Automation has transformed phishing triage and case management for our security team
What is our primary use case?
My role is Cyber Security Engineer, and we use Torq for our case management platform, automating some of our phishing workflows to automate the containment of account takeover users, which are probably our biggest use cases.
I have used Torq to automate triage, investigation, and remediation across multiple attack surfaces, including endpoint, identity, cloud, IT, and others.
What is most valuable?
In terms of increasing alert handling capability for our SecOps staff, Torq's Agentic AI is really strong in analysis, and recently, we started using what's called the AI Step, having really great success. Using that one piece of AI, we auto-closed 511 cases in quarter four alone.
Torq has changed the day-to-day experience for my security analysts by enhancing their workload management and how they feel about their job, as they can now operate cases more quickly and have a nicer centralized location for information that previously required manual work.
Torq's unified platform approach to AI SOC automation and case management has significantly benefited us by integrating the case management platform with the automation, which saves time compared to managing multiple point solutions across our security stack.
What needs improvement?
Regarding the downsides of Torq, one issue is that as a SaaS product, I sometimes encounter transparency issues about what is going on behind the scenes, necessitating contact with Torq support to get logs in certain situations. From an engineering perspective, I think more error messages and error handling information for our engineering team would be very helpful.
For how long have I used the solution?
I have been using Torq for approximately a year and a half.
What do I think about the stability of the solution?
Regarding stability, I have noticed some lagging, crashing, and downtime, which is one of my largest gripes. There are occasional odd issues, but they are generally not long-standing problems, just a little annoying.
What do I think about the scalability of the solution?
Scalability of Torq is great; our case management is super scalable, and workflows are very easy to keep designing more of.
How are customer service and support?
I have contacted Torq's technical support.
The speed and quality of their answers have been pretty good, as I usually get a response within 24 hours, and they follow up well. One specific instance was when an SSO token expired and I was unable to log into the platform, where I submitted an emergency ticket and received a very quick response, resolving the issue within a couple of hours.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I have used an alternative similar to Torq, which was Palo Alto XSOAR.
How was the initial setup?
The initial deployment of Torq was pretty easy from my perspective. Torq provided a sales engineer who helped build things and ensured I understood the platform completely.
It took about three or four months of sales calls, testing, building, and then we officially deployed Torq just about a year ago after completing the purchase.
What about the implementation team?
From the engineering side, the deployment can work with just one person, although managing everything else related to case management gets more complicated. Still, it is manageable with one person.
What was our ROI?
I saw the benefits of Torq pretty immediately. I worked with their sales engineers before we purchased the platform to build proof of concepts, so by the time we officially bought Torq, we already had two workflows that were very helpful to us.
What's my experience with pricing, setup cost, and licensing?
Before deciding to implement Torq, I considered that compared to our old case management platform, Torq was a much better price and had a lot better value for what you get out of the platform, which was a key consideration for the company. I think it is a more modern case management system compared to our old platform, making it a nice modernization upgrade, especially since we barely had an automation platform before this.
Which other solutions did I evaluate?
Comparing them, the biggest difference that comes to mind is the significant cost difference, as Palo Alto charges a huge amount for their products. The experience of designing workflows in XSOAR versus Torq feels almost exactly the same with a drag-and-drop feature, but with Torq, it integrates intentionally with the case management platform without extra charges.
In comparison to other solutions I have used, for how new the company Torq is, it is pretty well set up. The user experience, such as the design of the workflow building, is very similar to a previous automation tool I used, which made it easy for me to start building immediately because it has an intuitive, modern workflow building user interface.
What other advice do I have?
Torq's maintenance requirements depend on how you define maintenance. While Torq handles the platform's overall reliability, I have to perform maintenance on the workflows I build when bugs arise.
I have no partnerships, but once, they sent me a really cool hoodie.
I would rate this review a nine out of ten overall.
Centralized Incident Management That Exceeds Expectations
What do you like best about the product?
I appreciate how it simplifies the process of viewing all incidents in a single location, bringing together all related discussions. Additionally, it enables alerts to be integrated into existing workflows and offers the security operations center an effective method for tracking all activity related to events.
What do you dislike about the product?
We have total confidence in this program; there is truly nothing I dislike about it. It has provided everything we needed and has been customized to fit our specific requirements.
What problems is the product solving and how is that benefiting you?
Torq is an excellent product that supports our organization's vulnerability program and has done an outstanding job protecting our network. In the past, we had to manually verify each individual product or scanner, which was a very time-consuming process when it came to resolving SIRs, VITs, and conducting threat hunting. Torq has streamlined this work significantly.
Comprehensive network scans to achieve the strongest remediation efforts with Torq
What do you like best about the product?
I like how it quickly picks up vulnerabilities that we never knew were a thing because of how comprehensive it is in scans. I really enjoy using this platform as it gives me the necessary vulnerability insights and allows us to easily customize firewall policies prioritizing the risk at hand to mitigate any possible malware attack.
What do you dislike about the product?
They have great documentation, but there is a lot to this platform, so learning all of its best-practices can take some time for some users.
What problems is the product solving and how is that benefiting you?
It finds threats on all our endpoints, in the cloud, and in our virtualized infrastructure and gives us step-by-step instructions for more effective remediation of risks. We also use it to ensure new devices do not have any outstanding patches before being deployed.
Top platform that is very accurate in network scanning to maintain robust cybersecurity
What do you like best about the product?
We chose Torq above the competitors over the fact that it provides easy to understand dashboards, good log analysis and unlimited network scanning. The installation process was straightforward without any delays and its the best vendor we have ever worked with. I like how the specific vulnerability reports provide exact proof of what triggered the alerts.
What do you dislike about the product?
Honestly for as long as I have used it, I can’t think of anything that I can complain about it does what I need satisfactorily.
What problems is the product solving and how is that benefiting you?
It is a powerful tool that guides our vulnerability management programs from discovery to remediation bringing real-time protection of the environment from cyberattacks.
Comprehensive Threat Detection with Seamless Automation
What do you like best about the product?
I appreciate the threat detection feature, as it provides a broad array of functions. Its seamless integration with automation delivers a unified and strong security overview. However, I have noticed that the application does not continuously adapt to monitor emerging threats.
What do you dislike about the product?
At times, the system fails to retrieve the data I select in the fields, and I feel the search function could use some improvement. Additionally, the interface can occasionally be less intuitive for administrators, which makes the process more time-consuming.
What problems is the product solving and how is that benefiting you?
The software is excellent at securely detecting threats and is a highly scalable tool that addresses our security needs. It enables us to automate numerous actions and procedures, and its robust development ensures it can meet a wide range of requirements.
Secure and scalable platform to provide a reliable vulnerability report on overall network security
What do you like best about the product?
The stand out strength of Torq is its ability to conduct accurate vulnerability assessments across systems and also it allows us to perform a full scan of our entire network ensuring analysis of threat risks covering all the devices connected to our network is achieved.
What do you dislike about the product?
So far no complaints besides for maybe the documentation to be improved to help new users better understand their product but the platform itself performs as expected.
What problems is the product solving and how is that benefiting you?
We have been using it to manage vulnerability in our organization and it has been very reliable in reducing security risks because of its deep network scanning and timely remediation of vulnerability issues.
Torq reliably exposes all vulnerabilities with sufficient reporting on patch management
What do you like best about the product?
Initial implementation and configuration of this product was flawless, allowing us to transition from a competitor product to this powerful product without any gaps in our vulnerability management program. We broadly use Torq to see all the devices in our network that may have vulnerabilities and it usually accurately spots these and points us in the right direction for remediation.
What do you dislike about the product?
There is nothing I don’t like about Torq, the remediations are great and it has shown its value in protecting our network from all types of threats.
What problems is the product solving and how is that benefiting you?
Torq provides a thorough view of our organization’s network identifying security weaknesses and enabling the fortification of our cybersecurity defenses. By providing detailed solutions for the vulnerabilities reported, the tool allows easy remediation during the patching phase.
Effortless Security Automation and Seamless Integrations
What do you like best about the product?
Overall, Torq addresses important business challenges, particularly when it comes to scaling the security team and managing a variety of tools and integrations. I appreciate how simple it is to connect Torq with existing security software as well as other tools.
What do you dislike about the product?
I have not experienced any issues or inconveniences so far. Torq's automation features have greatly enhanced incident management by rapidly identifying, analyzing, and integrating security incidents, which leads to more efficient threat remediation.
What problems is the product solving and how is that benefiting you?
It is a valuable solution to automate cloud operations and optimize security processes. It is designed to address complex workflows, reducing manual work and improving productivity.
Unmatched Threat Management Through Quick Log Consolidation and Malware Blocking
What do you like best about the product?
Powerful tool for vulnerability management which helps with regular scanning of the network and also in prioritizing vulnerabilities in our systems. Right out of the box Torq was discovering vulnerabilities on the network that previous vendors were not discovering because of its brilliant ability to consolidate logs from all devices into one dashboard for effective analysis.
What do you dislike about the product?
There is nothing to dislike about this tool just that its robust so be prepared to do some scan engine configurations.
What problems is the product solving and how is that benefiting you?
Scanning the network allows us to remediate vulnerabilities from the endpoint since Torq is able to list out all the explicit options for remediation. Locating the threat in our environment using Torq speeds up the process of getting that risk out of the environment.
Powerful Security Insights and Fast CVE Detection to Protect Devices
What do you like best about the product?
Torq is a powerful tool that generates valuable metrics and dashboards that make it easy to surface high-critical security issues within the network. Once the product was deployed the vulnerability scans are now continuous and it does not congest the network. It is very quick at detecting newly released CVEs and reporting them to us with great support of the remediation plan aspect.
What do you dislike about the product?
Probably you may need to train some of the team members on how to use its advanced features and customizing quality reports.
What problems is the product solving and how is that benefiting you?
Torq fully covers our needs because we are able to discover and prioritize active vulnerabilities. This tool also gives us a detailed report to follow with exact actions to fix those vulnerabilities and protect all the devices in our environment.
