Kenvue Transforms SOC from Outsourced Black Box to Strategic Value Center

Outgrowing the ‘Black Box’

Kenvue’s security team protects a global enterprise of iconic household brands like Johnson’s, BAND-AID, Listerine, and Neutrogena that serve over a billion daily consumers. Their security function initially operated through an outsourced model — a strategic decision to quickly gain coverage at scale. But with that black box approach came tradeoffs: limited visibility and ability to measure effectiveness.

As Kenvue’s global footprint grew, the team began a deliberate next step in their maturity: bringing operations back in-house and building the internal capabilities needed to move from reactive “whac-a-mole” approach to a proactive, data-driven strategy. Kenvue’s drive was clear: build a transparent, consistent, and scalable in-house SOC that could not only respond faster but also provide relevant insights for continuous optimization.

This required a centralized, security-native case management system that could unify all of the tools, data, queues, and indicators across their stack, enforce consistency, and drive measurable improvements across every type of security incident.

A Case Management Backbone Built for SOC Maturity

After evaluating multiple automation platforms, Kenvue selected Torq Hyperautomation™. The platform’s purpose-built case management and end-to-end observability provided the foundational backbone Kenvue needed to not just accelerate response, but improve consistency and gain meaningful insights that drive continuous improvement.

Advanced case management built for SecOps
Dustin Nowak, Kenvue’s Sr. Manager, Threat Detection & Hunt, noted that Torq’s case management backbone — specifically how it handles cases, observables, events, and notes — was far more mature than the simple automation and orchestration of other tools he’d used. “I was impressed how clearly Torq was designed specifically for SecOps investigations.”

Standardized workflows driving consistent response
Torq enabled Kenvue to normalize and structure their workflows, ensuring consistent response, case handling, and documentation across diverse incident types and investigations. In Torq, every escalation contains the same information and data and follows the same playbook, eliminating ambiguity and ensuring a higher quality of response across the board. Dustin emphasized, “It wasn’t just about speed — it was about consistency, and being able to prove we’re doing the right things the right way.”

Unified, streamlined data for actionable insights
For Kenvue, making sense of vast amounts of security data often felt like a needle-in-a-haystack challenge. Torq unified Kenvue’s technology stack to automate much of the investigative process, from case creation and data enrichment to correlation and containment actions. The result: critical signals are surfaced at machine speed, analysts have rich context at their fingertips, and actionable intelligence drives faster response. Additionally, interactive forms can be easily built in Torq for business units to submit information, streamlining intake for issues like third-party incidents or compliance concerns. Perhaps most importantly, Torq enables the SOC to track outcomes and apply that data to continuously optimize processes.

From Kickoff to Production in Six Weeks

Kenvue came into the deployment with a clear vision of what they wanted to accomplish. According to Dustin, the key to success was combining Kenvue’s carefully documented roadmap of desired case management workflows with Torq’s powerful case management backbone, using the deployment as an opportunity to optimize processes from the ground up.

With an aggressive two-month timeframe to get to production, the Kenvue team leveraged Torq’s JumpStart program to hit the ground running. In just six weeks, Kenvue accomplished all their initial goals, including their first priority: building out end-to-end case management.

Full lifecycle case management — fast
Dustin says, “What really got my motor running with Torq was how quickly I was able to adapt and build out a case management infrastructure.” With Torq, his team rapidly integrated key systems, then automated creating cases, extracting indicators of compromise (IOC), and enriching observables. This immediately eliminated many time-consuming manual data collection tasks. Next, Kenvue built out response actions such as instantly blocking an IP address, containing a host, resetting a password, and detonating a file in a sandbox — all directly from the case.

Unmatched adaptability
Kenvue’s highly customized IT environment and complex security configurations restricted the use of some native integrations — making Torq’s deep adaptability essential. For example, when a native JIRA integration was blocked by Kenvue’s unique constraints, Torq was easily able to deconstruct, adapt, and rebuild the integration to work in Kenvue’s unique environment.Torq’s flexibility enabled Kenvue to apply their own carefully considered case management methodology to the implementation, rather than being forced into a one-size-fits-all framework. Dustin shared an example of when Kenvue presented a complex process as a Vizio diagram to Torq’s team and “rather than saying ‘this is how Torq works so this is how you have to do it’ the way other solutions might, they acknowledged and adapted to our mature, documented processes in a way that was really effective.”

Quickly turning users into builders
Torq’s highly intuitive platform and JumpStart onboarding program was instrumental in helping Kenvue grow a functional knowledge base and teach five new team members to start building in the dev space. JumpStart provided hands-on knowledge transfer as Torq Solution Architects built top-priority use cases side-by-side with Kenvue’s team while sharing best practices so they could get up to speed quickly and start building on their own.

Proving SOC Maturity and Value with Data

Kenvue’s security team hit their end-of-year automation goals in just six months and they’re already automating 89% of cases with Torq. They also saw a 60% decrease in mean time to respond (MTTR) within 2 months. Beyond automation, Torq also helps the security team solve unique challenges while delivering operational clarity, strategic insights, and tangible value the SOC can now demonstrate to the business.

Analysts freed for deeper investigations
Previously, analysts often had to operate under a “Lucille Ball conveyor belt” mental model, spending a limited amount of time on a case to confirm basic info then quickly moving on. With Torq, the initial data collection and triage are now handled automatically, allowing analysts to start much further ahead on a case with full context. This new efficiency allows them to go “ten layers deeper” into investigations, spotting even subtle IOCs and confirming true positives that may have previously been missed. As a result, analysts can now “sink their teeth” into more thorough, meaningful investigations, uncovering critical insights they simply didn’t have the time to find before.

A data-driven feedback loop for continuous improvement
By building their overarching case management workflow in Torq with custom fields, tags, and rich categorizations, Kenvue’s team can now “slice and dice” case data with incredible detail. Previously, compiling metrics across fragmented platforms was difficult, but Joe Allen, Kenvue’s SOC Director, notes that Torq makes it “really easy” to measure various types of incidents in a uniform way and drill down to the analyst level. This allows them to add context and color to their data, helping to determine if a performance issue stems from a need for process improvement, better technology, or more training.

Granular insights to articulate the SOC’s value
According to Joe, most SOCs he’s worked in have been a “black box” — but with Torq, his team can clearly tell their story with data. Kenvue intentionally designed their case management in Torq with specific types, categories, and timers to capture the metrics they needed from day one that allow the SOC to demonstrate value, maturity, and improvements over time.

From his years of consulting, Dustin has seen how “many SOCs can’t effectively measure their work and say, ‘We are doing the X, Y, and Z you’ve asked us to do.’” That’s why deploying Torq at Kenvue is about a much bigger picture than just automating tasks — it’s about strategically transforming their SecOps to be more data-driven and responsive, enabling their SOC to quantify its effectiveness and showcase its value to the business.