Regular readers know that I’ve been thinking about systems of action, systems of record, and their implications for the MSP market this year.

For the benefit of less regular readers: systems of record are big, centralized business applications that employ deep compilations of authoritative data to help users accelerate critical workflows. Systems of action, on the other hand, actually execute those workflows for you. Thread, Pia, and recent ConnectWise acquisition zofiQ all make systems of action for MSPs. Cyft and Lexful make systems of record for MSPs with system of action functionality.

All of those companies, however, play at or near the service desk. What do their equivalents in security look like?

That’s an easy enough question to answer so far as systems of action go. They look like the agentic, autonomous AI SOC and MDR solutions from companies like N-able and Arctic Wolf that I wrote about last week. I would have had more trouble describing a system of record for security, though, until a recent conversation with Torq.

Strictly speaking, Torq too is an AI SOC vendor. Founded six years ago and valued at $1.2 billion as of January, the company’s core platform uses agentic triage, automation, case management, and remediation functionality to close 90% of Tier 1 tickets autonomously. It also, however, has over 300 integrations that allow it to automate actions in and ingest incident feeds from security solutions made by companies like SentinelOne, Palo Alto Networks, and CrowdStrike.

Which is interesting, because it’s all about platforms these days, especially in cyber, and SentinelOne, Palo Alto Networks, and CrowdStrike are all platform makers.

“The differentiation for Torq in our space is that we are truly a one-stop shop single pane of glass,” says Sheldon Muir (pictured), the vendor’s head of global channels and alliances. “As awesome as CrowdStrike is, or a lot of this technology is, it’s only as good as its purview. It’s only as good as the CrowdStrike ecosystem. What do you do outside of the CrowdStrike ecosystem? Torq facilitates that.”

Making it a kind of … what? Uber platform? Hyper platform? Platform of platforms?

How about security system of record? What’s intriguing about Cyft and Lexful is that they’re each using current and forthcoming integrations to build a powerful, exceptionally strategic superset of data housed in PSA systems, email, Teams, Slack, HubSpot, and the rest of an MSP’s tool stack. Torq’s doing the same thing in its realm, and positioning itself to be a kind of master system of action too. Say CrowdStrike finds a compromised email attachment, for example.

“No doubt CrowdStrike could tombstone that file, clean that file, but now maybe we could reach out to Proofpoint too and quarantine that host,” Muir says. “We could reach out to the Office 365 environment, the Google Drive environment, tombstone, trigger remediation, and so on.”

Though roughly a third of Torq’s customers are MSSPs and MDR operators, the company mostly serves large businesses. Maybe readers will point me to someone, but I don’t think there’s anyone focused on MSPs offering quite the same security system of record/system of action capabilities.

I’m just sure there will be.

Share

Based on this podcast interview, we really need that system

The sooner a security system of record/action for MSPs arrives, the better, based on a conversation with Michael Crean of SonicWall on the latest episode of the MSP Chat podcast. New research we get into documents just how often MSPs and their clients fail to enforce the most basic of cybersecurity basics. The brutal truth is all right here.