Product

What’s New With Torq: September 2024

By Torq
September 6, 2024
4 Minute Read

Contents

The Team at Torq is pushing the boundaries of what’s possible in security automation, and we’re excited to share several new capabilities designed to make security analysts’ lives easier and more efficient:

Introducing AI Case Summaries

Torq AI Case Summaries leverages the power of artificial intelligence to streamline and accelerate your security operations. Imagine this: instead of manually reviewing pages of logs and incident details, your team is presented with a concise, insightful summary of each case automatically generated by Torq.

Here’s how it works:

  • AI-Powered Summarization: Torq AI Case Summary analyzes all the relevant data points associated with a security alert, including logs, threat intelligence feeds, and historical incident data.
  • Instant Insights: Our advanced AI algorithms identify the most critical information and present it in a clear, easy-to-understand summary, highlighting the potential impact and recommended actions.
  • Faster Response Times: Armed with these AI-driven insights, your team can quickly understand the nature of the threat, prioritize incidents effectively, and take decisive action to mitigate risks.

Torq AI Case Summary enables your security team to operate at peak performance. By automating the tedious task of case summarization, AI Case Summary frees up analysts to focus on what matters most: investigating complex threats, hunting for vulnerabilities, and proactively strengthening your security posture.

Learn More

Simplify Form Building with Torq Interact

Need a department head to approve a suspicious travel request? Or perhaps you need a marketing manager to verify the legitimacy of a social media file? Torq Interact empowers security teams to automate approvals and data collection tasks with teams outside the security organization, ensuring a swift and coordinated response to security events.

As customers use Torq Interact to streamline both security team processes and end-user engagement, we continue to find new ways to improve the Interact experience. As of today, four new fields have been added to Torq Interact: 

  1. Date & Time Parameter: End users can easily select specific dates and times within interactions. For example, they can pinpoint the exact date of a thwarted phishing attempt.
  2. Enhanced File Parameter: Users can now upload multiple files simultaneously rather than one at a time. This simplifies the user experience, especially when dealing with unpredictable files. 
  3. Download File Parameter: Now, Torq users can leverage Interact to send files directly to end users for download, either directly or through workflow context. Analysts might be looking for a secure way to send a potentially malicious file to another team member so they can execute it in a sandbox for further investigation. 
  4. Secondary Button: This enables Interact users to add flexibility to their workflows with a secondary button that allows users to submit forms without filling in all required fields, perfect for adapting to various interaction scenarios.
  5. Conditional Elements: The conditional element introduces an advanced logic conditional element to enhance the end-user experience by dynamically presenting questions or information based on live responses, increasing the accuracy of every interaction.

Learn More

Enhanced Data Records with Torq Tables

Security teams are drowning in data. Every tool in your stack generates logs, alerts, and reports. But making sense of it all? That’s where things get messy. Spreadsheets buckle under the weight of hundreds, thousands, millions of rows. Custom dashboards require coding expertise and constant maintenance. You need a way to wrangle your data, not be ruled by it.

Torq Tables is a powerful, flexible way to interact with all your security data, directly within the Torq platform.

Torq Tables Enable You To:

  • Centralize your data: Pull in data from any source – NIST, SIEM, EDR, cloud platforms, and more – into a single, unified view—no jumping between tools and screens.
  • Investigate with speed and precision: Filter, sort, and analyze a significant amount of data in real-time. Uncover hidden threats and patterns that would otherwise remain buried.
  • Automate with ease: Trigger workflows directly from data in tables, responding to threats and anomalies at machine speed.

Torq Tables is now available for all Torq users. Log in to your Torq instance to get started, or schedule a demo.

Learn More

Monitor and Manage Workspaces with Organization Management

Organization Management introduces a new single pane of glass view, simplifying the process for Torq users to monitor usage across multiple workspaces and perform org-level administrative tasks. Additionally, we’ve introduced a new Organization Manager role to grant appropriate stakeholders org-level access while adhering to a least-privilege access approach. 

Learn More

We’re excited to see what security teams will accomplish with these new capabilities. Keep an eye out for future updates as we push the boundaries of security automation!

Share

Related Articles

Hyperautomation Use Cases

A Blueprint for Hyperautomating Your Next-Gen Secure Software Development Lifecycle (SDLC)

By Aner Izraeli
August 26, 2024
5 Minute Read
SDLC automation architecture and blueprint at Torq

Contents

Aner Izraeli is the Chief Information Security Officer (CISO) at Torq. He leads Torq’s cybersecurity strategy with a focus on innovation and resilience. Aner’s career spans over two decades in the cybersecurity field, where he has consistently demonstrated expertise in SIEM/SOC, incident response, and network security. 

At Torq, we’re all about pushing boundaries and driving innovation. But we can’t afford to treat security as an afterthought in our relentless pursuit of speed and creativity. As a lean and agile team, we’re constantly challenged to stay ahead of emerging threats without slowing down our momentum.

In this blog, I break down how we Hyperautomated our software development lifecycle (SDLC) to improve security coverage, reduce friction, and keep our R&D teams shipping fast.

The SDLC Challenge: Balancing Speed and Security

Our software engineering teams manage various components and microservices, each with unique functionalities requiring meticulous threat modeling and vulnerability assessments. Modern software engineering integrates open-source and proprietary libraries, introducing potential security vulnerabilities in individual and shared components across teams.

The primary challenge is ensuring these vulnerabilities are continuously identified and mitigated before they compromise the production environment. Simultaneously, it’s crucial to maintain an environment where teams can continue to innovate and deliver high-quality software without being hindered by security concerns. 

