Torq Raises $140M at $1.2B Valuation: What Ops Leaders Should Know
Torq Ltd. secured $140 million at a $1.2 billion valuation to speed up adoption of its AI-driven security operations platform and push go-to-market. The company was founded in 2020 and is focused on automating SecOps at scale. This move signals a clear shift: more security work is moving from manual tickets and scripts to AI-directed workflows. Reported by SiliconANGLE.
What Torq Actually Does
Torq ties together your existing stack-SIEM, EDR, identity, firewalls, and collaboration tools-and lets teams build automated workflows without code. It's agentless, so deployment sits at the API and integration layer rather than on endpoints. The goal is simple: take repeatable security actions out of queue and make them run themselves.
The platform uses multi-agent AI to triage alerts, enrich context, and decide next steps automatically. It includes AI agents that operate like digital analysts on call 24/7-handling alert triage, investigations, and remediations-so human teams can focus on higher-impact work.
Why This Matters for Operations
- Reduce MTTA/MTTR by auto-triaging noisy alerts and executing routine responses in seconds.
- Scale coverage without adding headcount by standardizing workflows across tools and teams.
- Cut alert fatigue by enriching events and suppressing low-value noise before it hits analysts.
- Improve consistency and auditability with clear playbooks, logs, and approvals.
- Keep follow-the-sun coverage without burning out your SOC.
How Teams Are Using It Today
Enterprises like Marriott International, PepsiCo, and Siemens are using Torq's agents to execute millions of security actions each day. Think phishing triage, identity lockouts, EDR host isolation, ticketing, and stakeholder notifications-all triggered by policy and context, not manual swivel-chair work.
Implementation Considerations
- Integration map: Confirm API access and scopes for SIEM, EDR, identity, firewalls, and chat/ticketing.
- Playbook inventory: Start with 5-10 high-volume, low-variance use cases (phishing, malware, credential resets, suspicious logins).
- Guardrails: Define RBAC, approvals for high-impact actions (e.g., disable user, quarantine device), and rollback paths.
- Human-in-the-loop: Route edge cases to analysts and use feedback loops to retrain policies.
- Observability: Centralize logs, add metrics, and enable traceability for audits and post-incident reviews.
- Change management: Communicate scope, owners, and escalation paths; update IR runbooks and on-call procedures.
- Security/privacy: Review data residency, secrets management, and least-privilege access for integrations.
KPIs to Track from Day One
- MTTA/MTTR trend by use case and severity.
- Auto-resolution rate and time saved per playbook.
- False-positive rate and suppression effectiveness.
- Analyst hours reclaimed and queue depth reduction.
- Containment time for identity and endpoint incidents.
- SLA adherence for critical alerts.
What This Funding Signals
Security teams are moving past one-off scripts and basic SOAR into AI-led decisioning. The funding suggests buyers want platforms that can integrate widely, act autonomously with controls, and prove measurable impact on response times and staffing pressure. Vendor stability improves, but due diligence still matters-run a proof of value with your data and constraints.
Recommended First Steps
- Pick three candidates for fast wins: phishing triage, suspicious login response, and EDR isolation and notify.
- Define success criteria: target MTTR, auto-resolution percentages, and manual touch reduction.
- Stand up a pilot in a controlled segment with clear approvals, rollback, and full logging.
- Train analysts on exception handling and feedback loops; update playbooks based on pilot outcomes.
- Scale gradually by severity and blast radius, then expand across business units.
For structured upskilling on automation and AI-driven operations, see our curated resources: Automation training and resources.
For incident response best practices to pair with automation, review NIST guidance: NIST SP 800-61 Rev. 2.
Your membership also unlocks:
