Torq

Integrating Torq and Wiz enables security teams to automate the remediation of cloud security issues, freeing up SOC analysts’ time and giving them the ability to tend to the laundry list of low and medium issues that often go untouched. These low and medium issues still pose a threat, so creating automations for them can help avoid a security incident.

With Torq and Wiz, SecOps teams can create fully automated or human-in-the-loop remediation workflows for things like expired secrets, or unused privileged access keys.

Integration Benefits

• Reduce alert fatigue: Focus on fixing alerts that matter with high fidelity Wiz Issues looking at toxic combinations leading to attack paths. 

• Improve security posture: Gain deep visibility into risk across cloud with Wiz and automate remediation and threat response for known risks with Torq. 

• Operationalize security: Trigger Torq automation response workflows based on Wiz Issues that are critical to your business operations. 

Better Together

Wiz, combined with Torq’s no-code security hyperautomation approach, delivers actionable remediation and response to threats with a full audit trail of automated security actions. Torq and Wiz work seamlessly together to provide a realtime advantage in mitigating the ever-evolving cloud-based threat landscape with comprehensive contextual and accurate malicious activity identification. Torq frees up SecOps, CloudOps, DevOps and other teams time empowering them to focus on strategic business initiatives without being overwhelmed by cloud alerts.

Challenge

Torq addresses the limitations of legacy SOAR by providing a faster, more user-friendly, and AI-powered platform for automating security responses for misconfigurations identified by Wiz. This automation can improve a security team's efficiency and effectiveness in dealing with cloud security threats. Legacy SOAR struggles to automate responses to lower severity threat incidents. Torq and Wiz can create automated remediation workflows for these situations, freeing up security analysts for higher-priority threats

Solution

Automatically Deactivate Inactive IAM Users based on an alert from Wiz on an AWS admin principal, and automatically message in a slack channel with the right owners for approval to deactivate the IAM account. Limit Public Access to AWS S3 Buckets Containing Sensitive Data On trigger from Wiz data finding for an AWS S3 bucket containing sensitive data, automatically ask a Slack channel or bucket owner to limit public access Enable AWS S3 Bucket Versioning Receive an alert from Wiz on an AWS S3 bucket with versioning disabled, lookup owner tag, ask 
 owner or channel to enable versioning.