In short, how do we ensure that potential application security vulnerabilities are identified and resolved before they threaten our production environment while empowering our teams to innovate and deliver high-quality software? That’s where SDLC automation and security Hyperautomation come in.

Building Our SDLC Automation Architecture

Our solution started with integrating an Application Security Posture Management (ASPM) platform, which provided complete control over our supply chain and SDLC. This visibility extends across open-source packages, Dockerfile dependencies, and container images — everything from the far-right side of the SDLC. But visibility alone can be overwhelming. 

We needed to take it further by leveraging Torq’s Hyperautomation capabilities. Hyperautomation enabled us to combine no-code workflows, AI-driven orchestration, and system-wide integrations into a single, scalable SDLC framework.

Here’s how our SDLC automation stack works in the context of our Application Security events pipeline:

SDLC automation architecture and blueprint at Torq

Inside Our Hyperautomated SDLC Pipeline

My vision was simple but ambitious: create a seamless, automated SDLC pipeline that transforms how we manage vulnerabilities. Here’s how we did it:

I used Torq’s workflows to categorize and aggregate issues, while centralized case management simplifies investigations for R&D teams. Automation facilitates generating Jira tickets, pull requests, and Slack notifications, keeping teams aligned with daily SLA reminders. This ensures our teams can focus on what matters most — innovation without compromise. 

Below is an illustration of what that automated SDLC flow looks like:

Visual flowchart showing Torq’s SDLC automation process

The SDLC Automation Implementation In Action

When the ASPM flags a new issue, Torq automatically creates a centralized case grouped by severity and category for that specific repository — eliminating duplicate tickets and reducing noise.

Diagram showing Torq case aggregating security issues by severity and category within a repository to streamline R&D workflows.

The case includes a detailed table with affected packages, suggested upgrades, a risk verdict, and direct links to GitHub and ASPM findings.

If action is needed, R&D can trigger a predefined workflow with one click, auto-generating a Jira ticket, a pull request, and a Slack notification, all while staying aligned with SLA requirements.

Table view of ASPM issues in Torq with quick actions to create Jira tickets, PRs, and Slack alerts for SLA-compliant remediation.
Torq interface showing direct PR links and automated change management for SDLC updates by R&D teams.

With enriched data and automated context in hand, our dev teams can patch vulnerabilities quickly. Each remediation follows Torq’s change management and SDLC policies, flowing through peer review and automated deployment like any standard feature or update.

SDLC automation workflow showing peer review and automated deployment of security fixes through Torq’s change management process.

SLA Compliance Made Simple

Automated workflow in Torq tracking SLA deadlines

In line with Torq’s policy, every issue is assigned a severity-based SLA. To ensure timely resolution, a daily automated workflow reviews open cases and notifies each R&D team of their remaining time to address these issues. SDLC automation keeps teams on track, ensuring vulnerabilities are managed effectively without disrupting ongoing development.

That’s the power of SDLC Hyperautomation: fast and repeatable.

When To Implement SDLC Hyperautomation 

Achieving fully automated vulnerability management may sound like an ambitious goal, but it’s essential for the velocity of modern security operations. Within Torq, we strive for a seamless process from detection to merge. Successful SDLC Hyperautomation can become possible when:

  • The vulnerability management program is mature and well-established
  • There are consistent, repeatable actions required for product or software updates
  • The SDLC includes a robust testing process, acting as a safety net to catch any oversights during automation

The Business Impact of SDLC Automation

The result of our efforts was a fully automated vulnerability management process that has revolutionized our approach to AppSec. We’ve slashed remediation times, improved SLA adherence, and empowered our R&D teams to deliver secure, high-quality software faster than ever. Here was the quantitative impact:R&D teams to deliver secure, high-quality software faster than ever. Here was the quantitative impact:

Ready to Hyperautomate your AppSec approach? Torq can help you build SDLC automation workflows that scale, simplify security, and eliminate busy work.

Get a Demo
Share

Related Articles

AI Hyperautomation Insights

Incident Response Automation and Why It’s Critical for Your SOC

By Torq
August 20, 2024
7 Minute Read
Automated incident response powered by agentic AI

Contents

Speed is everything in security. Delayed responses to security incidents can result in the loss of business data, erosion of trust, and significant financial losses. Traditional manual incident response can’t keep pace with today’s threats.

This is where incident response automation comes in. Powered by AI-driven security automation, it allows SOC teams to detect, prioritize, and neutralize threats faster than ever — often before users even know an issue exists.

In this blog, we’ll break down what incident response automation is, why it’s essential, and real-life use cases for modern SOCs.

What Is Incident Response Automation?

Manual incident response relies heavily on human intervention and human reaction time. Analysts must identify the threat, triage, determine its impact, decide on a course of action, execute that action, and document everything — often while juggling dozens of other critical duties. It’s slow. It’s error-prone. And it leaves your organization vulnerable.

Powered by AI, incident response automation enables instant detection and response by automatically identifying and neutralizing threats — often before users even become aware of an issue. It delivers scalability by handling multiple incidents simultaneously across sprawling, complex environments without overwhelming the SOC. It empowers analysts by offloading repetitive, routine tasks, allowing human experts to focus their time and energy on strategic, high-value initiatives. And it drives operational maturity by feeding AI-driven insights back into detection and response processes, improving incident prevention.

