Torq is an inaugural WIZ Integration (WIN) Launch Partner
By Torq
June 13, 2023
2 Minute Read
Torq has been hand selected as a Wiz Integration (WIN) launch partner, bringing the power of Torq Hyperautomation to WIN, so that our joint customers can continue to seamlessly integrate Wiz into their workflows, empowering them to automate their response.
“Torq and Wiz work seamlessly together to give us a major real-time advantage in mitigating the ever-evolving cloud-based threat landscape.”
Jemuel Dalino, Application and Engineering Security Manager, Agoda
WIN enables Torq to deliver actionable remediation and response to threats with a full audit trail of automated security actions. Torq and Wiz work seamlessly together to provide a real-time advantage in mitigating the ever-evolving cloud-based threat landscape with comprehensive contextual and accurate malicious activity identification. And Torq frees up security teams’ precious time, empowering them to focus on strategic business initiatives without being overwhelmed by cloud alerts.
“Over 50% of our customers are utilizing our Wiz integration in order to strengthen their hyperautomation workflows and I’m thrilled for us to have been selected as a WIN launch Partner. I look forward to strengthening our relationship for the benefit of our joint customers.”
Eldad Livni, Co-Founder and CINO, Torq.
The combined value of Wiz and Torq streamline security for organizations that are on a cloud journey.
“A best-in-class cloud operating model reduces risk, improves ROI, and drives efficiency,” said Oron Noah, Director of Product Management, Wiz. “That value proposition is what lies at the heart of WIN, and what Torq as a partner helps to make a reality. This collaborative philosophy brings real customer benefits, and we are so thankful to have Torq on board for this launch.”
Interested to learn more about the power of Torq and Wiz together, schedule a demo.
Fix Cybersecurity Tool Sprawl with Hyperautomation
By Luke Bentley, Torq EMEA Account Executive
June 1, 2023
5 Minute Read
The evolution of cybersecurity tools is nothing short of remarkable, but I suppose they had to be when it isn’t just the Morris Worm you’re worried about. There has been a wave of buzz around the latest technology in years gone by. EDR evolved into MDR, then SASE, and in recent times we’ve seen Immutable Backup take the front seat.
But hey, I’m sure you can’t go far wrong by investing in all these kinds of technologies. The more the merrier, right? Depending on what you read, the number of cybersecurity-related technologies that enterprises have integrated and deployed in their infrastructure is between 45-70*, which is absurd. So, when there are vendors that are working in unison and supporting the idea of a better integrated and more visible cyber picture, it sounds like a win-win. This idea of your EDR, SASE and Email Securityvendor working in tandem is a dream come true, right?
Some things don’t change unfortunately, and cybersecurity teams and CISOs are still being asked to do the impossible. Those age-old problems don’t budge easily: shortage of cyber professionals and resources, and a plethora of cyber vendors offering too many tools and too many processes. “With great tools, come great alerts,” or something along those lines, is what we’re typically told.
Who’s expected to deal with these additional alerts created from all of these technologies? Just because they integrate well, doesn’t mean they’re contributing to what the main focus should be: improving your cybersecurity posture and reducing the risk to your organization’s workforce.
Some things do change, however. The new generation of CISOs don’t want to overload their teams with work to churn out results. They want to work smarter. They see business, people, and technology as one that can work together to get results.
CISOs are looking at the bigger picture. Empower the cyber teams, let them develop their skill sets, so they can return their knowledge and value back to the company. They’re not relying solely on the latest tech to churn through alerts and let the team on the ground deal with the processes.
The saying goes, “Train your people enough so they can leave, and treat them well enough so they don’t want to.” Nailed it.
Your infrastructure security engineer wants to develop into an AWS architect, but is too busy dealing with CSPM alerts. Your cyber analyst has aspirations of being a CISO themselves one day, but is bogged down by suspicious user activity, and misses all those opportunities to gain additional knowledge, learning how to present and communicate better, or simply lacks a development in strategic mindset to tackle problems. And that lack of development means they look elsewhere. Cybersecurity roles are notorious for job hopping, and I think that’s because the dreams of complex, technical and exciting projects are brushed away by daily firefighting.
Give the power back to the people, including the techies that are literally running the show, and retain them longer. But how? First, strip your mind of all pre-existing knowledge and thoughts on legacy SOAR. Those time consuming, low use case producing, pro-services heavy technologies are a thing of the past.
Hyperautomation is reforming how cyber teams, top to bottom, left to right, are approaching their CyberSecOps. The time to automate every task that comes from the latest and greatest cyber technologies you invest in, because it’s perfectly viable, is now. Torq’s enterprise-grade security hyperautomation has made that possible.
The barrier to entry is no longer a dedicated DevSecOps team of 5 who can code in every language A through Z. Cyber and dev teams have spent years trying to create use cases with legacy SOAR vendors, and might be lucky if they publish 4 or 5 workflows/playbooks in a year. With Torq, the entry need only be a laptop, mouse and keyboard. Maybe a slight oversimplification, but it’s not far wrong. The ability to imagine, create and publish a workflow is now astonishingly rapid with Torq.
