TL;DR:
- Torq, a cybersecurity automation solutions provider, introduces Torq Socrates, an AI-driven capability for security response.
- Torq Socrates combines intelligence signals from security ecosystems to enable autonomous remediation and adaptive learning.
- The AI Agent bridges off-the-shelf commercial and open-source LLMs with organizational data for efficient security operations.
- The ReAct LLM approach empowers Torq Socrates to make informed decisions based on operational guidelines.
- Torq Socrates uses a human-in-the-loop approach for safe AI actions.
- The system is showcased at the upcoming Black Hat conference and is available to select enterprise organizations.
Main AI News:
In a groundbreaking move, cybersecurity automation solutions provider, Torq, has unveiled its latest AI-based innovation, Torq Socrates. This cutting-edge capability is set to transform the way organizations track, prioritize, and respond to critical security threats.
What sets Torq Socrates apart is its integration of intelligence signals from various security ecosystems, empowering autonomous remediation. As it continuously analyzes security events, the system evolves and learns, making it a potent asset in the fight against cyber threats.
Leonid Belkind, co-founder and chief technology officer of Torq, praised the revolutionary nature of Torq Socrates, stating, “It’s a rare example of a breakthrough innovation that puts AI in the ‘pilot’ action seat, all the while maintaining a responsible AI adoption architecture. Control over activities remains firmly in the hands of analysts and architects.“
Torq Socrates introduces advanced AI capabilities to automate key security operations, such as alert triage, contextual data enrichment, incident investigation, escalation, and response. The secret to its prowess lies in its utilization of open source data within the framework of off-the-shelf commercial and open source Large Language AI Models (LLMs). This approach ensures efficiency without compromising accuracy.
Belkind explained the critical role of Torq’s AI Agent as a “connective tissue” bridging the LLM capabilities and organizational tools and data. Additionally, Socrates leverages public documents, such as the MITRE Att&ck security framework, to contextualize event outcomes and actions, enhancing the overall efficacy of the system.
At the core of Torq Socrates is the use of LLMs, enabling a deeper understanding of each organization’s unique SOC playbooks and adapting responses accordingly. The system employs the ReAct (Reason + Act) LLM approach, expertly blending AI-based reasoning with a constantly updated actionable methodology. This approach enables Torq Socrates to make informed decisions based on operational guidelines, such as determining the malicious nature of a sample or identifying VIP users.
Concerns about AI autonomy are addressed by Torq’s human-in-the-loop approach. The agent works exclusively within organization-defined parameters, requiring human approval for potentially disruptive actions, such as quarantining an executive’s laptop or blocking network segments. This makes Torq Socrates a safe and reliable addition to any security arsenal.
Currently, Torq Socrates is being offered on a limited availability basis to select enterprise organizations. The upcoming Black Hat conference will provide a platform for showcasing the system’s impressive capabilities.
Conclusion:
Torq Socrates’ AI-driven SOC automation represents a significant leap forward in cybersecurity capabilities. With its autonomous remediation and adaptive learning, it has the potential to revolutionize how organizations track, prioritize, and respond to security threats. Its use of off-the-shelf LLMs and a human-in-the-loop approach ensures efficiency and safety, making it a valuable asset for the market’s security automation solutions. As cyber threats continue to evolve, Torq Socrates offers a responsible and powerful tool for mitigating risks and strengthening the cybersecurity posture for businesses.