Incident Response Automation Defined

Incident response automation utilizes AI-driven workflows and technology to detect, investigate, contain, and remediate security threats without requiring manual human intervention. It replaces slow, error-prone manual processes with real-time, consistent, and scalable actions, dramatically reducing MTTD and MTTR.

Core Components of Automated Incident Response

Tool integration: Seamlessly integrates with existing security tools like SIEMs, EDR, firewalls, and threat intelligence platforms.

Scalability: Automated responses allow SOCs to handle more incidents without increasing headcount or operational costs.

Consistency: Uniform execution of best-practice-driven response actions reduces risk and ensures predictable outcomes.

Flexibility: Retains human oversight, allowing analysts to intervene or supervise as needed.

Alerting and detection: Real-time, automated detection reduces delays, ensuring immediate response.

Incident prioritization: Automated systems categorize incidents by severity, helping teams focus resources efficiently.

Remediation: Predefined automated actions such as quarantining compromised systems, blocking malicious IPs, and applying patches.

Reporting and post-mortems: Automated documentation simplifies root cause analysis and improves future responses.

Why Manual Incident Response Falls Short

Traditional manual incident response often suffers from:

  • Slow response times: Manual investigation wastes precious time during an active attack.
  • Inconsistency: Human error introduces risk at every step.
  • Alert overload: SOCs are overwhelmed by alerts. Manual triage is not sustainable.
  • Resource constraints: Manual processes are resource-intensive and don’t scale efficiently.

Automated incident response solves all of this. It scales with increasing volume, enforces consistency, and frees up your team’s time and energy to focus on strategic security initiatives.

Benefits of Automated Incident Response

Implementing automated incident response delivers clear advantages:

  • Rapid response: Significantly reduced MTTD and MTTR
  • Improved accuracy: Elimination of manual errors through standardized workflows
  • Reduced alert fatigue: Intelligent prioritization and handling of alerts
  • Cost efficiency: Optimized resource allocation and lowers operational costs
  • Enhanced compliance: Documentation and consistent actions facilitate regulatory compliance

Examples of Incident Response Automation

Here’s how incident response automation plays out across different attack scenarios.

Phishing Attacks

When a phishing email bypasses perimeter defenses and lands in an employee’s inbox, time is of the essence. Automated incident response detects indicators like suspicious URLs, anomalous user behavior, or credential harvesting attempts. The automation system instantly isolates the affected inbox, revokes access to compromised credentials, removes the phishing email from all mailboxes, blocks the sender, and notifies impacted users.

Malware Containment

If malware is detected on an endpoint,  automated workflows instantly disconnect the infected endpoint from the network, trigger forensic scans, kill malicious processes, and initiate recovery steps — containing the spread before it can escalate.

IAM Security

Identity and Access Management (IAM) is a prime target for attackers. Automated incident response continuously monitors for unusual login patterns, privilege escalation, dormant accounts, and policy violations. Upon detection, automation can instantly disable user accounts, enforce password resets, revoke elevated privileges, or require multi-factor authentication (MFA). 

Cloud Detection and Response

Cloud security automation monitors cloud environments for misconfigurations (like exposed storage buckets or open firewall ports). Upon detection, the system automatically isolates compromised assets, reaches out to the correct owners, executes remediation, and minimizes damage before analysts need to step in.

How to Automate Incident Response with SentinelOne and Torq

One of Torq Hyperautomation™’s greatest strengths is its ability to integrate with virtually any security tool. We team up with leading platforms like SentinelOne to create seamless automations that simplify SOC workflows, eliminate manual grind, and dramatically improve incident response times.

Here’s how Torq and SentinelOne combine forces to bring autonomous incident response to life:

1. Auto-Enrich SentinelOne Incidents with Intezer

Torq continuously polls SentinelOne for any unresolved threats. It extracts file hashes from those incidents and queries Intezer for threat intelligence enrichment. The results from Intezer are posted directly into the SentinelOne incident notes.

At the same time, Torq launches a Deep Visibility query to determine the extent of the threat across your environment. If Intezer flags a file as malicious or suspicious, Torq automatically prompts your SOC team in Slack to decide whether to launch an Intezer Live Scan. If the team answers yes, Torq remotely installs the Live Scan agent, runs the scan, gathers the results, and updates both the Slack channel and the SentinelOne threat notes.

2. Threat Hunt for SHA1 Signatures Across SentinelOne Endpoints

Torq enables rapid threat hunts that can be triggered directly from Slack. When a SOC analyst sends a Slack command containing a platform and a SHA1 file signature, Torq initiates an immediate threat hunt.

Torq adds the file hash to the SentinelOne blacklist and launches a Deep Visibility query to find all instances of the file across your managed endpoints. It identifies and notifies endpoint owners by integrating with Jamf or Intune. Torq updates the relevant Slack channel and then triggers a full disk scan on any affected endpoints to eliminate threats promptly.

3. Enrich SentinelOne Findings with Advanced Threat Intelligence

Torq enhances SentinelOne incident analysis by layering in threat intelligence from VirusTotal and Recorded Future. Torq regularly polls SentinelOne for newly detected threats. For each threat, Torq extracts relevant file signatures and queries VirusTotal and Recorded Future for enrichment data, including reputation scores, malicious behavior indicators, and associated threat actors. This context is automatically added to the incident notes within SentinelOne.

Torq can also run a Deep Visibility query for additional results associated with the same file hash, ensuring SOC teams have complete situational awareness without lifting a finger.

