, the resources, nor the money to throw at legacy SOAR.
Enter hyperautomation.
An ‘Outperformer’
Let’s hear it directly from the source.
In the report, GigaOm praises Torq for our “extensive feature set” and “impressive portfolio of customers.” And beyond that, the firm gave Torq top marks across many of its key criteria, including case management and collaboration; automated alert prioritization; triage and curation; autonomous operations; and validation and red teaming.
GigaOm gave Torq Socrates, our just-announced Tier-1 analysis AI Agent – the first in cybersecurity – a nod for its use of AI to hyperautomate key security operations activities, like alert triage, contextual data enrichment, and indecent investigation, escalation, and response.
“Torq offers autonomous operations features for both the workflow design process and the workflow run time of processing security events,” the GigaOm report states. “Design-time capabilities consist of assistive development of automated processes, such as summarization for successful collaboration, improvement, development co-pilots, and the like. Run-time capabilities consist of data enrichment and data-driven suggestions to assign specific teams or analysts based on their profile, ownership, and history, and to recommend investigative steps to help understand the issue and containment actions that can help stop the negative effect and allow remediation as part of a process to resolve the issues completely.”
Additionally, the firm dubbed Torq’s Case Management as “exceptional” in how it hyperautomates security signal detection, streamlines decision making, and automatically
“For case management and collaboration, Torq offers a built-in case management system developed in-house and integrated with the solution’s event-driven architecture and security automation capabilities,” the report states. “Torq also offers out-of-the-box bi-directional integrations with leading case management systems such as ServiceNow, Jira, and Zendesk, as well as communication platforms like Slack, Microsoft Teams, and Cisco WebEx. Torq supports in-the-platform virtual war rooms as part of its case management, and its multi-workspace architecture and granular RBAC can involve multiple teams across organizational disciplines: security, IT, engineering, business lines, and human resources.”
It’s clear through GigaOm’s latest report that Torq Hyperautomation is helping organizations overcome the limitations and challenges of legacy SOAR and empowering security pros with solutions that take out the complexity while also freeing up their time and budget for meatier projects.
The GigaOm Radar report confirms that we’re on the right path in our unwavering commitment to hyperautomation and our quest to make it as easy as possible for enterprises to fortify themselves against cyber threats without sacrificing protection.
Download the full GigaOm Radar report now and read how hyperautomation is shaking up the sluggish SOAR category. And try Torq Hyperautomation for yourself: https://torq.io/demo/
Solving the Integration Problem at Scale: How Torq Connects With Any Tool Using Hyperautomation
By Hagai Shapira, Director of Product
September 21, 2023
8 Minute Read
Setting up your security tools to work together seamlessly is often easier said than done, leading to time-consuming tasks and potential security gaps, especially without the proper tools. You must have both the ability to connect to any product, using APIs, CLIs or proprietary protocols, and do that in a simple no-code manner, without having to know the ins and outs of each technology. Without these, the ability to quickly automate is greatly diminished – as in legacy SOAR products.
Torq hyperautomation solves that by providing a powerful automation engine and a true no-code step creation ability. This combination empowers you to connect and work with any other product or tool in your security stack and, right out of the box, to create near-limitless automations. Torq also provides a fast-growing library of official integrations and automation actions that feature any of your products, both legacy and new, right when you need them.
Scalable orchestration platform to support your event loads and computation.
Simple language to create this automation.
Great connectivity and integration with your entire security stack, across multiple cloud and on-prem environments.
As the cybersecurity ecosystem is ever-evolving and most security organizations adopt several new tools each year, meeting all three of these requirements can be exceptionally challenging. Maintaining an up-to-date library of integrations for the latest tools, plus easily onboarding new tools required, becomes a major undertaking.
How legacy SOAR attempts to solve it, and why that doesn’t work
Legacy SOAR is renowned for having poorly addressed this last problem of connecting to any tool quickly. Integrations in legacy SOAR products are based on building dedicated code modules for every single new product you interact with. This requires specialized software developers to build these integrations, making it an expensive, slow, and time-consuming effort to develop in-house. Waiting for the SOAR providers themselves to integrate new tools would take many months or years until that specific integration was completed. Integrating any homebrew or internal system is out of the question unless you have dedicated software development resources for this purpose.
Example code snippet to establish rudimentary connectivity to a third-party application
How newer no-code tools attempt to solve it, and why that also doesn’t work
After the frustration with legacy SOAR products’ difficulty integrating with new platforms, a host of newer, no-code tools emerged. They claim to integrate with any product without any integration-building required.
