Agoda Accelerates Security Incident Response and IT Service Resolution

Lean Security Team in the Midst of Complex Modernization

Online travel platform Agoda faced a pivotal challenge: modernizing security operations while operating with a small, geographically distributed team. At the same time, Agoda was migrating from legacy on-premise infrastructure to a modern cloud-first security stack.

Their CISO’s vision was clear: build a lean, highly technical team that could scale through automation rather than headcount. But Agoda’s existing automation solution required extensive manual connector development and lacked native integrations with their growing security toolset.

To meet priorities like reducing the cost of securing cloud assets, speeding up mean time to resolution, and streamlining cross-functional collaboration across time zones, Agoda needed a more advanced, scalable, and security-first automation platform.

A Case Management Backbone Built for SOC Maturity

In 2020, Agoda selected Torq Hyperautomation™ after a successful proof of concept showcasing the platform’s ease of use, breadth of integrations, and hands-on support. Within weeks, workflows that previously required time-intensive manual coding were running in production, accelerating both cloud security and IT processes.

Seamless, full-stack integrations
Torq’s out-of-the-box security integrations aligned directly with Agoda’s technology stack, eliminating the need for custom connectors and speeding up implementation. This flexibility was especially valuable for hybrid environments, as Jemuel Dalino, Senior Manager of Application Security at Agoda, recalled: “Previously, we sometimes scratched our heads wondering how to connect a SaaS app to an on-prem endpoint. With Torq, we can build it rapidly with webhooks. The ecosystem is incredibly powerful.”

Simplicity with depth
The no-code/low-code interface (with full code capabilities) made automation accessible to security engineers without advanced programming skills, while still allowing power users to push the platform’s capabilities further.

Hands-on support to get up and running fast
Torq engineers, including company leadership, co-built critical early workflows alongside Agoda’s team, ensuring fast adoption and immediate impact. Karthick Gopalakrishnan, Cybersecurity Manager at Agoda, said, “With Torq, we could automate workflows without waiting for heavy coding. Even Torq’s CTO jumped in to help us build during the early days — it was seamless.”

Hyperautomated Security and IT Workflows Across Agoda

Over time, Agoda’s use of Torq has expanded well beyond their initial cloud security use cases. Today, Torq powers a broad Hyperautomation fabric spanning incident response, IT support, and application onboarding.

Automated security alert enrichment and containment
Every SIEM alert triggers parallel Torq workflows that enrich data (such as IP, host, user, and domain) and leverage ChatGPT analysis, handing analysts pre-investigated alerts. High-fidelity alerts trigger automatic containment actions, including isolating endpoints and resetting passwords, letting analysts focus on investigation instead of firefighting.

Complete end-to-end phishing email automation
Employees can report phishing emails directly from an Outlook button. Torq then automatically enriches sender and IP data, analyzes links and attachments, uses LLM for sentiment and classification, and responds to users within minutes — eliminating analyst intervention for Agoda’s daily phishing submissions. Laksh Gudipaty, Security Incident Response Manager at Agoda, says, “Torq completely removes manual intervention for phishing. It’s now end-to-end automated on a 24×7 basis without any human intervention.”

Accelerated IT service desk response
Agoda’s monthly password reset requests are now fully automated with Torq, cutting resolution time from hours to minutes. Additionally, half of app deployment requests are now handled through Torq workflows, dropping provisioning time from one day to just 10 minutes.

Cross-team expansion
What started with Agoda’s application security, incident response, and SecOps teams has now spread across IT and engineering, with teams using Torq to build their own workflows for processes like proxy whitelisting and even automated threat modeling draft generation for developers.

Near-Real-Time Incident Response and IT Transformation

With Torq Hyperautomation, Agoda transformed its approach to security and IT operations, shifting from manual, resource-heavy processes to near-real-time workflows. The result has been faster response times, stronger cloud security posture, reduced operational overhead, and a better experience for both employees and analysts.

Faster responses across the board
With Torq automating much of Agoda’s alert enrichment, containment actions, and routine ticket handling, issues that once required time-consuming manual work are now addressed almost immediately. This means that “the mean time to respond in incident response and time to handle a ticket in security engineering has decreased a lot,” says Karthick.

Empowered end users
Employees reporting phishing emails now receive a verdict within minutes, thanks to fully automated enrichment and AI analysis. This quick turnaround has encouraged more proactive reporting and eliminated repetitive analyst workloads.

Accelerated application security
Critical findings that once took two weeks to reach engineering teams are now handled almost instantly, turning slow cadences into a continuous resolution pipeline. Jemuel said, “Agoda decreased the time from detection and reporting to the engineering team from two weeks to almost real-time.”

Improved cloud security posture
Torq connects directly to Wiz, ingesting cloud security issues, enriching findings, and automating their resolution across globally distributed engineering teams. By orchestrating Wiz findings through Torq, Agoda streamlined cloud security posture management and reduced missed SLOs by 47%, strengthening overall resilience.

AI-powered incident reporting that saves hours
Torq + ChatGPT automatically compile Slack discussions from incident war rooms into formatted, legally-toned incident reports in less than 30 to 40 minutes instead of the six to seven hours it previously took to do manually — boosting both efficiency and consistency.

Agoda’s next plan is to enhance its internal ticketing platform with AI-driven routing. Today, users must manually select the right team; soon, Torq will automatically tag and route tickets based on context and request details, further reducing friction across distributed global teams.