Lennar Corp. Moves From XSOAR to Torq — Freeing SOC Analysts From Tedious, Manual Work

Overburdened by Phishing Remediation and Limited XSOAR Integrations

Lennar’s security operations center (SOC) monitors alerts for three different business units within the nationwide homebuilder and is responsible for identifying malicious logins, rooting out malware, and remediating phishing attempts.

The eight-analyst SOC team was spending too much time on phishing remediations, with time to resolve taking “hours and hours” due to requiring significant manual work.

Lennar needed an automation solution that offered the flexibility and functionality to reduce phishing remediation times while also offering extensibility that enabled them to connect to any tool in their security stack. Their previous solution, XSOAR, could not do any of that.

Flexible, Powerful No-Code Automations

Daniel Gross, Sr. Operations Analyst at Lennar, went on a hunt for a new solution. His team discovered Torq and immediately noticed several key advantages over their previous solution.

Empowering every team member with no-code and AI workflow building
Torq’s no-code functionality and AI support make the platform “plug and play” incredibly easy to use for all skill levels.“The no-code solution — the ease of use — allows us to collaborate and also to build workflows ourselves,” Daniel says. “Whereas the functionality in the other tools wasn’t as easy to use.”

And adding AI functionality on top of it with a prompt-based step builder makes it even easier. “With the no-code solution and a feature like the AI wizard, it allows someone who doesn’t know a JQ, for example, to easily say in human-readable context, ‘I would like to do this,’ and it will build you out a script or something you can easily use,” he says.

Unprecedented ease of use
The ease of use of Torq surpasses the Lennar team’s expectations, and Daniel said it is a major differentiator compared to XSOAR. “When we do it with the other tool, it’s not as easy and fast as with Torq,” he says. “We would do a lot of manual Excel work where we have to build a formula and export it to excel. Where in Torq, you just build in a variable or a step where you can define variables, and it allows you to do less exporting and manual work and keep it really in the tool.”

Analysts Freed from Manual Work for Proactive Threat Hunting

Resolving phishing incidents faster
Before Torq Hyperautomation, a phishing incident would take hours to resolve. “Before we had Torq, we would do a lot of manual phishing remediation, which was a big time-taker,” Daniel says. “We would spend hours and hours.” Now it takes just minutes, marking what he calls “a significant drop in time to resolve those incidents.”

Eliminating manual work
“We were able to really cut down a lot of manual work,” Daniel adds, noting that the team can now apply that time saved to tune other tools. “With the time saved by the Torq workflows, we can measure how much overhead we would need.”

Freeing SOC analysts for proactive threat hunting
The time saved by not having to do manual work gives the Lennar SOC team the freedom to do more threat hunting and research, which are critical to their roles.

Automating Asset Management Workflows

Going forward, Lennar has started implementing Torq into its asset management, which has already introduced significant time savings. Daniel said the Lennar SOC team hopes to put more workflows into production very soon.

“We’re using Torq now to better understand our asset inventory,” Daniel says. “We’re able to pull from all of our tools and we’re able to do within the workflow some comparisons and see from each tool how many assets we really have. It really reduces the amount of time.”