Incident Response Automation with Torq

Torq transforms the way SOC teams do incident response. Our platform empowers organizations to:

  • Deliver faster, more accurate automated incident responses without requiring major increases in staffing.
  • Automate repetitive tasks while maintaining human oversight when needed.
  • Enable analysts to focus on strategic initiatives that harden security postures, rather than burning out on alert triage.
  • Socrates, Torq’s OmniAgent, coordinates specialized AI agents that autonomously handle enrichment, investigation, containment, and remediation.

Torq Hyperautomation makes it easy to deploy integrated incident response automation across your security environment. Let Torq automate your incident response — and everything that comes with it.

See how to generate a Torq workflow in seconds to automate incident response.

Read More
Share

Related Articles

Insights

No-Code Security Automation vs. SOAR Tools

By Torq
August 13, 2024
4 Minute Read
Learn how no-code security automation software stacks up to SOAR tools and AI-driven Hyperautomation.

SOC teams have been on the hunt for ages for a way to automate manual, repetitive tasks and workflows. SOAR was intended to streamline security workflows — however, legacy SOAR tools have long since been called “obsolete” by Gartner due to their reliance on excessive customization and scripting. 

That’s why legacy SOAR is being abandoned by SecOps teams in favor of no-code security automation solutions, particularly the new gold standard for today’s modern SOC operations — AI-driven Hyperautomation and the autonomous SOC. 

Let’s break down how these security automation software solutions compare.

What are SOAR Tools?

Legacy Security Orchestration, Automation, and Response (SOAR) tools were designed to help security teams centralize and automate security operations through playbooks. SOARs were developed to solve many of the problems associated with security incident and event management (SIEM) platforms, the old standby tool for security engineers.

However, SOAR tools suffer from limitations such as rigid architecture and a heavy reliance on custom scripting and coding, hindering their ability to integrate with the modern security stack and adapt to evolving security needs.

Learn why SOAR is dead >

What is No-Code Security Automation?

No-code security automation refers to tools that anyone — not just security engineers with coding expertise — can use to build and deploy automated security workflows that define risks, enforce security rules, and remediate threats automatically. 

By using a codeless approach to security (think drag-and-drop visual interfaces and pre-built templates), no-code security automation tools enable security teams to manage risks without depending on specialized, expensive scripting skillsets.

SOAR Tools vs. No-Code Security Automation

SOAR tools and no-code security automation platforms overlap in many of their objectives, including:

  • Automation: Both solutions enable automated risk identification and management.
  • Efficiency: SOAR and no-code security tools are designed to help organizations manage risks more effectively.
  • Going beyond threat detection: Unlike SIEMs, SOARs and no-code security frameworks don’t just detect risks and send alerts, they can also be used to manage risk response.
  • Threat intelligence: Both categories of tools draw on threat intelligence data to help identify and assess the newest types of security risks.

But the similarities stop there. In general, no-code security automation delivers additional features and benefits that SOAR tools lack, including:

  • Accessibility: No-code security automation frameworks are easy enough for anyone to use, regardless of coding experience. In this way, they allow all stakeholders, not just cybersecurity experts, to define and enforce security requirements within the systems they manage.
  • Automated response: In addition to making it easy to configure security rules, no-code security automation frameworks can automate threat response based on those rules. Traditional SOARs provide some automated response features, but they focus more on orchestrating threat response actions by cybersecurity professionals than on actually remediating the threat themselves.
  • Configuration security posture management: Traditional SOAR tools usually focus on identifying active risks within environments, not assessing configurations to find flaws that could enable a breach. No-code security automation tools do both, however, which means they can address domains like cloud security posture management (CSPM) in addition to runtime security.
  • Simple integrations: While it’s possible to deploy a SOAR in various environments and with many types of systems, doing so usually requires extensive configuration and customizations. In contrast, no-code security automation platforms are designed to start working out of the box, across any mainstream environment, with minimal configuration tweaks.

Enter: AI-Powered Hyperautomation  

Building upon the accessibility and flexibility of no-code automation, the modern SOC now demands a more intelligent and scalable approach: AI-driven Hyperautomation. Torq’s autonomous SecOps platform powered by AI-driven Hyperautomation represents a fundamental leap in the evolution of security automation for modern SOC capabilities.

Security Hyperautomation delivers significant advancements over SOAR and basic no-code automation. In addition to limitless integrations and cloud-based scalability, Torq Hyperautomation™ offers powerful case management capabilities that eliminate alert fatigue by automating Tier-1 threat remediation and intelligently prioritizing complex cases. And now, Torq’s agentic AI and Multi-Agent System is revolutionizing SOC efficiency through autonomous triage, investigation, and response. 

Thanks to no-code, low-code, and AI-generated workflow building, Torq empowers your SOC team to build and manage automations without extensive coding knowledge — while also offering full-code capabilities for those on your team who want granular control.

By automating complex workflows in minutes and leveraging intelligent decision-making, the AI-powered SOC can help organizations move beyond reactive security to become more efficient and resilient in the face of talent shortages and ever-evolving threats.

See how Torq Hyperautomation stacks up:

Torq Hyperautomation vs. Legacy SOAR Tools

Torq Hyperautomation vs. No-Code Security Automation Software

Share

Related Articles

Product Use Cases

Five Ways to Automate Threat Hunting in Your SOC

By Torq
August 8, 2024
4 Minute Read

Contents

Modern threats don’t come crashing through the front door — they slip quietly through gaps in the side of your house that your legacy tools don’t even know exist. Automated threat hunting is how you find threats before they find your sensitive data. 

