Torq, a leading provider of security hyper-automation solutions, has recently introduced Torq Socrates, an innovative AI agent designed specifically for security operations. With the advent of large language models (LLMs), this advanced agent aims to automate critical security activities, reducing the burden of alert fatigue, false positives, and job burnout for security analysts.
Enhancing Cybersecurity Teams
Socrates empowers cybersecurity teams by offering automated contextual alert triaging, incident investigation, and response capabilities. By leveraging intelligence signals from diverse security ecosystems, this AI agent autonomously drives remediation actions. Socrates continuously learns and evolves through the accumulation and analysis of security events, effectively serving as an extension for Security Operations Center (SOC) teams. By prioritizing and categorizing potential threats, the AI agent enables SOC analysts to concentrate on handling critical security incidents.
Revolutionizing Security Operations
According to Leonid Belkind, the cofounder and CTO of Torq, Socrates is the industry’s first AI agent capable of performing complex multi-phase tasks related to triage, containment, and remediation of security issues. The LLMs integrated into the architecture can interpret and analyze tasks described in natural language, providing enterprise-grade security hyper-automation. Socrates can seamlessly integrate with any infrastructure, security, communication, and other tools within an organization’s IT stack.
The foundation of Socrates lies in the ReAct (Reason + Act) LLM approach, which combines AI-based reasoning with actionable methodologies derived from organizations’ unique SOC playbooks. Torq ensures responsible AI adoption by incorporating human-in-the-loop automation, ensuring that sensitive decisions and actions remain under the control of human operators. This integration empowers security analysts to stay in control of processes and outcomes, benefiting from well-documented responses and success criteria for future decision-making.
The repetitive nature of tasks performed by security analysts, especially Tier-1 analysts responsible for security event triage, often limits their creativity and critical thinking. This leads to alert fatigue and job burnout, particularly in the understaffed state of many security operations organizations. Additionally, the adoption of hybrid cloud technologies has resulted in an overwhelming influx of security events requiring analysis. In this context, Socrates offers relief by handling tasks related to security processes, allowing analysts to focus on strategic and proactive activities.
The Torq Socrates AI agent optimally utilizes infrastructure resources, with each accessible tool functioning as a Torq workflow. This approach enables the agent to execute multiple actions simultaneously, effectively processing large volumes of events and data sources. To ensure privacy, the agent is restricted to invoking complete workflows, which mask the data source and parts of the data. The sandboxed architecture confines all actions to a predefined allow-list while establishing an immutable audit trail for every action performed.
Real-life Testing and Availability
Belkind highlights Torq’s commitment to delivering technological breakthroughs that are validated in the field rather than just in the lab. Torq is collaborating with enterprise and MSSP organizations to expose Torq Socrates to real-life events and operational guidelines. This approach ensures that the agent is ready for deployment in diverse SOC and SecOps teams. Torq has announced the limited availability of Socrates to select enterprise organizations.
The launch of Torq Socrates brings significant advancements to the field of security operations. By leveraging AI and large language models, this innovative agent alleviates the burden on security analysts, allowing them to focus on critical security incidents and strategic activities. With its automated triaging, investigation, and response capabilities, Socrates revolutionizes security operations, contributing to a more efficient and proactive approach to cybersecurity.
Leave a Reply