So, yes, the latest tech tools are great to have, the integrations will no doubt provide you with additional advantages and help secure your workforce, and sure they’ll do what they say on the tin. But the real power in your CyberSecOps is their new found time, being in control of alerts and tasks, and effectively remediating all of those alerts with a hands-off approach where possible. Torq is the tool to augment everything you have, say (and show) how we give time back to your teams, as well as increase the efficacy and ROI of other tools. Here’s a sneak peek at what time you could be saving:
If you’ve miraculously found time between all your alerts to read this, don’t take my word for it; put our hyperautomation platform to the test. Any and all CyberSecOps or CloudOps processes you want automating – we’ve got you!
CSPM, IAM, alert remediation, email phishing response, threat hunting, and secure access to sensitive data – honestly the list is only limited to your imagination (or in my case, a word count).
Building Efficient SecOps Pipelines with AWS Security Lake and Torq
By Torq
May 31, 2023
8 Minute Read
Amazon Security Lake automatically centralizes an organization’s security data from cloud, on-premises, and custom sources it into a purpose-built data lake stored in a customer’s AWS account.
Amazon Security Lake reduces the complexity and costs for customers to make their security solutions data accessible to address a variety of security use cases such as threat detection, investigation, and incident response. Amazon Security Lake is one of the many solutions that now supports the Open Cybersecurity Schema Framework (OCSF), an open industry standard, making it easier to normalize and combine security data from AWS and dozens of enterprise security data sources.
Operationalizing the above (and additional) scenarios on top of the security data lake requires a set of basic building blocks that can either be used directly by SecOps professionals, or combined into larger workflows driving specific outcomes.
Executing Automated Actions as a Response to Security Events
As an Amazon Security Lake subscriber, Torq consumes logs and events from Security Lake. In order to control costs and adhere to least privilege access best practices, Torq workflows can be automatically notified of new Amazon S3 objects for a source as the objects are written to the Amazon Security Lake by setting up one or more data access subscribers. Data access subscribers are notified of new Amazon S3 objects for a source as the objects are written to the Security Lake data lake.
In Torq, this notification is received in an Integration Webhook, so the first step of the configuration process is to create a new Webhook integration in Torq, as described in Torq’s documentation here. Take note of the resulting Webhook integration URL (endpoint), as it will be needed to set up a data access subscriber in Amazon Security Lake.
Completing the creation of the subscriber also requires setting up a new AWS Integration in Torq, as described in Torq’s documentation here. This integration will also be used afterwards to pull data from the Security Lake in Torq Workflows. As described in Torq’s documentation, setting up an AWS Integration requires creating a new Role in AWS Identity and Access Management. For that role to be able to pull data from the security lake, please sure to add the following permission policies to the role:
Create a new IAM Policy with the following contents:
Make sure to replace “{accountId}” in the JSON above with your own AWS Account ID.
Add this policy to the Permissions Policies for role you’re creating for Torq’s Integration
Add the following policy to the Permissions Policies of the role AmazonAthenaFullAccess (this is needed to enable querying, writing results, and data management through Amazon Athena, which is how Torq workflows will query data from the AWS Security Lake.
While setting up the AWS Integration in Torq, take note of the Torq Account ID and the AWS External ID, as you will need these in the process for creating a custom subscriber
Next, follow the following steps to set up a new Data Access Subscriber through your AWS Console:
For Subscriber details, enter the subscriber’s name and (optionally) a description.
For Log and event sources, choose from which sources you want to receive notifications in your previously created Torq webhook (you can choose whether you want to send notifications from all your Amazon Security Lake sources to Torq or select specific sources for each subscriber).
For Data access method, choose S3 to set up data access for the subscriber.
For Subscriber credentials, provide the Torq Account ID and the AWS External ID you got from AWS integration in Torq for AWS account ID and external ID, respectively.
For Notification details, select Subscription endpoint so that your Amazon Security Lake can send notifications through EventBridge to the HTTPS endpoint of the Torq Webhook created previously.
For Service Access, select the IAM role named AWSServiceRoleForAmazonEventBridgeApiDestinations, which is automatically created during the Amazon Security Lake set up process when run from the AWS Console, and which gives EventBridge permission to invoke API destinations and send object notifications to the correct endpoints.
Provide the Torq Webhook integration URL (endpoint) as the subscription endpoint.
Choose Create.
Check the configuration of Subscription associated with the Amazon SNS Topic which has been created as a result of the previous steps, and verify that Raw message delivery is enabled for the Subscription. Enable it by editing the Subscription if it wasn’t.
Schematic configuration of Amazon Security Lake subscribers triggering Torq workflows
Depending on the settings you defined in step #5 above (Log and event sources) it might be necessary to define trigger conditions in your Torq workflows triggered from Amazon Security Lake events. Here’s an example of a trigger condition meant to restrict a workflow to be triggered by Route53 events in Amazon Security Lake from a region us-east-1 only:
A Torq workflow trigger condition definition example to restrict a workflow to be triggered only by Amazon Security Lake events for a specific account id, region and data source (such as AWS Route53)
Querying Data from Security Data Lake
The Amazon Security Lake creation and set up process run from the AWS console, automatically registers each Security Lake region as a new Database in AWS Athena.
