The exponential growth in AI and advancing tech is keeping the cybersecurity sector busier than ever. To keep up with cyber attacks, some companies have turned to automation for help.
Today’s security teams are bombarded with alerts, the vast majority of which are false positives. It’s simply no longer possible for humans to respond to all of them. These tasks are keeping them from working on higher-impact projects that contribute to the overall security posture. By automating key processes such as tedious manual or fundamental tasks, security teams are empowered to focus on more impactful activities.
To learn more about user-friendly automation technology and cybersecurity, we interviewed Eoin Hinchy, Co-founder & CEO of Tines – an automation cybersecurity company with goals to be the trusted leader in no-code automation.
Can you tell us about the history and founding of Tines? What inspired the company's focus on automation in cybersecurity?
As a security leader at eBay and DocuSign, I often saw my colleagues burn out. It was due to the sheer volume of alerts and repetitive, manual tasks. I knew that security teams were being prevented from doing their best work. While understaffing and low budgets have always been challenges for any organization, security practitioners are uniquely affected by alert overload and inevitable incidents. I set out to find a solution.
I spent six months investigating every workflow I could find, sourcing hundreds of examples — on everything from Google Docs to whiteboards — from friends and colleagues in cybersecurity. Then, using different colored markers, I broke the workflows down into their components. I discovered that I needed only seven colors to cover every type of action.
From creating a profile in the IT department for a new hire to sending an email. Most solutions in the automation market offer a different tool for each task, thriving on creating complex — and expensive — solutions to the problems.
But I found that by automating the seven basic types of actions, and delivering the powerful automation straight into the hands of front-line security teams, enterprises could make a non-coding security practitioner as effective as a senior software engineer in just 3.5 hours. Once you know these seven things, like a carpenter using the same tool belt to solve any challenge, you can automate almost anything.
With this solution, my co-founder Thomas Kinsella and I created Tines in 2018.
How does Tines differentiate itself from other automation tools in the market? What unique benefits does the platform offer to its users?
The biggest differentiator of Tines is our relentless focus on ease of use. Unlike legacy solutions, Tines empowers front-line teams — whether security practitioners or level-one support reps — who are knowledgeable about a certain process to automate that workflow without requiring the ability to code.
Our platform offers a user-friendly interface with drag-and-drop functionality, eliminating the need for scripts or coding. The main goal here is to enable teams within the security and throughout the entire organization to automate their repetitive workloads. This allows them to refocus on higher-impact activities.
We built Tines because we got frustrated with the brittleness and complexity of other automation tools. In contrast, Tines is flexible, robust, and easy to use. With Tines, you can build automation stories to perform almost any manual task, from onboarding employees to escalating security alerts and everything in between.
We provide the world’s most comprehensive library of out-of-the-box templates for common use cases to help you get started. That way, you don't need to be a software engineer or technical expert to use Tines. We don't believe in being overly complicated. Tines’ integration technology connects to the other best-of-breed tools in your technology stack quickly and easily. As a result, our platform is easy to implement, and quick to learn.
Can you speak to the role of AI and machine learning in cybersecurity automation? How does Tines incorporate these technologies into its platform?
AI and machine learning allow organizations to proactively defend against cybersecurity threats by leveraging automation to reduce response times and mitigate risks. Our ambition in Tines is to build the most powerful and easy-to-use automation platform possible. We’re open to any technology that will help us achieve this goal. Whether that means no-code technology or large-scale language models.
Although ChatGPT can do amazing things and help you build some workflows in Tines, it’s not currently reliable enough for us to use in our product. The most impressive, useful implementation of ChatGPT we’ve seen is GitHub Copilot. We have certainly played around with it a bunch, but the more complex and mission-critical the workflows, the more things start to fall apart. Tines prioritize robustness and scalability. Our customers don't want an automation platform that's going to work 90% of the time. They demand five nines, and AI isn’t there. Yet.
How have the COVID-19 pandemic and recent geopolitical events affected Tines? What steps has the company taken to adapt to remote work and distributed teams?