This is based on the assumption that most products today provide some HTTP-based APIs available to interact with. Then, these no-code tools provided a Postman-like experience for creating HTTP calls.
Example Postman HTTP call
Though this approach is definitely a league more flexible than the legacy SOAR pace, at scale, it often fails. Enterprises try to integrate with systems that don’t provide any clear HTTP APIs. The ability to integrate with proprietary protocols, perform remote RPC calls, or even run a small script is often the last crucial piece in building a full enterprise-grade automation process. Plus, requiring users to build their own HTTP calls for every action on every product has become a burden on the security operations team.
Instead of focusing on automating their processes, analysts are forced to be experts in the specificities of each of the APIs of their security tools. They must stay up to date with any changes in the APIs of these ever-evolving tools, otherwise, the connectivity often breaks, preventing automations from running. With no-code, the responsibility to maintain these HTTP calls falls on the shoulders of the security team instead of on the no-code automation tool itself.
Sampling of Torq’s ever-expanding pre-built integrations that are managed and maintained by Torq to provide the latest functionality without breaking your connectivity.
How Torq solves the content problem – Orchestrating any containerized logic
The understanding that an automation platform should be able to orchestrate any kind of technology, both new or legacy, was in our minds from the very first days of developing Torq’s hyperautomation platform.
This principle was introduced into our product design goals and led to the decision for a step in Torq to be any kind of containerized logic. Containers have become the ubiquitous technology for shipping and deploying software and the orchestration of each kind of logic, and even executing it in different environments, means that Torq can support communicating with any kind of tool in an organization’s security stack over any kind of technology. This can range from the latest HTTP-based API, a proprietary database protocol, any command line interface (CLI), or even a homebrew system, using the ability to bring your own containerized logic and run it from the same simple, no-code UI.
Example of Torq connecting to systems via webhook, SSH with embedded commands or scripts and HTTP-based API requests
How Torq solves the content problem – Calling any HTTP API and making it a no-code step with flexibility
While having the ability to run any container and CLI command from a single interface is extremely powerful, today, most security products expose an HTTP-based API (REST or GraphQL) to allow integrating and communicating with them. InTorq,q you can quickly call any of those products using the “Send an HTTP request” step. This step exposes a simple UI to model any type of HTTP call, with any authentication required, and built-in support for OAuth and JWT auths, just like the Postman app. It even automatically translates a cURL command, available from many API references, to the proper fields in the step, making connection with new API-driven products a breeze.
How Torq solves the content problem – Create new content at scale using Torq’s step builder to drive hypergrowth of no-code integrations and steps
Having the ability to easily create HTTP API-based steps is significant for quickly connecting with new tools and never having to stop automation building. Messing around with raw HTTP mode isn’t that useful over time and is a lot more complicated for new team members who want to use true no-code steps. This is exactly why we developed the Torq step builder. A simple builder that takes your raw HTTP steps and turns them into true no-code steps, complete with the appropriate parameters, descriptions, and examples on how to operate the specific step you’re building. Torq eliminates the complexities of formatting JSON and handling the authentication for a specific API. These custom steps can be saved to your workspace’s custom step library, and shared with your team members to enable them to build further automations with no-code simplicity.
To create new steps and content, there’s no need to start from scratch each time. Torq allows you to take any API-based step from the Torq public library and switch it over to its raw HTTP mode. You can then modify it to fit any specific need or requirement, like adding new optional parameters, updating API paths, or making any other changes, and convert it back into its fully no-code parameterized form. These new versions of steps can again be saved to your custom steps library. Should you choose to share them with the entire Torq user community, they can also be published to the public step library.
Torq’s step builder which allows building true no-code steps from HTTP based steps.
Torq’s content team and technical partners use precisely this method to expand Torq’s public step library. They build Torq steps with Torq’s step builder, test them by using them in automations, and finally, after validation, publish them. By having these extremely quick building and testing processes, in-app, new content in Torq can be published within hours instead of weeks and months in legacy SOAR systems, all while providing a mature content management system, complete with seamless content updates, notifications, and tracking for changes.
Conclusion
Torq has reimagined the approach to security automation by focusing on security hyperautomation and seamless content creation, unlike legacy SOAR solutions that necessitate specialized software development skills to achieve simple integrations. Torq provides an extensible platform that leverages containerized logic and an extensive, user-friendly library of no-code steps to get you automating in minutes. Our approach frees your security analysts from the constraints of needing to become API experts and instead lets them focus on what matters most: securing your organization and digital assets.