Automated Threat Hunting Overview

Automated threat hunting uses rule-based logic, AI, automation, and real-time telemetry to identify suspicious behaviors across your environment. While manual threat hunting is resource-intensive and dependent on expertise, automation levels the playing field. 

With Hyperautomation tools, security teams can automate detection queries, enrich findings with threat intelligence, trigger searches across systems, and initiate immediate responses.

Automated threat hunting enables your SOC to:

  • Continuously monitor and detect threats at scale
  • Investigate faster and cut root cause analysis time in half
  • Shrink time from detection to response (MTTR)
  • Apply proven threat hunting strategies automatically
  • Handle multiple threat hunting sessions simultaneously
  • Give your analysts time back

What is automated threat hunting?

Automated threat hunting is the practice of using automation and AI to continuously search for hidden threats across an organization’s environment. Unlike traditional reactive monitoring, threat hunting is proactive, and when automated, it removes the bottlenecks of manual investigation, helping decrease a potential threat’s “exposure window”.

Let’s break down five ways to automate threat hunting in your SOC.

1. Automate EDR, XDR, SIEM, and Anomaly Detection Queries

Your stack is loaded with tools. Torq seamlessly integrates your stack to make them work together. When EDR, XDR, SIEM, and anomaly detection platforms are paired with automation, these tools can detect threats and act on them.

With threat hunting automation, you can: 

  • Trigger a SIEM alert to automatically query EDR logs
  • Parse XDR telemetry to extract IOCs and enrich investigations
  • Respond to anomaly detection with distributed searches across email, cloud, identity, and endpoint logs

2. Share and Standardize Threat Hunting Templates 

Every SOC team uses custom automation templates, which are shared with team members to ensure the most efficient threat hunting workflows. These threat hunting templates serve as playbooks for automating investigations received from the SIEM/EDR/XDR queries.

Teams can:

  • Standardize how alerts are prioritized and triaged
  • Automatically detonate suspicious files in sandboxes
  • Use natural language prompts to build or modify workflows

This makes threat hunting more accessible, scalable, and consistent. Now, even junior analysts can execute expert-level investigations.

3. Trigger Search Processes With Workflows

Manual searching is slow. Automated workflows can activate search processes across various systems to identify further events and evidence. 

These workflows can:

  • Trigger endpoint and log searches across EDR, MDM, and SIEM platforms
  • Perform cross-system correlation to identify lateral movement
  • Enrich alert data using threat intelligence and vulnerability scanners

This reduces the time analysts spend manually digging through data, allowing them to focus on high-value tasks.

4. Use Playbooks for Automated Incident Response

Threat hunting without response is just research. Turn detection into action with instant, automated incident response.

Build workflows to:

  • Isolate compromised systems
  • Revoke access or reset credentials
  • Trigger notification workflows to stakeholders
  • Update case management systems

5. Automate Threat Remediation

Once a threat is confirmed, it’s go time. Depending on the threat, workflows may automate remediation by:

  • Quarantining compromised files using EDR
  • Removing malware from cloud storage or inboxes
  • Blocking malicious IPs and updating firewall rules
  • Rolling back affected systems from backups

Automated Threat Hunting with Torq

With Torq, threat hunting can be fully automated with our AI-driven Hyperautomation platform. Here’s how we do it: 

  • Automated Case Management: Torq Hyperautomates case management by automatically creating, updating, and managing cases in response to incoming alerts. High-fidelity signals get prioritized instantly, and cases are enriched in real-time with contextual data from across your stack. 
  • Observables: Observables like IPs, hashes, URLs, and domains are more than just data points. They’re trackable objects tied directly to cases and alerts, fully compliant with OCSF standards. This lets security teams link activity across seemingly unrelated investigations and surface patterns faster than ever before.
  • Relationship Tracking: Torq’s platform allows security teams to implement correlation, enrichment, and contextualization logics in their workflows, leveraging the relationships between observables, cases, and alerts. This helps security analysts identify patterns and uncover hidden threats.

As cyberattacks grow more advanced, real-time visibility and rapid response aren’t optional — they’re essential. Automated threat hunting enables SecOps teams to stay proactive, reduce alert overload, and handle complex multi-vector attacks faster.

Torq gives security professionals the automation edge they need to hunt smarter, not harder. See how Torq can elevate your automated threat hunting strategy today.

Get a Demo
Share

Related Articles

News

Black Hat 2024: Torq Takes Over Vegas

By Torq
August 7, 2024
3 Minute Read

Our Arrival: Black Hat 2024

Subtlety has never been our specialty. Our arrival in Las Vegas for Black Hat 2024 had the city abuzz with excitement as our HyperTrucks blazed through the street, broadcasting that “SOAR is dead.” Our team traveled from across the globe, and converged to make this event unforgettable. We were not just attending; we were here to revolutionize how security operations are perceived and executed.

Torq HyperSOC™: The Demo that Broke Black Hat

Torq HyperSOC™ was undeniably the star of the show. Our demo booths were consistently surrounded by security teams waiting for their turn to witness the groundbreaking capabilities of our latest solution. The reactions were phenomenal—visitors were blown away by the efficiency and innovation that Torq HyperSOC™ brings to the table. The non-stop lines at our demo stations were a testament to the immense interest and excitement generated by our cutting-edge technology. 

“I’ve never seen anything like it in 20-something years of doing this.”