AWS Athena is a serverless service which allows querying Amazon Security Lake S3 data (with an S3 bucket per region for which the Security Lake has been enabled) using SQL.
Querying Amazon Security Lake from Torq Workflows using SQL through AWS Athena
Querying Amazon Security Lake data from Torq workflows, either automatically triggered from Security Lake events, scheduled to periodically pull notifications of new objects by polling an Amazon Simple Queue Service (SQS) queue or run on-demand to search for specific data in the Security Lake, can be easily implemented by using SQL in AWS CLI steps to query Athena’s API.
The following figures illustrates the process of querying Amazon Security Lake from Torq Workflows in 3 steps:
Creating a dynamic SQL query for AWS Athena:
Using AWS CLI to execute the query in AWS Athena:
The result of Athena SQL queries is stored as a csv document in S3 and can be easily pulled into a Torq workflow by using an AWS S3 Read File step, and then the Convert CSV to JSON step from Torq Utilities to simplify data extraction and transformation in later steps in the workflow:
Bringing It All Together
Operationalizing Security Operations with fully automated or human-in-the-loop pipelines using the above “building blocks” is a process consisting of the following phases:
Identifying the relevant security events:
Torq triggers can be configured with conditions, expected from the delivered event, in order to start performing automatic actions. In some cases, looking just at the event data might not be sufficient to decide whether it requires a certain security follow-up or not. For these scenarios, following up with additional automated enrichment and investigatory steps can be performed with Torq workflow steps.
Defining the required enrichment / hydration data:
Upon receiving a security event that has a potential for a follow-up, certain parts of it, such as (but not limited to) User Identifiers, Device Identifiers, Network Addresses, etc… should be retrieved for further enrichment with additional systems (IAM, CMDB, Threat Intelligence and more) by introducing initial steps in a workflow triggered by security lake events.
Building the pipelines – what happens when the event occurs:
Defining the response process can take place in an iterative manner. Main questions that need to be addressed are:
What additional information do we need to be able to better classify the event
Once classified, are there external notification / orchestration systems that need to be updated with this information
If building a human-in-the-loop pipeline, which role-players need to be provided an information about this event
If performing automatic remediation actions – what are they and which role-players can approve executing them
Summary
Amazon Security Lake provides a flexible and scalable repository for different kinds of security events. In order to build flexible and scalable security operations, your teams will require this data to be at their fingertips with the ability to efficiently use it and to trigger processes based on it.
Implementing Torq workflows, that can be triggered either
Manually by security professionals via Messaging / Chat or Web
By identifying specific events reaching the security lake
By using detections made by 3rd party security products
In these workflows, following capabilities can be delivered to security professionals:
Retrieve data from security lake and present it to security role-players in a convenient fashion
Enrich operational systems with context from the security lake
Process the security lake data to make decisions on severity and priority of different security events
Suggest and execute containment and remediation strategies based on processed contextual data
Examples of these and additional scenarios can be found at Torq Template Library.
Turning Intelligence Into Action with Cybersixgill and Torq
By Dallas Young, Sr. Technical Marketing Manager
May 24, 2023
4 Minute Read
No matter the industry, geography, or organizational size, cybersecurity teams are united by their many shared challenges: talent shortages, expanding attack surfaces driven by digitization and remote work, increasing velocity of software development, and the rapidly growing scope and sophistication of global cybercrime. In response, these teams have embraced and incorporated a range of specialized tools within their defensive arsenal in attempt to address and resolve these issues. Threat intelligence and security automation solutions form the front lines of their battle, yet these pillars of the cybersecurity ecosystem are often disconnected, creating a dangerous gap between intelligence and action.
This divide prevents security teams from deriving the full value from their solutions. Non-actionable threat intelligence increases analyst fatigue with yet another stream of feeds and alerts. While automated security playbooks without context-rich threat data lack the means to validate, prioritize and triage threats, resulting in inefficient processes and extending the MTTR.
By integrating actionable, relevant, context-rich threat intelligence within orchestration automation tools and processes, security teams can unlock the full potential of their existing security stacks – saving precious time and resources while streamlining response and remediation.
Turning Intelligence Into Action with Cybersixgill and Torq
Cybersixgill and Torq have partnered to bridge the divide between intelligence and action, operationalizing Cybersixgill’s market-leading threat intelligence through next gen security hyperautomation with Torq. With this strategic partnership, we have pioneered end-to-end, no-intervention threat protection, helping to dramatically reduce MTTR through customizable, automated workflows and playbooks, triggered by context-rich threat intelligence extracted in real-time from the cybercriminal underground.
Using Torq’s library of automation components, organizations can build an automation infrastructure to orchestrate immediate responses to Cybersixgill’s early warnings of potential threats, allowing teams to build automated, alert-triggered playbooks with any other tool in their environment – without writing a single line of code.
Alerts from Cybersixgill’s rich threat intelligence insights can be programmed to autonomously initiate incident response workflows in Torq to instantly remediate issues at the first indication of a potential threat. Alternatively, security teams can harness Cybersixgill’s rich threat context to create automated threat hunting workflows, triggering data enrichment upon the arrival of an event or signal discovered through any other security tool.