Want to learn more about how Torq can dramatically enhance your security workflows so you can stay ahead of emerging threats? Test drive Torq Hyperautomation, here: https://torq.io/demo/
Redefining Cybersecurity Operations: The Power of Torq’s Workflow-Centric Case Management
By Dor Morgenstern, Senior Product Manger
September 7, 2023
7 Minute Read
Cybersecurity is a landscape forever in motion, an arena where threats evolve at an alarming pace. The tools we employ to counter threats should match this pace and anticipate the unforeseeable. Still, a chasm exists where tools are not keeping up with the changes, particularly regarding case management.
I’m Dor Morgenstern, lead PM for Case Management at Torq. With a background rooted in cybersecurity, I’ve seen firsthand the evolving challenges that security operations face. In this blog, I aim to shed light on the transformational power of workflow-centric case management and how it addresses these challenges head-on.
The Sunset of Legacy SOAR Solutions
From their start, case management and SOAR solutions carried the promise of transforming cybersecurity operations. They introduced playbooks, welcoming an era that promised seamless automation and rapid response to threats. On paper, they’re the perfect solution.
But the reality has been disappointing. Instead of simplifying the security process, these platforms layer automation onto existing ticketing or case management solutions. Like placing a new engine in an old car chassis–it might run faster, but it still can’t navigate the modern digital highway efficiently.
Legacy SOAR gives people clunky configuration panels resembling aircraft cockpits. Analysts and SOC architects are forced to mentally sift through a mess of switches, knobs, and redundant options. Instead of enabling rapid response, the tools become a stumbling block. More often than not, critical response actions get delayed by the sheer complexity of the tool meant to streamline them. SOAR is not alone in this complexity problem, of course, as Ross Haleliuk pointed out in a recent blog:
“…every product today has hundreds of configurations, options, and knobs that security practitioners need to turn a certain way to achieve a particular outcome.”
That’s where workflows come into play.
The Intuitive Power of Workflows
At the heart of this new paradigm shift in cybersecurity lies the idea of dynamic workflows. Instead of getting bogged down in static configurations and limited predefined settings, why not design a system that evolves and adapts on the fly?
Workflows act like dynamic decision trees, charting a course through the complexity of security incidents. They are inherently flexible, allowing for real-time adaptation based on the unique characteristics of each security event. Teams are no longer forced to stick to a rigid script; instead, they can navigate the ever-changing terrain of cybersecurity threats.
Simple, drag-and-drop interface that you can create complex no-code workflows.
The distinction between legacy configuration panels and workflows is clear– where configuration panels are static, workflows are dynamic. Where panels force users into a one-size-fits-all mold, workflows adapt and mold themselves around the unique life cycle of each case. Workflows breathe life into the cybersecurity process, transforming it from a static chore into a dynamic dance of defense.
Torq’s Hyperautomation: A New Dawn in Cybersecurity
Our approach at Torq is a game-changer in case management. Instead of bolting automation onto dated case management systems, we’ve designed our case management system as an integral part of a powerful no-code automation foundation, ditching the messy bolt-on experience most SOC teams struggle with for an organically embedded case management process. What does this mean in practical terms? Let’s break it down with some clear examples:
1. Dynamic Case Tailoring: Consider a scenario where suspicious activity is detected from a list of IP addresses. With traditional systems, you might be constrained by pre-defined case layouts and parameters. With Torq, the case can be dynamically modified on the fly using workflows (i.e., surfacing relevant information or even remediation workflows as quick buttons to the case), adapting to intel as it comes in.
Automatic alert triage and investigation mapping malicious IP address activity to MITRE ATT&CK framework techniques with intelligent automatic investigation and remediation workflows
2. Intuitive Workflows Over Configuration Panels: Torq liberates SOC architects from sifting through overwhelming configuration panels. Want to add a new data enrichment step? Simply tweak the workflow. It’s as straightforward as connecting a new step in a visual editor, without a single line of code.
Drag and drop simplicity of connecting steps in a visual editor.
3. Automated Remediation Built-In: Remediation isn’t an afterthought; it’s part of the process. If the case’s workflow identifies a malicious email, it can automatically initiate remediation steps, like isolating affected systems or revoking email access, all within the same case environment.