Mick Leach, Field CISO at Abnormal Security

Torq for Good

To raise awareness of the cyber skills gap and to encourage the next generation of young professionals to consider a career in cybersecurity, we committed to donate $10 for every person who visited our booth to Tech Queen Elite Training Institute. They caught our eye as a local Vegas non-profit organization that trains students in coding, business communication skills, and digital marketing technologies. We are also donating a pair of premium socks for every visitor to our booth via the Communities In Schools, Nevada organization. This donation is designed to inform kids about the value of a SOC career while also providing them with a useful back-to-school item. Communities In Schools is the nation’s leading dropout prevention organization. Its mission is to assess needs and deliver resources that remove barriers to success. It supports more than 100,000 students at 110 schools. 

Hyperautomation™ Reaches New Heights

Our booth at Black Hat 2024 was not just a display; it was an experience. The buzz and energy were palpable, with attendees continually stopping by to see what the excitement was all about. We made it loud and clear that “SOAR is Dead,” and the hundreds of security professionals we spoke to agreed.

Torq, Out. 

Black Hat 2024 was a monumental success for Torq, as we showcased our commitment to pushing the boundaries of cybersecurity and automation. Stay tuned for more exciting updates and innovations from our team – and be sure to catch us back in Vegas next month for Fal.Con.

Share

Related Articles

Insights

SecOps, DevOps, ITOps, DevSecOps: What’s the Difference and How to Build a Strategy

By Torq
July 30, 2024
5 Minute Read
Comparing DevOps, ITOps, DevSecOps, and SecOps roles and workflows

Contents

In cybersecurity, collaboration isn’t just helpful — it’s mission-critical. Evolving threats, hybrid infrastructure, and growing operational complexity have forced organizations to rethink how their teams work together. That’s where SecOps, ITOps, DevOps, and DevSecOps come into play.

These terms may sound similar. And they are — to a degree. But they have different areas of focus and philosophies. This guide will break them down, show how they overlap, and explain why automated SecOps is essential to a modern security strategy.

What is SecOps?

SecOps (Security Operations) is the fusion of IT operations (IT Ops) teams and security teams, processes, and technologies. It transforms security from a siloed afterthought into an integrated, continuous part of infrastructure management and incident response.

Unlike traditional models where IT and security operate independently, SecOps encourages real-time collaboration, shared visibility, and automation-powered workflows. The result is faster detection, smarter triage, and reduced risk.

At the heart of SecOps is the SOC (security operations center), which can be physical, virtual, or hybrid. The SOC centralizes collaboration among security analysts, IT operations engineers, system admins, and others, all aligned under the CISO.

Why SecOps Matters 

Security complexity is exploding. The average enterprise juggles hybrid infrastructure, sprawling cloud environments, and a distributed workforce. Meanwhile, attackers are faster — and smarter — than ever.

Siloed security and IT operations can’t keep up. Digital SecOps helps you scale. It reduces response times, minimizes risk, and improves visibility by aligning security into other parts of the business.

SecOps vs. ITOps

SecOps connects security and IT operations by aligning their workflows and priorities, not by merging teams. 

Traditionally, ITOps and security teams operated on parallel tracks. ITOps focused on maintaining infrastructure, keeping systems running, and resolving performance issues, while security focused on identifying and responding to threats. They might’ve shared a Slack channel, but rarely a strategy. That separation created gaps, and attackers took advantage.

SecOps closes those gaps. It ensures security is embedded into every layer of IT operations, from provisioning and deployment to monitoring and response. It’s not about turning IT teams into security experts or vice versa — it’s about building stronger collaboration.

SecOps vs. DevOps

DevOps is a collaboration between developers and IT operations teams that ensures developers understand the needs of ITOps when they write software and that ITOps teams understand what developers intend for software to do when they manage it. 

While SecOps and DevOps serve different functions, they share a common goal: breaking down silos between teams to improve agility, speed, and resilience across the organization. Here’s what they have in common:

  • Both break down silos between teams to improve efficiency and scalability
  • Both emphasize automation, real-time communication, and shared accountability
  • Both are cultural philosophies more than strict operational frameworks

But the difference lies in focus:

  • DevOps = Developers + ITOps
  • SecOps = Security + ITOps

In short: DevOps is about velocity. SecOps is about visibility. And both benefit from strong security automation.

Where DevSecOps Fits In

You can’t really talk about ITOps, SecOps, and DevOps without hitting on DevSecOps — the (relatively) new kid on the block that pulls development, security, and operations into a single, streamlined, collaborative model.

In DevSecOps, security “shifts left”, meaning it’s embedded earlier in the development lifecycle, not bolted on at the end. Security testing, threat modeling, and policy enforcement become part of the CI/CD pipeline.

With DevSecOps, developers, IT, and security collaborate from day one. Bugs are fixed before they become breaches, and vulnerabilities are squashed in staging rather than discovered in production.

Comparing ITOps, DevOps, SecOps, and DevSecOps

ITOpsSecOpsDevOpsDevSecOps
Primary FocusManaging IT infrastructure and servicesSecurity + IT operationsDevelopment + IT operationsEmbedding security into DevOps pipelines
GoalEnsure performance, uptime, and support of systemsStreamline threat detection and incident responseAccelerate software delivery and qualityShift security left in development workflows
Key StakeholdersIT admins, system engineersSecurity teams + ITOpsDev teams + ITOpsDev, Sec, and Ops teams working as one
Collaboration ModelOperates in silos or supports other teamsSecurity works closely with IT operationsDevelopers and OTOps work in tandemFully integrated cross-functional security practices
Examples of ToolsServiceNow, Nagios, PuppetTorq Hyperautomation platform, EDR/XDR, SIEMJenkins, Kubernetes, TerraformSAST, DAST, IaC security tools
PhilosophyKeep the lights on, ensure uptimeProactive threat mitigationMove fast, reduce friction between Dev and OpsSecure every commit, shift security left

Collaboration Isn’t Optional

At the end of the day, whether you’re operating under the banner of ITOps, SecOps, DevOps, or DevSecOps, one principle remains constant: collaboration is everything.