Torq and Cybersixgill make it easy for teams to turn manual security processes into automated, intelligence-driven workflows within minutes, eliminating reactive processes to build a resilient, proactive cybersecurity posture.
The Benefits of the Combined Solution
Cybersixgill gives users covert access to our complete body of context-rich threat intelligence from the deep, dark & clear web, including limited-access forums and markets, invite-only messaging groups, code repositories, paste sites and clear web platforms. We correlate our threat intelligence with each customers’ defined organizational assets, alerting teams to relevant threats at the earliest indication of risk, enabling preemptive action to be taken before they can materialize into an attack.
Torq’s enterprise-grade security hyperautomation platformunifies and automates the entire security infrastructure to deliver unparalleled protection and productivity. Torq drives maximum value and efficiency from existing security investments. It supercharges security teams with powerful, easy-to-use no-code, low-code, and full-code workflows that reduce manual tasks, freeing security professionals to focus on higher-value strategic activities.
Together, the combined solutions help users:
Reduce risk with automated end-to-end intelligence-driven security workflows- Identify, capture and block threats as they emerge with seamlessly deployed playbooks to accelerate Mean Time to Respond and better secure your environment.
Save time and maximize team productivity- Eliminate manual work with automated workflows triggered by actionable and relevant threat intelligence data – built and deployed in minutes with no need for developers, professional third party services or month-long implementation delays
Minimize cost and maximize resources- with a consolidated end-to-end no-intervention threat protection solution that allows you to make the most out of your existing security stack, with faster time to value.
Optimize operations- by automating repeatable security processes, allowing you to shift valuable resources to higher priority tasks.
Schedule a demo to learn more about Torq Hyperautomation.
The Top 4 Criteria for Choosing a Security Automation Solution
By Afik Levi, Product Specialist, Torq
May 18, 2023
5 Minute Read
As businesses continue to evolve, automation has become an essential aspect of modern operations. The benefits of automation are numerous, ranging from reducing operational costs to increasing security, efficiency, and accuracy. However, with so many automation solutions available on the market, it can be challenging to select the right one for your business. As a product specialist at Torq with over a decade of experience in field positions, I have had the opportunity to witness countless businesses on their automation journey, and I want to share some of the insights with you. At the end of the article, you will have a better understanding of the critical factors to consider when choosing the right automation solution.
1. Business requirements, Technology Stack, In-House Solutions
The first step towards selecting the right automation tool is understanding your business requirements. This involves identifying the processes that need automation (repetitive tasks, high error rates, etc.) and mapping the technology stack. It is crucial to evaluate the automation solution’s capabilities to integrate seamlessly with your stack and provide out-of-the-box functions that are relevant to your technology stack, as this improves the time to value and ROI by enabling simplicity when creating automation workflows. It’s also equally as important to map your in-house customizations to examine how the potential solution works with them, as without the sync between the two, you will most likely face “unplanned costs” and it might lead to complete blockers.
2. Out-of-the Box vs Generic
Flexibility is another important factor to consider when selecting an automation solution. Wait a minute! What do we mean by flexibility? Referring to the balance between out-of-the-box capabilities and generic/customization capabilities. It is essential to ensure that the “out-of-the-box” capabilities can be fully customized; based on my experience, missing even one piece of the puzzle can prevent successful workflow automation, so you better be able to customize it or you might hit the same wall that is killing the legacy SOARs (content and integration creation; “Sorry, we don’t support it”).
However, beware of generic solutions that may satisfy use cases but hinder time-to-value and solution maintenance (for example, vendor API updates). So at the end of the day, having both out-of-the-box and generic capabilities is desirable.
3. POC Time + Success Criteria
After understanding your business requirements and technology stack, evaluating potential automation solutions with a Proof of Concept (POC) is the next step. The focus is on time-to-value and ROI. Choosing your important use cases and evaluating how quickly and easily they can be fully operational is essential. It is equally important to determine how easy it is for you to accomplish this. It’s time to ask your team to complete a use case from scratch using the potential automation solution.
Here is the specific success criteria for the POC as I see it (I promise it will save you money in the long):
New content creation – “steps”.
New integration creation – out of the box and generic capabilities.
Bring your own code – relevant when you have a legacy code such as a big in-house solution that you can’t replace right away, or even empowering someone who wants to use code for specific use cases.
Connectivity capabilities – more than APIs (SSH, Bash, SQL, etc).
Life cycle management – vendor API updates, production vs testing separation, testing and CI/CD solutions, etc.
Templates – out-of-the-box workflows that reflect different use cases.
Content sharing – workflows and steps, relevant for a super user who helps others.
Now that we have a candidate that answers all of that (hint: Torq), it’s time to validate what the future looks like. It’s time to focus on scalability, maintenance, and the vision of the vendor. As your business grows, the solution should scale with it. It is essential to choose an automation system that can handle increased volumes of data and adapt to changing business needs over time. Selecting a solution from a vendor with a clear vision for the future can be critical to ensuring the long-term success of your automation efforts.