4. Intelligence at Your Fingertips: Traditional SOAR systems separate threat intelligence from case data, requiring teams to hop between different platforms. With Torq, observables and indicators of compromise (IOCs) like IP addresses and file hashes are first-class citizens, easily accessible and actionable within the case.
Automatic analysis of IP address reputation with the attack origin locations and contextual information allowed with the associated tactics, techniques, and procedures from third-party threat intelligence information.
5. Lifecycle Triggers for Contextual Actions: The dynamic nature of Torq empowers SOC architects to set up triggers based on case milestones. For instance, when a case moves to the investigation stage, a workflow could automatically pull in additional forensic data, notify team leads, or modify the case’s layout as it evolves.
The numerous and varied case management triggers that can be customized to meet your organization’s needs.
The power of automation is harnessed when it’s organically embedded into the case management process, not slapped on as an afterthought. This provides a more cohesive and efficient system for handling security events.
Our emphasis is not on rigid configuration panels that can stifle response flexibility. Instead, Torq’s system is designed to harness the full potential of dynamic workflows. We empower analysts and architects to craft unique response strategies tailored to specific threats and organizational needs. Security professionals are not restrained by the limitations of their tools. With Torq, they are free to innovate, adapt, and respond with unparalleled precision.
The Torq Difference: Dynamic Control Across the Lifecycle
Another thing that sets Torq apart is the degree of control we’ve built-in throughout the case’s lifecycle. In traditional SOAR platforms, playbooks–though groundbreaking for their time– are often employed merely as remediation tools. Torq’s approach is more holistic. Every stage, from detection to analysis and finally to remediation, can be steered by dynamic workflows. This ensures that the system is always in tune with what’s occuring in a case, leading to spot-on accuracy and timely responses.
Furthermore, Torq’s platform eliminates the need for redundant back-and-forth between separate systems. Integrating no-code automation into the fabric of case management means that every action, automated or manual, is executed within a unified environment. It’s a symphony orchestra where every instrument, no matter how disparate, plays in perfect harmony.
The Future of Hyperautomation is Here
We’re at a turning point in cybersecurity. On the one hand, threats are multiplying and evolving at a pace that’s hard to keep up with. Conversely, the tools and systems at our disposal are often found wanting. But with Torq’s innovative approach to case management, the tide is turning.
By placing powerful hyperautomation at the heart of our platform, we’ve ushered in a new era in cybersecurity operations that prioritizes agility, precision, and efficiency. Legacy SOAR platforms had their moment in the sun. As the landscape changes, so must our tools. Torq is lighting the way to a safer, more secure digital future in this fast-changing arena.
Want to learn more about how Torq can dramatically enhance your security workflows so you can stay ahead of emerging threats? Test drive Torq Hyperautomation, here: https://torq.io/demo/
Every investment in SOAR is accompanied with the hidden costs of onboarding and troubleshooting. The licensing structure SOAR brings to an organization is outdated and overpriced. The value of SOAR drastically declined when it transitioned its primary focus from being a force-multiplying automation solution to a glorified ticketing system still requiring countless professional service hours. In fact, 90% of security professionals claim that their SOAR needed upfront investment to build automation workflows and response playbooks.
Here are 5 hidden costs of SOAR no SecOps professional can afford to ignore:
1. Initial setup and implementation costs
SecOps is routinely shocked by the astronomical professional services and deployment costs SOAR involves. In contrast, Torq users experience a 10X+ operational and productivity boost just weeks after deployment. From day one, organizations can enjoy serious ROI via Torq’s cost savings by maximizing team productivity and process effectiveness with the Torq Insights dashboard. It granularly measures time savings and operational efficiency for total visibility into the hyperautomation platform’s impact.
2. Ongoing maintenance and support for self-managed infrastructure
As organizations adapt and calibrate their SOAR platforms, they discover the need for continuous monitoring, troubleshooting, and adjustments to ensure peak efficiency and adaptability for evolving threat landscapes. Simply put, the greater the maintenance required, the greater the price tag.
3. Hiring personnel and expertise
Qualified SecOps professionals are getting scarce. They’re in demand and the competition to secure them is severe. This is compounded by existing SecOps teams that are understaffed and burning out. All Torq customers benefit from dedicated technical experts that help organizations achieve their automation goals at no extra cost. Say goodbye to surprise consulting bills that cost more than the automation solution.