Security doesn’t happen in isolation. It happens when developers, IT, and security engineers have shared visibility, shared tools, and shared responsibility. When everyone’s aligned, security becomes part of the everyday workflow — not an afterthought or a bottleneck.

Scaling Through Collaboration with Torq

Torq’s no-code SOC automation platform is purpose-built to connect the dots across ITOps, security, and development. It breaks down barriers between teams with collaborative, transparent workflows that streamline communication, reduce handoff friction, and automate everything. Here’s how Torq emphasizes collaboration: 

  • Unified workflows: Bring security, IT, and engineering together in a single automation layer with shared playbooks.
  • No-code + Deep customization: Anyone can build and execute powerful workflows using natural language, prebuilt templates, or drag-and-drop tools.
  • Real-time collaboration: Triage, investigate, and remediate cases through chat tools like Slack and Teams.
  • Extensible by design: Torq integrates with your entire security stack and scales with your business. 

By embedding security into day-to-day operations and giving every stakeholder access to automation, Torq turns collaboration into a force multiplier. 

See how data security leader BigID increased SecOps efficiency by 10x with Torq Hyperautomation.

Read the Case Study
Share

Related Articles

News

Torq Delivers SOC(ks) for the Community

By Torq
July 25, 2024
3 Minute Read

Torq Gives Back and Supports the Next Generation of Cyber Talent

For the second year in a row, Torq is pleased to make donations to charities that invest in supporting the next generation of young professionals and encourage them to consider STEM-related career paths. 

Torq will be at Black Hat, one of the cybersecurity industry’s leading trade shows, August 6-8 at Mandalay Bay, Las Vegas. We’ll be exhibiting Torq Hyperautomation at our booth, including the AI-driven Torq HyperSOC, a purpose-built solution that automates, manages, and monitors critical SOC (Security Operations Center) responses at machine speed. This innovation has been game-changing for tech workers in the SOC and is helping alleviate the cybersecurity skills gap that’s leading to global labor shortages and burnout.

To raise awareness of the cyber skills gap and to encourage the next generation of young professionals to consider a career in cybersecurity, Torq will donate $10 for every person that visits its booth (#960) to Tech Queen Elite Training Institute. It’s a non-profit organization dedicated to training students in coding, business communication skills, and digital marketing technologies. Tech Queen Elite Training Institute helps eliminate barriers so students can earn globally-recognized credentials and become gainfully employed, in fields that include cybersecurity and AI.

“We’re grateful to Torq for making such a generous investment in the career paths of Tech Queen Elite Training Institute students,” said Dr. Duana Malone, Founder of Tech Queen Elite Training Institute. “Our goal is to ensure every student we work with has an opportunity to devote themselves to meaningful skills development that enables them to elevate their future potential, as well as their community at large. Torq’s donation will make a real difference for many students in Nevada.”

In addition, for every visitor to our Black Hat booth, Torq will donate a pair of premium socks to local kids in need via the Communities In Schools, Nevada organization. This donation is designed to inform kids about the value of a SOC career, while also providing them with a useful back-to-school item. Communities In Schools is the nation’s leading dropout prevention organization. Its mission is to assess needs and deliver resources that remove barriers to success. It supports more than 100,000 students at 110 schools. 

“Communities In Schools, Nevada, is very happy to have Torq contribute to the back-to-school packages we’re providing our students this year,” said Hayden Havon, Events Coordinator, Communities In Schools, Nevada. “Together with our other partners, Torq is helping ensure kids have the essentials they need to get up and running for their 2024-2025 academic sessions.”

“Every employee at Torq worldwide is proud to help make a positive impact in the communities in which we do business,” said Ofer Smadari, CEO, Torq. “We’re very happy to contribute to the wellbeing of students and for them to be exposed to the possibilities of cybersecurity as a fulfilling and valuable career option for the future. All of us are incredibly impressed by Tech Queen Elite Training Institute and Communities In Schools, Nevada, and we encourage others to also step forward and support their amazing work.”

Share

Related Articles

Customers Use Cases

Three-Time Torq Hyperautomation™ Customer Achieves Unparalleled Productivity and Efficiency

By Torq
July 24, 2024
3 Minute Read

The following is from a conversation between Torq and Kevin Rickard, VP of IT and Security at Jobcase, Inc. Jobcase is an online community dedicated to guiding and advocating for the world’s workers. Read on to learn how Kevin and his team have used Torq Hyperautomation to automate many security workflows.

From Torq Customer to Hyperautomation Enthusiast

Kevin Rickard is not just a repeat customer of Torq; he’s a three-time advocate for the transformative power of Torq Hyperautomation. What keeps him coming back? The exceptional quality of Torq’s pre-and post-sales support.

“The folks at Torq have been top-tier, and their expertise and support have made a world of difference,” Kevin shared. Compared to other SOAR products, Torq Hyperautomation stands out, offering unmatched agility and productivity. Kevin and his team at Jobcase have been able to deploy use cases within hours—something they hadn’t achieved with other solutions.

“Nothing compares to the agility and productivity I’ve achieved with Torq Hyperautomation.”

Kevin Rickard, VP of IT and Security at Jobcase, Inc.

