Reducing Human Effort in Cybersecurity | Why We Are Investing in Torq’s Automation Platform

At SentinelOne, we were delighted to play our part in helping Torq raise $50m in its Series B funding last week. We believe Torq’s no-coding approach to automation will facilitate more complex workflows to respond to threats and play an essential role in developing XDR. Torq is on a mission to reinvent automation for security teams, a mission we at SentinelOne fully support. The importance of automation – of taking human effort out of the security equation – is central to our philosophy.

What is Torq?

Torq is a platform built around world-class automation, best practices templates, connectivity, and data tools. Torq aims to let security professionals connect to any security system needed and easily build automated workflows with a no-code approach.

Automation helps teams do more with limited resources, spend more time on the most valuable work, increase productivity, and leads to less burnout and better team retention.

Torq and the SentinelOne Platform

SentinelOne customers will find a variety of use-cases for Torq, including:

  • Supercharge Your Threat Hunting – create automated workflows to look for specific indicators across a fleet of SentinelOne-protected-endpoints, allowing teams either to efficiently investigate the devices where they are found or automate adding items to block lists.
  • Enrich Your Threat Intelligence – for every threat discovered on a SentinelOne-protected endpoint, automate additional analyses, update results within the SentinelOne platform and add automated notes.

More generally, security teams can add Torq workflows for

  • Responding to Suspicious User Activity – when detected, send a verification to the user via Slack. Either allow the action (if the user verifies) or quarantine the account or endpoint if not.
  • Remediating CSPM – automatically remediate simple issues, route alerts to multiple teams for fixes, create ‘recommended action’ buttons in Jira, Slack, and other systems
  • Easily onboarding/offboarding – orchestrate policy updates across all systems and automatically trigger flows. Require approvals for granting/removing sensitive permissions.

Why We’re Excited to See Torq Succeed

Decoupling automation and remediation from SOAR and enabling integration with agnostic data sources to facilitate more complex workflows to respond or even assert a proactive posture against threats is one of the keys to an open XDR offering. Torq’s no-code approach delivers on this vision and provides an approachable visual and declarative means of authoring automation for security experts and novices, which is critical given the deficit in security professionals in our field.

We commend Torq for building a top-notch engineering team that delivers a simple, intuitive user experience that abstracts a very robust and well-thought-out platform. We are very excited to partner with the Torq team.

If you’d like to learn more about SentinelOne and Torq, contact us or request a free demo.