4. Cost of custom development required on top of SOAR
What SOAR solution providers fail to disclose is the additional set of expenses necessary to provide custom development. Organizations with a SOAR often find themselves needing customized solutions to align the system with their unique operational requirements and existing security stack.
5. Expensive reconfiguration of inflexible playbooks and workflows
In an effort for organizations to be agile in combating security landscape changes, automation sequences set in an organizations SOAR platform are often not up to par for addressing the complexities of today’s threat landscape. If organizations fail to adapt, they could face delayed response times and decreased agility.
It’s Time to Break Up With Your SOAR…
Seriously, stop settling. There are no strings attached or hidden costs with hyperautomation. The choice is clear. Hyperautomation’s radically different approach delivers a much better correlation between price and value. Need more reasons to ditch your Legacy SOAR? Download our Manifesto to learn exactly why SOAR is Dead.
SOAR was never built for hybrid cloud adoption at enterprise scale. SOAR’s complexity, critical operational holes, and technical limitation, make the fatal flaw sinking your organization’s ship. If you’re still using outdated Legacy SOAR, it’s time to make the switch TODAY.
You don’t need to be a developer or experienced security professional to create powerful workflows in minutes with never-seen-before efficiency. The solution is powerful enough for the most complex threat responses, yet easy enough to deploy with a drag-and-drop interface. Unlike legacy SOAR solutions, multiple teams can eliminate repetitive security tasks with automations that can be created in minutes.
2. Extensibility
With Hyperautomation, you can empower your organization beyond security by connecting to collaboration, communication, infrastructure applications, and more. Whether it’s on-prem on in the cloud, Torq provides near-limitless connectivity to any system in your stack.
3. Enterprise-Grade Architecture
Torq is cloud-native, built on secure, zero-trust architecture, with elastic, horizontal scalability with flexible SLAs. It provides enterprise-grade immutable activity and audit logs to meet the most stringent compliance requirements, as well as granular scope, and role-based access control.
4. Real ROI, Productivity, and Cost Savings
From day one, organizations can measure Torq’s cost savings by maximizing team productivity and process effectiveness with the Torq Insights dashboard. It granularly measures time savings and operational efficiency for total visibility into the hyperautomation platform’s impact. With Torq Hyperautomation, you’ll receive 10X+ operational and productivity boost just weeks after deployment.
5. Intelligent Case Management with Automated Contextual Resolution
Torq transforms large numbers of security events and signals into contextually-enriched cases, ordered by severity, priority, and field of ownership. It then orchestrates the analysis and remediation of security cases by centrally tracking all relevant activities and decisions, accelerating the detection, analysis, and response of security issues, freeing up significant analyst time to focus on strategic activities.
6. No Costly Professional Services
All Torq customers benefit from dedicated technical experts that help organizations achieve their automation goals at no extra cost. Say goodbye to surprise consulting bills that cost more than the automation solution.
7. Connect Every App and Stack
You never need to punch holes in your firewall for VPN services or reverse proxies. Torq uses zero-trust containerized agents to make outbound-only connections for on-premise connectivity.
8. Integrate Anything. Automate Everything.
Gain vast flexibility to expand use cases with capabilities such as SSH, PowerShell, SQL, Python, BASH, Kubernetes, AWS, GCP, Azure CLI, or other scripting or programming languages. Run multiple scripting languages concurrently within automation workflows.
The Writing’s On The Wall…SOAR is Dead
Simply put, your SOAR is hindering your organization. Hyperautomation equips your organization for the demands of modern cybersecurity.
We’re just getting started… The SOAR is Dead Manifesto has the details on exactly why SOAR has been put to rest.
SOAR is dead. At first glance, that might be a bold statement, but the writing’s on the wall. While SOAR may have been a thing in the past, it’s not built for hybrid cloud adoption at enterprise scale. Cue, Torq Hyperautomation.
Lack of connectivity with ever-expanding tools = red flag. The traditional SOAR operating model is slow and inflexible. Legacy SOAR is built upon an outdated architecture that can’t meet the hyperconnectivity and scalability to address modern threats. Guess what? Torq Hyperautomation not only allows you to create workflows in minutes, but it allows you to do it without professional services.
SOAR is Purely Reactive
You can’t be ahead of modern cyber threats if you’re a half a step behind. It’s not enough to just automate tasks around incident response, organizations need a solution that prevents incidents happening in the first place. Hyperautomation performs proactive, automated tasks like regular vulnerability assessments, configuration reviews, contextual threat intelligence, user behavior and insider threat monitoring, and threat hunting that prevent incidents while providing incident reports. Simply put, Hyperautomation allows you to stay ahead of the curve, SOAR keeps you a part of the pack.
