Cybersecurity chief Jonathan Fischbein faced a problem his peers could probably relate to: too many security alerts and too few security operations center analysts.
“We’re on a tight budget,” says Fischbein, CISO at cybersecurity software provider Check Point. “I would say that within the SOC, we were short 30 to 40 percent of staff.”
Without enough staff to respond to the constant stream of security alerts coming into the organization SIEM The conditions were ripe for disaster. “If you get an alert and you don’t respond to it, it can turn into an incident,” Fischbein said. “And that’s not something I want to happen as a CISO.”
AI dethrones SOAR legacy
In order to reduce the share of his team fatigue alert and improving Check Point’s security posture, Fischbein began exploring automation platforms. Feedback from his CISO and CIO colleagues led him to bypass legacy security orchestration, automation, and response (TO GO UP) products in favor of a hyperautomation platform from the startup Torq.
“We really liked that the user interface is graphical and there are a lot of workflow automation templates,” Fischbein said, adding that the platform’s design focuses on the SOC analyst experience to make their jobs easier.
Jonathan Fischbein
Check Point has launched a proof of conceptWithin days of the trial beginning, Fischbein said, Torq had deployed more than two dozen AI-driven playbooks, automate responses to some of the organization’s most repetitive security alerts.
Importantly, Torq technology easily integrates with Check Point’s existing infrastructure and security stack, ingesting and analyzing data from a variety of systems and tools. “It fits perfectly,” Fischbein said.
He was sold.
We can automatically respond to issues before they become security incidents.
Jonathan FischbeinRSSI, Check Point
AI goes to work in the SOC
Today, Torq’s technology, now known as HyperSOC, reviews, triages, and remediates many of Check Point’s internal security alerts without any human intervention. If an alert meets certain parameters based on the organization’s security policies, the platform autonomously takes relevant predefined actions, such as launching an internal security alert. MAE challenge or block a suspicious user.
“We can automatically respond to problems before they become security incidents,” Fischbein said.
When events are potentially critical or complex, HyperSOC flags them for monitoring or analyst intervention and offers suggestions for next steps.
According to Torq, organizations can also train the generative AI-powered SOC platform to consider contextual factors in its decision-making, such as requiring confirmation from a human operator before locking the CEO’s account.
A 2024 survey by the Cloud Security Alliance suggested huge interest in generative AI for cybersecurity, with 94% of organizations planning or actively testing it for specific use cases.
Natural Language Processing Takes the Speak
Fischbein compared Torq’s HyperSOC to a Swiss Army knife in that it can handle a variety of security events of varying severity.
Part of this flexibility is due to technology large language model capabilities that allow it to ingest material written in natural language – ranging from internal proprietary manuals to industry framework documentation, such as Mitre ATT&CK — and to reference them during event triage, investigation and response efforts.
In cases that require human intervention, the platform also uses natural language to summarize its own workflows, present relevant data, and offer recommendations for next steps. This helps human analysts make more effective and informed decisions, minimizing the time and effort they spend on tedious and manual investigation tasks during active incidents.
AI is a SecOps tool, not a panacea
Torq’s AI-driven SOC platform has been successful in increasing efficiency and reducing alert fatigue among Check Point’s security analysts, Fischbein says. But that doesn’t mean he considers its Staff problems resolved.
“In our organization, we’re talking about 70,000 users in about 80 different locations around the world. The problems are endless,” he said. “Even if I increased my SOC staff by 40 percent, I would still have problems.”
In other words, the endless battle between SecOps Teams and the attackers continue – although AI-driven SOC technology potentially gives the good guys an advantage.
“It’s a game of cat and mouse,” Fischbein says. “And with Torq, we can catch the mouse more easily.”
Alissa Irei is the Editor-in-Chief of TechTarget Security.
