1,000 Hours and $120k Saved: A Commercial Real Estate Firm’s First Quarter on Torq

A Legacy SOAR That Stopped Evolving

A global commercial real estate firm managing a portfolio of properties across multiple business units needed a security automation platform that could keep pace with a growing operational scope. For nearly five years, the five-person cybersecurity team relied on Palo Alto’s XSOAR as their automation backbone. It worked — but it never got better.

“[The legacy solution] we bought four or five years ago was where we were at. It didn’t really change. Once you learn it, you can be pretty proficient in it, but it’s very clunky for new users to be able to grasp,” stated the Director of Cybersecurity Engineering and Operations.

The platform required expert-level knowledge to build playbooks. Integrations outside the pre-built library meant manual API work or expensive professional services engagements. Case management required navigating multiple interfaces and opening dozens of tabs. And support, which started out decent, degraded year over year — eventually devolving into a general help desk with no regular check-ins and no proactive guidance.

For a five-person team covering both operations and engineering across multiple portfolio companies, their legacy platform had become a constraint rather than a force multiplier. They needed something that could move fast.

Low-Code Automation with Hands-On Partnership

The team ran a formal RFP to find a new security automation solution. Every vendor had integrations. Every vendor had some form of case management. The thing that separated Torq was simpler than that: the workflow builder.

The Lead Cybersecurity Engineer — the person who would live in the new platform every day — sat down with Torq during the evaluation and was building within minutes. With XSOAR, proficiency took months. With Torq, it was immediate. “I was able to really grasp Torq instantly”, said the Lead Cybersecurity Engineer.

That mattered because speed-to-build is speed-to-value for a team this size. If the one person building automations can move twice as fast, the whole operation moves twice as fast.

The team also needed a vendor who showed up. Torq’s Professional Services comes with a dedicated Customer Success Manager, a technical Sales Engineer they could call directly, response times under an hour, and regular working sessions, which was the opposite of what they’d been living with.

“There’s a desire from Torq that we get the most out of this tool as possible. With our old vendor, you’re one of many products — not even customers,” said the Director of Cybersecurity Engineering and Operations.

Zero-Downtime Migration

The mandate was simple: migrate everything from XSOAR with zero downtime. No gap at all between the old platform going dark and Torq going live.

The Lead Cybersecurity Engineer built roughly 80% of the implementation himself. Torq’s team didn’t build for him — they reviewed his work, suggested refinements, and made sure he understood the platform deeply enough to own it long-term. By the time the migration was complete, the team no longer needed Torq to maintain anything. They had the knowledge in-house from day one.

Rapid playbook recreation
The team started by tackling their most complex and massive use cases first: phishing and typo-squatting playbooks. Because Torq’s workflow builder was so flexible, they were able to easily customize the workflows to match their exact internal processes.

Case management
Training the broader team took almost no time. The contrast was stark: XSOAR required analysts to navigate multiple interfaces and juggle dozens of tabs. Torq put everything in a single pane.

Custom integrations
The team built connections to tools that weren’t natively integrated — including EVR, Ignite, and file-sharing platforms — using Torq’s integration builder and AI assistant. With XSOAR, the same work would have required paid engagements.

Automating Compliance, Phishing Response, and Domain Scans

Torq drastically lowered the barrier to entry for building automations, allowing the lean security team to extend their services across the broader enterprise and generate measurable, executive-level business value.

Cookie compliance scanning across 3,000+ domains
The firm manages thousands of domains, each requiring regular scanning to ensure compliance with privacy policies, cookie policies, and regulations. The old process: log into a domain, open developer tools, inspect cookies, document findings. Multiply that by 3,000. Now a single Torq workflow handles the entire scan, flags non-compliance, and generates reports. Savings: $40,000 to $50,000 per quarter.

Simulated phishing follow-up across the portfolio
When employees fail simulated phishing tests, someone used to manually export results, identify repeat offenders, determine the escalation stage, and send the right communication. That someone was a GRC analyst with a spreadsheet. Now the entire workflow — from ingestion to corrective action — fires automatically across multiple companies in the portfolio.

Automated ROI tracking
The Cybersecurity Engineer built a custom Torq workflow that tracks ROI by applying internal bill rates to the time saved across all automations. The team is now collaborating with Torq to build this methodology into the platform for other customers to use — turning a homegrown solution into a product capability.

GRC audit support
Next up: Automating privileged access reviews. The workflow will pull users from privileged groups across systems and servers — work that currently requires infrastructure teams to manually log into multiple systems on a recurring schedule. When live, it will compress days of audit prep into minutes.

ROI That the Board Listens To

The team tracks ROI in dollars, not dashboard metrics. The board doesn’t care how many workflows were run. They care about the multiplier.

~1,000 hours saved in Q1
Torq converted repetitive triage and manual compliance work into recovered capacity; the team reinvests in deeper investigations, new automations, and cross-functional projects.

~$120K in cost savings in Q1, targeting $600K annually
An ambitious number the team set themselves. Cookie compliance alone accounts for roughly $160,000 to $200,000 in annualized costs. The rest comes from phishing automation, simulation follow-up, and every new workflow the team ships.

Faster time from idea to production
Other teams across the organization now come to the cybersecurity team for automation instead of routing requests through internal software development teams — because this team delivers faster with Torq.

Support that feels like an extension of the team
Direct relationships with a dedicated CSM, technical SE, and implementation partner. Response times within an hour. Regular working sessions that both sides look forward to. The team describes Torq support as “one thousand times better” than the legacy vendor — and they mean it literally.

By switching to Torq, the cybersecurity team transformed from a development bottleneck into a rapid-delivery automation engine. The ease of use sparked a cultural shift: automation requests that used to land on sticky notes now flow through a formalized intake program, allowing any group in the company to submit ideas. The security team scopes, prioritizes, and builds at a scale that was impossible on the legacy platform.