Limited Events Processing
Pre-configured responses are a thing of the past. SOAR was built as a standard monolithic architecture, in which the entire application is deployed as a single entity, typically running on a single server or cluster of servers. You can’t teach a dog new tricks. Making SOAR extend beyond these configurations is too time-consuming, costly, and even potentially impossible to complete, as it typically requires the entire environment to be rebuilt and redeployed to upscale the entire system as a whole, instead of individual components.
Narrow and Incomplete Visibility
Lack of visibility? That’s sketchy. SOAR’s lack of a cloud-native architecture means they cannot deliver full visibility into on-premise, hybrid, and public or private cloud environments. Hyperautomation utilizes modern zero-trust containerized agents making outbound-only connections for on-premise environment connectivity.
Hidden Costs
You wouldn’t pay for a Ferrari to get a Prius, so why would you pay more for SOAR? The price tag and value don’t add up. SOAR’s licensing was based on the number of analysts or users in the organization, but that changed when it became a ticketing system, decreasing its value. Hyperautomation’s radically different approach delivers a much better correlation between price and the value received. There are also no hidden costs associated with hyperautomation.
Torq Hyperautomation achieves 10X Faster ROI Compared to Legacy SOAR
Torq Hyperautomation analyzes cyberthreats at scale with unprecedented ease and efficiency, using built-in advanced AI capabilities that SOAR completely lacks.
It Takes a Cybervillage: Torq Collaborates With Team8’s Ecosystem at CISO Summit
By Torq
June 13, 2023
3 Minute Read
Torq firmly believes in Team8’s philosophy that it takes a village to address the escalation in critical cyberthreats. This is why Torq is collaborating with Team8’s vast ecosystem of partners to unleash the most advanced hyperautomation solutions possible, which seamlessly integrate across the Team8 community.
We’re excited to showcase Torq Hyperautomation at Team8’s CISO Summit in Tel Aviv during Innovation Day on June 21. It’s an exclusive gathering for C-level leaders to discuss the evolving role of CISOs, the latest trends and technologies, mutual opportunities, common challenges, and pathways to success.
“The Torq team is really looking forward to taking part in Team8’s CISO Summit, which is bringing together an incredible braintrust of global C-level executives to address some of the most pressing and important topics in cybersecurity today,” said Ofer Smadari, CEO and Co-Founder, Torq. “Torq is delivering significant value to Team8’s ecosystem with our Enterprise-Grade Hyperautomation platform, which is automating the most complex security infrastructures at dramatic scale. We look forward to productive dialogs at CISO Summit that drive effective solutions.”
Here’s what founders of Team8 companies are saying about working with Torq:
“The combination of Talon and Torq enables organizations to maintain robust security across their workforce without impacting productivity. Through the power of Talon’s Enterprise Browser and Torq’s Hyperautomation platform, organizations are able to simplify and improve enterprise security in an extremely powerful way. We look forward to continuing to work together to add joint value for customers.”
– Ofer Ben-Noon, CEO, Talon
“Through our partnership with Torq, Dig Security customers can quickly automate full remediations through a single hyperautomation system to improve overall datasecurity posture, and stop data exfiltration in real time.”
– Dan Benjamin, CEO and Co-Founder & CEO, Dig Security
“Torq and Gem share a mutual vision of transforming cloud security operations. Together, we give customers the tools they need to better automate cloud detection and response, enabling seamless workflows to stop threats faster.”
– Arie Zilberstein, CEO, Gem
“Our integration with Torq allows our mutual customers to benefit from a fully-automated lifecycle on remediating supply chain security findings. It works across multiple organizational units and drives them with human-in-the-loop resolution. Now customers experience faster responses, cutting a lot of time from MTTR and keeping the operation more efficient and secure.”
– Neatsun Ziv, CEO and Co-Founder, OX Security
“IONIX’s remediation Action Items, together with Torq’s flexible hyperautomation workflows, align remediation tasks with the way that security operations actually work. Now, customers can spend less time on routing tickets manually and further reduce their MTTM (Mean Time To Mitigate) exposure across their attack surface.”
– Marc Gaffan, CEO, IONIX
Ready to learn more about how Torq Hyperautomation can transform your organization? Schedule a demo, now!
