I have several use cases rather than a single one. When we start engagements, it is often for the SOC team on the SOAR side of the house. They want to automate processes and enrich data. When we started, because the main competitor was Palo Alto Cortex, the focus was on the SOAR side of the house where people wanted to automate things or topics. For example, reducing access to a laptop or similar actions. Nowadays, I see the question has shifted more toward how analysts can make better decisions. This involves enriching data coming from a SIEM or even situations where there is no SIEM solution in place, or cases where we do not want to go into the SIEM. For example, when CrowdStrike reports something on an endpoint, analysts want to see who the endpoint belongs to. Sometimes just switching off an endpoint might be worse than keeping an eye on it. The focus is on really getting better context for the analyst and then making informed decisions. That is the second large use case on the SOC side. On the vulnerability management side, I also see significant use cases. With Tenable, in the past, everyone said to just open a ticket in ServiceNow. What happened was the CISO team opened 2,500 tickets per week in ServiceNow, the IT operation said they could never handle all these tickets and closed all of them immediately without fixing anything. With Blink Ops, I can get context around the vulnerabilities and make informed decisions. For example, maybe these issues all point back to one AD setting, and out of those 2,500 tickets, only 100 would be fixed just by changing one Active Directory setting. The other ones might not be exploitable, so there is no reason to fix them immediately. Maybe they can be pushed to a later stage. There are critical systems or OT systems that should not be reported into the IT stack but should be reported into the OT stack. Normally in OT, I can only isolate systems and am not allowed to change anything on the OT devices. The goal is really managing the workload of people and then trying to get things fixed, much like the Verizon fix-find-verify approach. If clients do not want to go with Horizon and want to keep their Qualys or their Tenable, they can use this solution and make outcomes actionable. It is not just a report anymore; it is really discrete actions or fix actions to get to a better stage.
I have been POCing Blink for the last few weeks. Blink is a security automation copilot tool that I really liked the presentation about, so we are POCing it. We can create prompts and get workflows accordingly with Blink, and it is helping us to create short workflows to get audit reports or to automate things that we do on a day-to-day basis. It is coming really handy. Blink is deployed in my organization using public cloud.
Find out what your peers are saying about Blink Ops, Torq, Tines and others in Security Orchestration Automation and Response (SOAR). Updated: April 2026.
Security Orchestration Automation and Response integrates security tools and processes, enhancing threat detection, investigation, and response. It minimizes human intervention, making security operations more efficient.Security Orchestration Automation and Response solutions streamline incident management by allowing security teams to automate repetitive tasks, analyze threat data from multiple sources, and orchestrate responses to incidents. These solutions typically provide an automated...
I have several use cases rather than a single one. When we start engagements, it is often for the SOC team on the SOAR side of the house. They want to automate processes and enrich data. When we started, because the main competitor was Palo Alto Cortex, the focus was on the SOAR side of the house where people wanted to automate things or topics. For example, reducing access to a laptop or similar actions. Nowadays, I see the question has shifted more toward how analysts can make better decisions. This involves enriching data coming from a SIEM or even situations where there is no SIEM solution in place, or cases where we do not want to go into the SIEM. For example, when CrowdStrike reports something on an endpoint, analysts want to see who the endpoint belongs to. Sometimes just switching off an endpoint might be worse than keeping an eye on it. The focus is on really getting better context for the analyst and then making informed decisions. That is the second large use case on the SOC side. On the vulnerability management side, I also see significant use cases. With Tenable, in the past, everyone said to just open a ticket in ServiceNow. What happened was the CISO team opened 2,500 tickets per week in ServiceNow, the IT operation said they could never handle all these tickets and closed all of them immediately without fixing anything. With Blink Ops, I can get context around the vulnerabilities and make informed decisions. For example, maybe these issues all point back to one AD setting, and out of those 2,500 tickets, only 100 would be fixed just by changing one Active Directory setting. The other ones might not be exploitable, so there is no reason to fix them immediately. Maybe they can be pushed to a later stage. There are critical systems or OT systems that should not be reported into the IT stack but should be reported into the OT stack. Normally in OT, I can only isolate systems and am not allowed to change anything on the OT devices. The goal is really managing the workload of people and then trying to get things fixed, much like the Verizon fix-find-verify approach. If clients do not want to go with Horizon and want to keep their Qualys or their Tenable, they can use this solution and make outcomes actionable. It is not just a report anymore; it is really discrete actions or fix actions to get to a better stage.
I have been POCing Blink for the last few weeks. Blink is a security automation copilot tool that I really liked the presentation about, so we are POCing it. We can create prompts and get workflows accordingly with Blink, and it is helping us to create short workflows to get audit reports or to automate things that we do on a day-to-day basis. It is coming really handy. Blink is deployed in my organization using public cloud.