Choosing the right automation tool is a critical aspect of a modern security team. It’s crucial to examine the standout aspects of the solution as it can have a significant impact on your organization, particularly in terms of efficiency, improved security posture and lowering costs.
While there are many factors to consider when selecting a security automation tool, these essential elements should guide your decision-making process as they increase the probability of success. As a product specialist at Torq, we understand the importance of selecting the right automation tool (so we have created an Hyperautomation one), and I hope that this article has provided you with valuable insights to make an informed decision.
Hype vs. Reality: Are Generative AI and Large Language Models the Next Cyberthreat?
By Torq
May 17, 2023
5 Minute Read
Generative AI and large language models (LLMs) have the potential to be used as tools for cybersecurity attacks, but they are not necessarily a new cybersecurity threat in themselves. Let’s have a look at the hype vs. the reality.
The use of generative AI and LLMs in cybersecurity attacks is not new. Malicious actors have long used technology to create convincing scams and attacks. The increasing sophistication of AI and machine learning algorithms only adds another layer of scale and complexity to the threat landscape, which should be met with both common and innovative protection measures to maintain organizations’ security posture.
Generative AI and LLMs can have a significant impact on the scale of cybersecurity threats, both in terms of the number of attacks and their complexity. On one hand, these technologies can make it easier and faster for attackers to create convincing fake content. This could lead to an increase in the overall volume of attacks, as attackers are able to generate larger quantities of fraudulent content more quickly and easily.
Additionally, LLMs can be used to generate highly-targeted and personalized messages, which could make it more difficult for people to recognize them as fraudulent. For example, an attacker could use an LLM to generate a phishingemail that appears to come from a friend or colleague, using their writing style and language to make the email seem more authentic. They could also be used to generate realistic-looking password guesses, in order to bypass authentication systems. Generative AI and LLMs can give attackers an advantage in certain situations. These tools can automate the process of creating convincing fake content, making it easier and faster for attackers to generate large quantities of phishing emails and other types of misleading content.
To mitigate the potential threats posed by generative AI and LLMs, organizations can take immediate steps, such as:
Multi-factor authentication-Implementing multi-factor authentication systems can help to prevent attacks that use AI technology to guess or crack passwords. By requiring additional verification steps, such as a biometric scan or a one-time password, organizations can make it more difficult for attackers to gain access to sensitive data or systems.
Employee training-Providing training to employees on the increasing threat of highly targeted and personalized phishing attacks as a result of generative AI. This can include training on how to identify and respond to phishing emails or suspicious behavior on the network.
Email filtering-Email filtering systems can provide an effective defense against phishing attacks that leverage AI technology. These systems can analyze large volumes of email traffic and quickly identify and block suspicious emails, helping to prevent users from falling victim to these types of attacks.
Hyperautomation-This new security automation approach is effective for countering the scale of attacks generated by AI, by providing organizations with comprehensively-integrated capabilities needed to quickly detect and respond to threats. In addition, it can help to reduce the workload on security teams by hyperautomating routine tasks such as incident triage and response. This can help to free up time and resources to handle more complex threats, such as those involving generative AI and LLMs.
The use of generative AI and LLMs is not limited to attackers. These tools can also be used by defenders to develop more effective security measures and detect potential threats. For example, security researchers can use LLMs to analyze large volumes of data and identify patterns that could indicate the presence of a cybersecurity threat. Some possible future applications of LLMs in cybersecurity protection can be developed to augment the existing tech stack, and help protect against a wide range of new and more sophisticated cyber threats:
Phishing Detection-LLMs can be trained to recognize and flag suspicious emails that may be part of a phishing attack. By analyzing the text of an email, an LLM can identify patterns or keywords that are commonly used in phishing attempts and alert users or security teams to the potential threat.
Malware Detection-LLMs can be used to analyze large volumes of code and identify patterns that are associated with malware or other types of cyber attacks. An LLM can identify keywords or phrases that are commonly used in malicious code and help to flag potential threats.
Threat Intelligence Analysis-LLMs can be used to analyze and categorize large volumes of threat intelligence data, such as security logs or incident reports, to identify patterns and trends in the data and help that indicate potential threats or vulnerabilities in the system.
Hyperautomation-By integrating AI-based threat detection capabilities into a hyperautomation platform, organizations can enhance their ability to quickly respond to attacks. For example, machine learning algorithms could analyze network traffic and identify patterns that indicate the presence of a threat. This would automatically trigger a response, such as blocking the malicious traffic or quarantining an infected device.
If you want to learn more about how hyperautomation can help your organization connect your entire tech stack, use no-code to full-code, and bring your own container, and deploy in a matter days, visit Torq.
For years, efficient Case Management has been one of the single most challenging tasks for security operations professionals. It involves ensuring all threats are proactively identified and prioritized based on risk criticality, and then rapidly investigated and appropriately elevated across all organizational cybersecurity platforms and tools. Optimally, it sets up a near-bulletproof incident response posture that makes the most of an organization’s cybersecurity ecosystem.
