We are excited to announce the partnership between Mitiga, a leading Cloud and SaaS Detection and Response (CDR) provider, and Torq, a no-code security automation platform. This partnership directly addresses the gaps in SecOps teams' tools and expertise in handling threats in the complex and evolving world of cloud and SaaS environments. By combining Mitiga’s advanced TDIR solution for Cloud and SaaS environments, with Torq’s automation, this integration delivers the visibility, speed, precision, and control that SecOps teams need to tackle modern cloud and SaaS threats.

Mitiga + Torq = Powerful, Automated Cloud and SaaS Threat Response

Torq is a no-code security automation platform designed to simplify security operations through customizable, automated workflows. By integrating with a wide range of security tools, Torq enables organizations to automate responses to security incidents, improving both response speed and efficiency while minimizing manual intervention.

The integration between Mitiga and Torq provides a holistic solution for managing threats and security incidents in cloud and SaaS environments. Mitiga’s real-time threat detection alerts are fed directly into Torq, where they trigger automated workflows, allowing security teams to respond rapidly and efficiently—even in environments where teams might lack specific cloud or SaaS expertise.

torq-img
Mitiga integrates with Torq to enable effective SaaS and cloud threat response

Key Benefits of the Integration

Orchestrated Response to Cloud and SaaS Threats

When a threat is detected, the integration allows security teams to orchestrate responses to isolate or stop an adversary. Torq can automate actions such as disabling a user, resetting passwords, canceling active tokens, stopping services, reducing privileges, and other critical actions. This orchestration ensures a rapid and consistent response to mitigate potential threats before they can escalate—empowering teams to act even in complex, cloud-specific scenarios.

Automated User Action Verification via Communication Channels

Another key aspect of this integration is automating the often slow and manual process of verifying suspicious actions with the original user. In many security incidents, determining whether a suspicious action—such as a login or privilege escalation—was legitimate or malicious can take time as security teams attempt to verify it with the user. Through integrations with communication platforms like Slack, Teams, and email, Torq can accelerate this process by automatically sending verification requests to the user. This integration helps security teams quickly determine if the action was legitimate or a potential threat, allowing them to either dismiss the alert or take swift, appropriate action. By automating these verifications, organizations can significantly reduce the time it takes to investigate incidents and reduce the risk of prolonged exposure to threats.

Enhanced Incident Context with Forensic Data

Mitiga’s alerts provide deep forensic context, including detailed profiles of involved users, roles, and assets, along with the original logs that triggered the alert. Torq uses this forensic data to enrich the response workflows, giving security teams critical insights into the scope and nature of the incident. This added context helps drive more precise and effective response decisions, especially in cloud and SaaS environments where visibility and data granularity are crucial.

Automated Incident Management

Torq enables security teams to automate key incident management tasks, such as investigating suspicious activity, notifying stakeholders, and triggering predefined mitigation workflows. By automating these steps, security teams can respond quickly and consistently, improving operational efficiency and reducing human error, all while navigating the unique challenges of securing cloud and SaaS applications.

Seamless Alert Lifecycle Management

Once a threat has been mitigated and the incident resolved, the integration ensures that alerts are automatically closed in Mitiga. This closes the loop on incident management, eliminating the need for manual follow-up and allowing security teams to focus on the next critical task.

Power Your Team’s Threat Mitigation with Mitiga and Torq

With this powerful integration, security teams can fully automate their cloud and SaaS detection and response processes, ensuring faster, more effective threat mitigation while reducing manual effort. The combination of Mitiga’s deep forensic insights and Torq’s flexible automation capabilities gives organizations the tools they need to protect their cloud environments with speed and precision, even in environments where security tooling and expertise have traditionally lagged.

LAST UPDATED:

October 31, 2024

Want to learn more about how integrations can power your team’s threat detection, investigation, and response for cloud and SaaS? Request a demo with a cloud security expert today.

Don't miss these stories:

From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security

Solutions Platform Helios AI Cloud Security Data Lake Cloud Threat Detection Investigation and Response Readiness (TDIR) Cloud Detection and Response (CDR) Cloud Investigation and Response Automation (CIRA) Investigation Workbench Managed Services Managed Cloud Detection and Response (C-MDR) Cloud Managed Threat Hunting Cloud and SaaS Incident Response Resources Blog Mitiga Labs Resource Library Incident Response Glossary Company About Us Team Careers Contact Us In the News Home » Blog Main BLOG From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security In this premiere episode of Mitiga Mic, Mitiga’s Co-founder and CTO Ofer Maor joins host Brian Contos to share the journey behind Mitiga’s creation—and how it became the first purpose-built platform for cloud, SaaS, and identity detection and response. Ofer discusses why traditional incident response falls short in modern environments, how Mitiga built its platform from real-world service experience, and the crucial role of automation and AI in modern SOC operations.

Helios AI: Why Cloud Security Needs Intelligent Automation Now

Mitiga launches Helios AI, an intelligent cloud security solution that automates threat detection and response. Its first feature, AI Insights, cuts through noise, speeds up analysis, and boosts SecOps efficiency.

Hackers in Aisle 5: What DragonForce Taught Us About Zero Trust

In a chilling reminder that humans remain the weakest component in cybersecurity, multiple UK retailers have fallen victim to a sophisticated orchestrated cyber-attack by the hacking group known as DragonForce. But this breach was not successful using a zero-day application vulnerability or a complex attack chain. It was built on trust, manipulation, and a cleverly deceptive phone call.

No One Mourns the Wicked: Your Guide to a Successful Salesforce Threat Hunt

Salesforce is a cloud-based platform widely used by organizations to manage customer relationships, sales pipelines, and core business processes.

Tag Your Way In: New Privilege Escalation Technique in GCP

GCP offers fine-grained access control using Identity and access management (IAM) Conditions, allowing organizations to restrict permissions based on context like request time, resource type and resource tags.

Who Touched My GCP Project? Understanding the Principal Part in Cloud Audit Logs – Part 2

This second part of the blog series continues the path to understanding principals and identities in Google Cloud Platform (GCP) Audit Logs. Part one introduced core concepts around GCP logging, the different identity types, service accounts, authentication methods, and impersonation.