Jonathan Fischbein, the Chief Information Security Officer (CISO) at cybersecurity software provider Check Point, recently faced a common issue among his peers in the industry: a shortage of security operations center (SOC) analysts to handle the overwhelming number of security alerts. Fischbein expressed concerns about the lack of manpower in his SOC, estimating that they were understaffed by 30% to 40%, which posed a significant risk to the organization’s cybersecurity posture.
Recognizing the urgent need to address the alert fatigue and improve the overall security stance at Check Point, Fischbein started looking into automation platforms as a potential solution. After receiving positive feedback from other CISOs and CIOs, he decided to explore a hyperautomation platform from a startup called Torq, bypassing traditional security orchestration, automation, and response (SOAR) products. The decision was influenced by the platform’s graphical user interface, extensive workflow automation templates, and its focus on enhancing the experience of SOC analysts.
A proof of concept was initiated, and within a short period, Torq successfully deployed over two dozen AI-driven playbooks that automated responses to repetitive security alerts faced by Check Point. The seamless integration of the platform with the existing infrastructure and security stack impressed Fischbein, who noted that it fit perfectly with the organization’s setup.
Today, Torq’s technology, now known as HyperSOC, autonomously investigates, triages, and remediates internal security alerts at Check Point without the need for human intervention. By leveraging AI capabilities, the platform can detect and address potential security incidents proactively, preventing them from escalating. When faced with critical or complex events, HyperSOC alerts analysts for further review and provides recommendations for appropriate actions to be taken.
One of the key features of Torq’s technology that Fischbein highlighted was its natural language processing capabilities, which enable the platform to ingest and analyze information written in natural language. This allows HyperSOC to cross-reference various sources of data and documentation during security events, facilitating faster and more informed decision-making by human analysts.
While the AI-driven SOC platform has undeniably improved efficiency and reduced alert fatigue among security analysts at Check Point, Fischbein emphasized that it is not a cure-all for their staffing challenges. Despite the advancements made possible by technology, the organization’s cybersecurity team continues to face an uphill battle against a multitude of threats.
Looking ahead, Fischbein remains cautiously optimistic about the role of AI in enhancing cybersecurity operations at Check Point. He views it as a valuable tool in the ongoing cat-and-mouse game with cyber attackers, offering the potential to level the playing field and improve the team’s ability to respond effectively to evolving threats.
As the industry continues to evolve and embrace AI-driven solutions, the cybersecurity landscape at organizations like Check Point is poised for transformation. With the right combination of technology, talent, and strategy, Fischbein believes that they can stay ahead of the curve and safeguard the organization’s digital assets against emerging threats.