“We’re not just securing our own operations; we’re demonstrating to our clients how security should be done“
Meet Torq, The SecOps Disruptor
The Torq Agentic AI multi-agent system delivers on the promise of the autonomous SOC. The system is designed to unburden today’s overwhelmed security operations teams facing an exponentially-increasing number of high-volume, low-complexity attacks. These attacks are decimating the productivity of security operations with mind-numbing busywork, creating existential organizational crises. Torq Agentic AI extends the capabilities of SOC teams by handling the majority of everyday attacks and alerts. Torq Agentic AI is part of Torq HyperSOC, the purpose-built Torq solution that harnesses the power of the AI-driven Torq Hyperautomation Platform to automate, manage, and monitor critical SOC responses at machine speed.
Torq easily integrates with existing tech stacks, automating everything from vendor risk assessments to remediation. Helping enterprises create a connected, strategic security culture, Torq wanted to lead by example, starting with its own third-party security.
The Third-Party Risk Wake-up Call
Modern businesses depend on a growing network of vendors, suppliers, and partners to stay competitive. But every vendor relationship comes with risk. Recent incidents, like the Change Healthcare ransomware attack and the fallout from the Crowdstrike update, have shown how a single vulnerable vendor can disrupt an entire company.
For security vendors like Torq, the stakes are even higher. As Aner Izraeli, Torq’s CISO, notes: “We’re not just securing our own operations; we’re demonstrating to our clients how security should be done.”
The Challenge: 120 Vendors and a Spreadsheet
The task facing Aner Izraeli, Torq’s CISO, was bigger than overseeing vendors. Working in a fast-growing company, he needed to systematically prevent third-party security from becoming a bottleneck. With 120 vendors and counting, Torq faced an all too common problem: managing vendors wasn’t scaling with their business.
“Early in the company’s history, we used manual processes to track vendors, subscriptions, and due dates. The team would spend hours chasing business owners to confirm if a vendor was still in use, and even then, they couldn’t be sure they had the full picture”
But the challenge ran deeper. Torq’s legal team was tasked with tracking vendor offboarding, while ensuring GDPR compliance, and sought a real-time approach to managing these processes. Security questionnaires were siloed in email threads, and limited real-time visibility into vendor security postures meant potential risks could go unnoticed.
Izraeli realized Torq needed a partner that shared its vision of security automation: fast, intelligent, and scalable.
Building Better Security Workflows with Panorays
“API and Torq equals love. Once we saw Panorays’ capabilities, we knew we could transform our entire vendor management workflow”
Izraeli’s vision was to build an automated, all-in-one vendor security system. Reviewing Panorays and looking at its robust API, he knew he had the right solution. Connecting the platform to Torq’s existing tech stack, he created two new game-changing workflows:
1. Automated vendor onboarding
When a business owner needs to use a new vendor:
- They execute Torq’s procurement process simply through slack.
- The business owner is then presented with a form in which he/she is required to address various questions about the desired service, integrated system, VP approval, and so forth.
- The process then automatically generates a joint slack channel with all relevant stakeholders (CFO, Legal, CISO, IT, Business Owner) to collaborate until approval.
- In parallel, Torq uses Panorays’ API to provision the new required supplier’s service.
- Panorays delivers the vendor security assessment and scoring.
- If approved, the service is automatically set up, including Torq’s other on-boarding funnel, and ready to use.
2. Smart Vendor Monitoring
To keep track of existing vendor relationships:
- Daily automated checks monitor vendor subscription status.
- Business owners get automatic Slack reminders to confirm if services are still needed.
- If the service is no longer needed, it triggers an automated offboarding process.
- Legal team is automatically notified for privacy compliance.
Embedding security into its daily workflows, Torq turned third-party security into a natural extension of its operations and mindset.
The Outcome: Third-Party Security at Torq’s Speed
Before Panorays, Torq sought to evolve its security posture to mesh with its explosive business trajectory. Now, with a Panorays-powered, hyperautomated TPRM system, the company has a scalable solution that grows with their business.
| Before Panorays | After Panorays |
| Limited visibility into vendor rise | Continuous, real-time risk assessments |
| Vendor tracking with Excel sheets | Real-time vendor inventory |
| Manual, email-based questionnaires | Centralized, automated questionnaire management |
| Poor sync with business owners | Automated, daily “keep alive” checks |
| Limited visibility for legal teams | Automated compliance notifications |
| Manual purchasing and vetting process | Automated vendor onboarding via Slack |
But as Izraeli notes, what this table really shows is a shift from playing catch up to proactive security leadership.
The Business Case for Smarter Third-Party Security
Torq’s story shows that third-party security can directly impact business growth, building a strong case for prioritizing security investments.
For CISOs facing similar challenges, aligning security with business goals means adopting tools and processes that scale with your organization, reduce operational overhead, and provide real-time insights into risks.
Torq’s journey offers a clear roadmap: automate the everyday, focus on the strategic, and embed security into your work culture.