Seamless Collaboration with the Torq Team

Jobcase’s collaboration with the Torq team has been both productive and ROI-driven. From the outset, Torq has been deeply engaged with the team, providing initial drafts for Jobcase’s workflows and demonstrating a deep understanding of their needs and processes. This personalized support has been instrumental in optimizing their security operations.

Top Hyperautomation Use Cases at Jobcase

Kevin’s team has found Torq particularly useful for a variety of IT and security processes, both large and small. One standout area is phishing analysis. With Torq Hyperautomation, they can quickly identify phishing threats and significantly reduce the alert fatigue caused by false positives. Additionally, automating employee onboarding and offboarding has improved operational efficiency and satisfaction among internal customers by eliminating many manual tasks.

With Torq Hyperautomation, Jobcase has streamlined workflows through Slack messages, automating everything from user welcome emails to complete enrollment processes. This automation has saved valuable time, eliminated repetitive tasks, and streamlined processes, allowing the team to allocate their efforts to more impactful and strategic initiatives.

How Torq Hyperautomation is Different from SOAR Offerings

Kevin’s experience with multiple SOAR platforms underscores the unique advantages of Torq Hyperautomation. Unlike traditional SOAR platforms, which often require extensive experience and substantial time investments, Torq’s ease of use and rapid deployment capabilities are game-changers. Teams can go from development to full production in just days.

Moreover, previous SOAR solutions often fell short in their tiered support structures, sometimes necessitating additional financial investments for adequate assistance. Torq, on the other hand, provides a seamless and supportive user experience, ensuring rapid and efficient operationalization of security workflows without extra costs.

In summary, Torq Hyperautomation has revolutionized how Jobcase manages its security workflows, driving unprecedented productivity and efficiency. Kevin Rickard’s continued reliance on Torq is a testament to its superior capabilities and exceptional support.Want to learn more about Torq Hyperautomation? Get a demo.

Watch the Full Interview

Share

Related Articles

Hyperautomation MSSP

The 5 Hidden Costs of SOAR for MSSPs

By Torq
July 22, 2024
3 Minute Read

SOAR is yet another set of cybersecurity tools and technologies that’s exciting to talk about, looks good on paper, but is fraught with financial difficulties for MSSPs seeking to deliver an outsourced security solution that maintains a healthy ROI.

Costs lurk around every corner – from response and resolution penalties, to the operational headaches caused by legacy infrastructure, and the unspoken need to go above and beyond the call of duty in order to facilitate continuous improvement across an outsourced security stack.

90% of security professionals claim SOAR solutions require significant investment to fulfill a baseline set of outsourced security obligations.

Change is here.

Torq automates 100% of SOAR workflows, and allows MSSPs to work smarter with the resources at hand, by providing scalable hyperautomation that eliminates the need for button-bashing resolutions to common cybersecurity problems

Let’s lift the veil and explore some of the hidden costs involved with implementing and maintaining a SOAR solution.

1. SLA Adherence

SOAR contracts revolve around an MSSP’s ability to effectively triage, investigate and remediate organizational security events. Granular SLAs take into account each individual alert, ensuring that MSSPs are held financially accountable for the promises they make during the pre-sales process.

To minimize costly service penalties, resolution time is king. From onboarding through to service provision, and incident resolution, hyperautomation improves completion time for manual tasks, triages events the moment they occur, and manages security incidents so that teams are able to stay one step ahead of contractual target times.

2. Legacy Security Environments

MSSPs are faced with an earnest demand from their customer base to consult on the removal or optimization of incumbent security technology that is out of date, ineffective, and represents a high risk to end user organizations.

Constructing a scalable differentiated service that replaces legacy architecture – across multi cloud, on-premise, and hybrid setups – is often impossible to adequately cost, and leads to scope creep, and a suboptimal onboarding experience.

3. Complex Integration Requirements (Legacy Systems)

The recent explosion in SAAS security product adoption, and the ever increasing number of data sources available that feed into contemporary TDIR workflows, means that MSSPs are often hamstrung in their ability to deliver baseline SOAR operations across a global client base.

Torq Hyperautomation allows you to connect to anything and everything, using  native platform integrations, no-code to full-code customization, and container-based integrations that level-up an organization’s use of internal and external security platforms.

4. Alert Volumes

Throwing additional resources at an alert queue eats into an MSSPs ROI, and creates an operational environment that relies on constant manual intervention to remain effective.

Torq automates over 90% of low-level SOAR operations – including Tier-1 alert management – significantly reducing the time and labor costs associated with threat management. This enhancement in service delivery efficiency directly improves the gross margin for MSSPs.

5. Ongoing Optimization

Organizations demand continual improvement across threat detection and incident response routines, over and above an MSSPs standard obligations as an outsourced provider, including a single common detection layer to rely on.

Customers expect a curated and optimized SOAR environment that places significant financial and operational demand upon MSSPs responsible for delivering a streamlined, automated security service.

Torq Hyperautomation allows you to stay one step ahead of operational requirements, and construct solutions that facilitate ongoing optimization between multiple security workflows, without the need for costly periodic evaluations.

SOAR isn’t working…

MSSPs deserve better than reactive, pre-built SOAR solutions that are far from solution-centric and don’t deliver on ROI. Hyperautomation is here to stay. Make the change now and realize immediate cost savings.

Share

Related Articles

See Torq in Action

Get a demo to see how Torq helps you harness AI in the SOC to detect, prioritize, and respond to threats faster.

Is your security team ready to automate more, faster?