However, time and time again, legacy SOAR platforms have failed to deliver on the promise of Case Management. These earlier tools simply can’t keep up with the pace, volume, and variety of evolving cybersecurity threats. They also don’t offer SecOps the flexibility to quickly pivot through records to accurately assess whether or not they’re facing a targeted campaign, a new and novel threat, or an ongoing, pervasive threat that could stop business in its tracks.
The new Torq Hyperautomation platform was purpose-built from the ground up to deliver the comprehensive Case Management capabilities SecOps have been demanding for years, and never benefited from—until now. Unique modern AI co-pilot capabilities drive efficiency even further, ensuring that security analysts are assisted by cutting-edge technology to make the right choices and not miss any details.
Hyperautomating Contextual Security Case Resolution
Torq Hyperautomation is unique in that it rapidly and accurately collects a large number of unprocessed events and signals, and organizes them into contextually-enriched cases, intelligently ordered by severity, priority, and field of ownership. It also orchestrates the analysis and remediation of security cases across multiple organizational functions, and tracks all security decisions in a single dynamic, hyperautomated framework.
The benefits of Torq Hyperautomation’s Case Management approach are significant. By hyperautomating security signal detection, it reduces noise and manual investigations by up to 70%. Its flexible framework also streamlines decision-making and automatically enriches data, cutting through the noise and separating minor, easily-remedied incidents from significant, and existential organizational threats.
Here are some of the key benefits and how they work to streamline your case management processes:
Automated Case Management
Torq empowers organizations with the power to hyperautomate common use cases with repeatable workflow processes that launch all the necessary steps, such as customizable decision trees that integrate human intervention. This includes scenarios such as escalation or case handoff. SOC Analysts can analyze and create workflows to efficiently process a case or issue.
By hyperautomating case management, security teams can streamline workflows and focus on high-priority threats. Torq empowers teams to automatically create, update, and manage cases in response to security alerts, ensuring they can quickly prioritize and respond. Analysts are freed from the mundane to concentrate on higher-level security activities.
Automatically Enriches Security Case Context
Torq’s Use Case management solution automatically transforms large numbers of events and signals into contextually-enriched cases. All cases are ordered by severity, priority, and ownership with the intelligent correlation of signals to open, update, enrich, or close cases, with human interaction being optional.
Accelerates Discovery and Remediation of Threats with AI
Torq’s unique ability to hyperautomate case management handling using AI that enriches the context of the situation, so you only need to involve humans when necessary, such as when a judgment call is required. For example, when an alert is automatically sorted by priority, intelligent analysis is performed to determine the next steps with our flexible event-driven workflows that connect any of your existing security tools to perform the required actions.
In this example, a suspicious file was detected on the endpoint, and the IT Analyst wanted to check if this particular threat was already known to be suspicious or malicious on VirusTotal.
Security Analyst executing an MD5 hash lookup that automatically kicks off a workflow without ever leaving the use case ticketing system
Utilizing the power of ChatGPT, the findings are condensed to two sentences that state that 56 of 71 AV engines detected the threat as malicious. Contrast that with the overly-verbose output that you would typically receive on VirusTotal. This saves tremendous time and summarizes the incident in a readily consumable human-readable format.
Summary of the workflow automation output automatically logged to the open ticket
Torq can then execute automatic remediation workflows to run a scan of the environment for persistence anywhere on the network, automatically clean the endpoint, or quarantine it for further analysis by a SOC Analyst.
Unified Case Management
SOC Analysts can access a unified view of each case and follow essential processes for handling and resolving cases. Torq’s intelligent case management empowers them to take action confidently, reducing the risk of human error. Handoffs between SOC Analysts occur seamlessly via hyperautomated processes, with all the relevant case details at hand.
Collaboration outside the security operations center is easily done within the platform, which is especially helpful in promoting cross-team collaboration with more complex incidents requiring multiple subject matter experts. Each external team can resolve security issues efficiently using their tools of choice, such as, but not limited to, Atlassian Jira, ServiceNow, Github, and more.
Cross-team collaboration with various subject matter experts engaged in a high-priority investigation.
Precision Accuracy and Actionable Outcomes
Torq Hyperautomation’s Case Management capabilities curate accurate and actionable data to identify service and security issues as they develop. Real-time analytics and long-term analysis help identify service trends and determine areas where SOC Analysts or other teams could benefit from improved efficiency as a result of introducing automated investigation and containment strategies and tools. Effective reporting is available to help monitor progress and track performance which helps SOC Analysts resolve cases more efficiently, leading to better outcomes.Want to learn more about how Torq Hyperautomation Case Management can dramatically enhance your security workflows so you can stay ahead of emerging threats? Test drive Torq Hyperautomation, here: https://torq.io/demo/
Torq Hyperautomation: The Most Talked About Product at RSAC
By Don Jeter, Torq CMO
May 5, 2023
4 Minute Read
When you say, “SOAR is Dead,” you’ll get some attention, and that’s exactly what happened at RSAC 2023.
But it wasn’t just a statement that created the buzz.
