We are excited to announce the partnership between Mitiga, a leading Cloud and SaaS Detection and Response (CDR) provider, and Torq, a no-code security automation platform. This partnership directly addresses the gaps in SecOps teams' tools and expertise in handling threats in the complex and evolving world of cloud and SaaS environments. By combining Mitiga’s advanced TDIR solution for Cloud and SaaS environments, with Torq’s automation, this integration delivers the visibility, speed, precision, and control that SecOps teams need to tackle modern cloud and SaaS threats.

Mitiga + Torq = Powerful, Automated Cloud and SaaS Threat Response

Torq is a no-code security automation platform designed to simplify security operations through customizable, automated workflows. By integrating with a wide range of security tools, Torq enables organizations to automate responses to security incidents, improving both response speed and efficiency while minimizing manual intervention.

The integration between Mitiga and Torq provides a holistic solution for managing threats and security incidents in cloud and SaaS environments. Mitiga’s real-time threat detection alerts are fed directly into Torq, where they trigger automated workflows, allowing security teams to respond rapidly and efficiently—even in environments where teams might lack specific cloud or SaaS expertise.

torq-img
Mitiga integrates with Torq to enable effective SaaS and cloud threat response

Key Benefits of the Integration

Orchestrated Response to Cloud and SaaS Threats

When a threat is detected, the integration allows security teams to orchestrate responses to isolate or stop an adversary. Torq can automate actions such as disabling a user, resetting passwords, canceling active tokens, stopping services, reducing privileges, and other critical actions. This orchestration ensures a rapid and consistent response to mitigate potential threats before they can escalate—empowering teams to act even in complex, cloud-specific scenarios.

Automated User Action Verification via Communication Channels

Another key aspect of this integration is automating the often slow and manual process of verifying suspicious actions with the original user. In many security incidents, determining whether a suspicious action—such as a login or privilege escalation—was legitimate or malicious can take time as security teams attempt to verify it with the user. Through integrations with communication platforms like Slack, Teams, and email, Torq can accelerate this process by automatically sending verification requests to the user. This integration helps security teams quickly determine if the action was legitimate or a potential threat, allowing them to either dismiss the alert or take swift, appropriate action. By automating these verifications, organizations can significantly reduce the time it takes to investigate incidents and reduce the risk of prolonged exposure to threats.

Enhanced Incident Context with Forensic Data

Mitiga’s alerts provide deep forensic context, including detailed profiles of involved users, roles, and assets, along with the original logs that triggered the alert. Torq uses this forensic data to enrich the response workflows, giving security teams critical insights into the scope and nature of the incident. This added context helps drive more precise and effective response decisions, especially in cloud and SaaS environments where visibility and data granularity are crucial.

Automated Incident Management

Torq enables security teams to automate key incident management tasks, such as investigating suspicious activity, notifying stakeholders, and triggering predefined mitigation workflows. By automating these steps, security teams can respond quickly and consistently, improving operational efficiency and reducing human error, all while navigating the unique challenges of securing cloud and SaaS applications.

Seamless Alert Lifecycle Management

Once a threat has been mitigated and the incident resolved, the integration ensures that alerts are automatically closed in Mitiga. This closes the loop on incident management, eliminating the need for manual follow-up and allowing security teams to focus on the next critical task.

Power Your Team’s Threat Mitigation with Mitiga and Torq

With this powerful integration, security teams can fully automate their cloud and SaaS detection and response processes, ensuring faster, more effective threat mitigation while reducing manual effort. The combination of Mitiga’s deep forensic insights and Torq’s flexible automation capabilities gives organizations the tools they need to protect their cloud environments with speed and precision, even in environments where security tooling and expertise have traditionally lagged.

LAST UPDATED:

October 31, 2024

Want to learn more about how integrations can power your team’s threat detection, investigation, and response for cloud and SaaS? Request a demo with a cloud security expert today.

Don't miss these stories:

EKS Role Unchaining: Tracing AWS Events Back to Pods for Enhanced Security

Learn two approaches for EKS unchaining that allow teams to associate AWS events with the pods that triggered them.

5 Common Threat Actor Tactics Used in Cloud, Identity, and SaaS Attacks

Explore five common tactics used in cloud attacks and recommendations on how to defend against them.

Tactical Guide to Threat Hunting in Snowflake Environments

It was brought to our attention that a threat actor has been observed using stolen customer credentials to target organizations utilizing Snowflake databases.

Unlocking Cloud Security with Managed Detection and Response

See how Mitiga’s Cloud Managed Detection and Response tackles complex cyber threats with proactive threat management and advanced automation at scale.

Rethinking Crown Jewels Analysis: Mitigating Cybersecurity Bias

Uncover the risks of bias in Crown Jewels Analysis (CJA) and learn strategies to protect your organization's most valuable assets with a comprehensive approach.

Microsoft Breach by Midnight Blizzard (APT29): What Happened?

Understand the Midnight Blizzard Microsoft breach by APT29, what happened, and key steps organizations should take to strengthen their defenses.