Torq Taps Generative AI to Automate SecOps Workflows – Source: securityboulevard.com

Torq today announced it is injecting additional generative artificial intelligence (AI) capabilities into its platform for automating security operations (SecOps) workflows.

Torq CTO Leonid Belkind said the company developed a Socrates Agent that will use multiple large language models to automate processes. Alternatively, organizations can use Socrates Agent to invoke a customer’s proprietary LLM, he added.

At the core of that approach is a Reason + Act methodology that provides the connective tissue required to turn a recommendation generated by an LLM into an automated SecOps process, said Belkin.

Rather than building its own LLM, Torq opted to use multiple existing LLMs to keep costs under control, noted Belkind.

Previously, Torq added support for OpenAI’s ChatGPT to provide access to its hyperautomation platform for SecOps via a natural language interface. Torq envisions Socrates Agent going further and automating most Tier-1 analysis processes within a security operations center (SOC). For example, cybersecurity teams can automate runbooks based on recommendations surfaced by an LLM. It will be up to each SecOps team to decide how much to enable the Torq platform to automatically execute those runbooks versus requesting approval from a cybersecurity administrator, said Belkind.

Given the chronic shortage of cybersecurity professionals and the increasing complexity of the IT environments they are being asked to protect, organizations have no choice but to rely more on automation to ensure cybersecurity, said Belkind. There is simply not enough manpower available to achieve the goal, he added. AI is simply the latest evolution in automation that should reduce the overall level of toil that increases burnout among cybersecurity teams, noted Belkind.

It’s still early as far as the adoption of AI in cybersecurity is concerned, but it’s certain that cybercriminals are exploring how to use many of the same capabilities to increase both the volume and sophistication of the cyberattacks they launch. Most cybersecurity professionals will not want to work for organizations that arm them with antiquated tools to combat AI-enabled attacks. In effect, a cybersecurity AI arms race is now underway.

Cybersecurity automation has never quite lived up to its promises largely because of the level of expertise required to achieve it using legacy platforms. AI promises to democratize security automation in a way that reduces the level of cognitive load previously required.

AI also promises to enable cybersecurity teams to not only automate cybersecurity processes at scale but also reengineer many processes that are currently inefficient. The goal should be to provide cybersecurity professionals with the time needed to investigate complex attack vectors versus focusing on rote tasks that are arguably better handled by machines that will execute them more consistently.

Of course, it may take some time before cybersecurity teams will grow to trust the automation enabled by the latest advances in AI. But it’s only a matter of time before more cybersecurity discussions start with, “Remember when we used to have to do that ourselves?”