It was the solution that we unveiled that got people talking. The debut of Torq Hyperautomation™ created an enormous buzz across RSAC 2023 – on the show floor, in the media, and even on the street. Why? Because cybersecurity professionals are tired of the complexity associated with legacy SOAR platforms. They want something easier to use that doesn’t take up all their time or require costly professional services. We get it. That’s why our booth was packed with attendees wanting to demo the world’s first no-code, low-code, and full-code security automation platform with true enterprise scalability. It’s the same reason why CRN called Torq Hyperautomation “one of the coolest products at RSAC” and “the most important product announcement” by CSO Online.
According to the customers and partners we spoke with at RSAC, these are the most common problems facing cybersecurity professionals:
Trouble Retaining Security Talent
One of the most common themes we heard echoed was the trouble retaining security talent. Specifically sourcing and hiring security professionals. We sat down with our partner, Recorded Future, who posed the question, “What if we took intelligence that’s not only human readable, but machine-readable, and then a powerful automation engine, so that instead of having your analysts waste time and look up indicators, and wasting time researching the simple, being things, what if we help them automate that?” By automating mundane tasks, cybersecurity professionals can focus on the aspects they are most passionate about in their careers.
Too Many Tools
Another concern we heard from customers was the overwhelming amount of tools they are being forced to manage. Consolidation was a word we kept hearing as cybersecurity professionals are challenged to keep up with the overwhelming amount of tools and applications they interact with daily. Our partner SentinelOne noted, “The threat landscape hasn’t changed, but budgets definitely have. CISOs and CFOs will be more deliberate on the tools they choose. I think what’s so special about Torq is it not only speaks to something that makes you secure, but also helps you save money as well, and that’s going to speak to the heart of the CFO who is more and more influential in terms of that security buying decision.” That’s why it’s mission-critical for organizations to simplify and integrate tools to prevent coverage gaps.
Multi-Cloud Complexity
Did you know that 76% of organizations operate in multi-cloud environments? We heard lots of discussion about the challenge of the complexity of multi-cloud environments. Our partner Dig, said, “I think Torq and Dig have both identified that the scale of the cloud requires a different level of automation.” With the adoption of multiple cloud services from different providers, it is challenging for cybersecurity teams to manage and monitor security risks effectively. Hyperautomation can help to streamline the process by automating the detection, analysis, and response to potential security threats.
Torq Hyperautomation is here to change the game. Here’s what the media had to say about Torq Hyperautomation:
“One of the most interesting products to see at RSAC 2023.” CSO
“Top-10 cool new cybersecurity tool announced at RSAC 2023.” CRN
“One of the most important new product announcements at RSAC 2023.” SecurityWeek
“Automates whole workflows and processes for all security initiatives within an organization.” Analytics Insight
“Torq empowers people to take greater responsibility for security while enabling them to participate in threat remediation.” SiliconAngle
“Capable of automating the most complex security infrastructures.” Betanews
“Torq Hyperautomation is distinguished from legacy SOAR, making it simpler to use a range of tools to create new processes.” Security Boulevard
“A quantum leap forward for security automation.” SecuritySenses
Want to learn more about how to streamline your security workflows and stay ahead of emerging threats? Test drive Torq Hyperautomation, here: https://torq.io/demo/
Empower your security teams to proactively detect and respond to threats with Torq’s hyperautomated case management capabilities
Introduction
Threat hunting is the process of proactively searching for hidden threats in an organization’s environment – a critical modern cybersecurity activity. However, relying on manual threat hunting alone can be time-consuming and resource-intensive. In this blog, we’ll explore how Torq Hyperautomation, with its new automated case management features, empowers security teams to harness the power of next-gen threat hunting, providing a unified, intelligent, and proactive approach to automated threat hunting.
The Evolution of Threat Hunting
In recent years, the cybersecurity industry has shifted towards more proactive and automated threat hunting. This approach helps security teams discover hidden threats and reduce dwell time by automating the detection and response processes. Torq Hyperautomation is designed to accelerate this evolution by providing advanced capabilities for threat hunting and security investigations.
Torq’s Platform: Hyperautomating Threat Hunting
Torq hyperautomates threat hunting, cutting MTTI through the following key features:
Automated Case Management-By hyperautomating case management, security teams can streamline their workflows and focus on high-priority threats. Torq empowers teams to automatically create, update, and manage cases in response to security alerts, ensuring that they can quickly prioritize and respond to threats. Analysts are freed from the mundane to concentrate on higher-level security activities.
Observables-Observables are first-class citizen objects representing artifacts of information, such as URLs, domains, and IP addresses. These objects, which are OCSF-compliant, can be associated with one or many cases. This capability empowers security teams to track the relationships between different elements across investigations, unlocking novel and valuable insight.
Relationship Tracking-Torq’s platform allows security teams to implement correlation, enrichment, and contextualization logics in the workflows they build, leveraging the relationships between observables, cases, and alerts. This helps security analysts identify patterns and uncover hidden threats.
Automated Threat Hunting in Practice
Andy Ellis, Advisory CISO, Orca, and YL Ventures Operating Partner, recently noted that automated threat hunting is about learning all the ways in which an organization is currently blind and shining a light on them. It requires continuous improvement and adaptation, with security teams constantly refining their detection and response capabilities.
With Torq Hyperautomation, security teams can create automated workflows to detect and respond to threats. As teams discover new threat patterns, they can refine the automated detection and response process, making threat hunting more efficient and effective over time. This increases efficiency, reduces burn-out and churn, and maximizes the security operations investment – in human resources and technology.
Conclusion
Torq Hyperautomation, complete with its advanced automated case management features, empowers customers to elevate their threat hunting game activity by providing comprehensive visibility, user-driven context, automation, and advanced analytics. By embracing these capabilities, security teams can remain ahead of evolving threats and protect their organizations more effectively. Experience the power of proactive threat hunting with Torq Hyperautomation, today.
Not using Torq yet? Get in touch to handle this issue, and see how Torq security hyperautomation accelerates security operations to deliver unparalleled protection.
Why does that matter? I’ll let Gartner explain. It says “Hyperautomation is a business-driven, disciplined approach that organizations use to rapidly identify, vet, and automate as many business and IT processes as possible.” Simply put, it’s the future of security automation, and we’re delivering on its promise, today.
So Long, SOAR
The Torq Hyperautomation Platform is the first to automate all workflows and processes across the entirety of modern enterprise security organizations to deliver best-in-class, end-to-end cybersecurity protection. It also offers the world’s first GPT AI-based analytics capability for auto-analyzing cybersecurity incidents, making strategic responses, and informing immediate and long-term defensive measures.
Torq Hyperautomation enables security professionals to create and deploy complex, sophisticated workflows in minutes, more than 10X faster than legacy SOAR and conventional security automation solutions that also involve costly professional services commitments. In fact, our customers now rely on our platform for more than 3m daily security automations. In other words, when we say SOAR is dead, we mean it.
Integrates with Anything and Automates Everything
With Torq Hyperautomation, customers are experiencing the deepest integrations imaginable, that enable them to:
Connect to Everything–Every app, every stack, vendor agnostic across cloud, on-premise, and hybrid environments, including Microsoft Teams, Slack, Discord, and Zoom.
Use No-Code, Low-Code, and Full-Code–Go beyond APIs, with support for any CLI, on any platform, and any programming, or scripting languages, including Python, GraphQL, C#, and gRPC.
Bring Your Own Container–Torq orchestrates containerized actions that can connect internal and external platforms seamlessly, including support for Docker, Kubernetes, Amazon Web Services, and Azure.
Making AI-Based Automation a Reality
We’re liberating overworked security and IT operations professionals by innovatively deploying the power of AI. Torq Hyperautomation integrates GPT to dramatically enhance SecOps using Natural Language Processing (NLP) to accurately answer user requests in real-time, which elevates the speed, quality, and accuracy of investigating and resolving security issues.
With GPT integration, Torq uniquely delivers a chatbot interface integrated into Slack, MS Teams, Discord, and Zoom to communicate with security tools and systems. Now, SOC analysts or any authorized operators can use natural language to intuitively search for specific information and insights across multiple security tools and data sources. It simplifies interactions with complex security tools and makes analysts more efficient in threat hunting, investigations, and response. It also auto-escalates self-service requests, notifying SecOps teams when a critical incident requires human intervention.
Your Security Product’s Favorite Security Product
With Torq Hyperautomation, our customers, spanning the Fortune 500 and the world’s leading cybersecurity vendors, including Wiz, Abnormal Security, Armis, and SentinelOne, are consolidating, managing, and orchestrating the entirety of their cybersecurity stacks.
We’re proud to also have many of the world’s biggest financial, technology, consumer packaged goods, fashion, hospitality, and sports apparel companies experiencing extraordinary outcomes with Torq Hyperautomation. Here’s what a few of them are telling us:
“We now query 2,000+ assets in under 7 minutes with Torq, which previously took over an hour to run, one at a time. This reflects an 800% improvement in execution time.” – Taylor Harwerth, Cloud Security Architect, Abnormal Security
“It’s amazing to see that Torq is handling 80,000+ runs a week for Compuquip without a single hiccup. Torq saves hundreds of hours a month on analysis. Alert fatigue is a thing of the past.” – Phillip Tarrant, SOC Technical Manager, Compuquip
“The only limit Torq has is people’s imaginations. And if I take Torq out, I lose three people.” – Gai Hanochi, VP Business Technologies, Fiverr
“Torq has transformed how our team manages security. Using Torq to manage web application firewall blocking rules reduced time-to-block malicious traffic by 70x, and increased coverage to over 90% — a significant improvement.” – Jonathan Jaffe, CISO, Lemonade
“Torq’s pre-built workflows enable us to easily deploy cybersecurity defenses at scale throughout our organization, mapping to countless different use cases, and protecting us across multiple conceivable incursion points.” – Yaron Slutzky, Chief Security Officer of Agoda
A Bold New Brand Refresh
The eagle-eyed among you will notice we’ve also unveiled a new look and feel for the Torq brand. It’s dynamic, infused with energy, and projects the excitement and innovation Torq Hyperautomation delivers. It’s also about capturing lightning in a bottle, illustrating the incredible drive and commitment each and every Torq employee has towards our customers. There’s lots of light, color, and electricity and we can’t wait to further deploy it in the coming weeks and months across every Torq touchpoint.