The pandemic, recent geopolitical events, and an uncertain economic climate have impacted Tines in several ways. For example, we were five people in total when the pandemic took hold in March 2020. Today we have over 160 people spread across the world.
We had to hire, onboard, and create a company culture all without ever meeting in person. From a product perspective, however, we’re doing the same thing: building a platform customers adore. These events have also impacted our customers. The sudden rise in remote, flexible work means that top talent can work for any company from almost anywhere in the world.
As a result, we’ve had conversations with an increasing number of CISOs and CIOs. All are seeking to empower staff with the tools they need to automate their manual workloads from end to end. Thus, allowing them to refocus on higher-impact, more rewarding, engaging projects. Ultimately, this reduces the risk of burnout while also increasing job satisfaction.
We’ve seen a record-breaking number of cyberattacks this year. It required organizations to implement more rigorous and adaptive security processes and solutions. With the expanding threat landscape, enterprise teams need highly flexible automation to keep vast amounts of individual and corporate data safe.
Additionally, the patterns of attack have changed following the pandemic. The most significant jump in attack origin came from Russia and India. Compared to March 2020, discovery and privilege escalation events have grown. The shift to a remote workforce may be creating more vulnerability and exposure.
As businesses face economic uncertainty, another trend we’re seeing is leaders increased scrutiny of the business value that a particular tool purchase generates.
How does Tines approach security in its platform and operations? What measures are in place to protect customer data and systems?
We place equal importance on security in the Tines product as we do on security within the Tines organization. We restrict access to production systems to a handful of employees. This is so no contractors or third parties have access to production. Customer data is prohibited from leaving our production environment.
The list of employees with access to production is regularly reviewed. To hold ourselves accountable for our internal security practices, we have established a cross-functional security and privacy council. It's led by myself and we meet regularly to discuss security and privacy matters.
We provide several security features within Tines that help ensure the confidentiality, integrity, and availability of customer information. As security practitioners ourselves, we’re huge believers in the concept that security shouldn’t cost extra! As a result, SSO/SAML, Multifactor Auth, and RBAC are available across all our plans. That includes our free, community edition, at no extra cost.
Our information security program aligns with the industry-accepted framework, SOC2. These policies cover the security, availability, processing, integrity, and confidentiality of customer data. We maintain SOC Type II compliance and get annual audits.
Our compliance stance is an important part of how we protect customer data. We recognize that being compliant is not the same as being secure. We provide, and will continue to use, various security features including mandatory multifactor authentication, support for SSO/SAML, and granular control over data retention within Tines.
Additionally, Tines is both a cloud service that we host and a product that you can host. If a customer is working under specific regulatory requirements (e.g. FedRAMP), Tines can be easily deployed in a customer’s own data center.
What kind of threats do you think businesses should prepare to tackle in the next few years? What security measures are essential in combating these threats?
As AI accelerates the security arms race with attackers exploiting facial recognition technology, with AI-generated synthetic data on one side, and security teams using AI to detect and defend against threats on the other, automation is set to play a crucial role in the future of security.
Along with macroeconomic trends causing layoffs and budget cuts that don’t seem to have an end in sight, automation can help teams keep up with the pace of change. For example, the impact of new AI tools. They make it easier for organizations across all operations to use security-conscious decisions without sacrificing speed or scale.
Tines focuses on empowering security teams to automate their workflows. How do you balance the need for automation with the importance of human decision-making and oversight in the cybersecurity process?
This is at the core of Tines and how we built it. We’ve always thought of automation as a way to enable an individual to do more meaningful work. You’ll see on our website ‘automation for humans’ because we think human intervention is essential, but not always necessary.
While security teams can define and automate complex processes fast, using Tines, they can, and should use points where a human intervenes. You don’t want automation blindly deciding to delete an entire database without a human saying, “Yes, this is the best decision.” That would be wildly irresponsible.
Within Tines, you can bring those human interactions in through a few different ways. Our favorite is the idea of building an app. Where you can collect information from a human at any point. If it's from a nice webpage, use that information in a workflow, and ask the human to take another action all from the app.
We also support those more traditional ways of introducing humans into the loop. Such as alerts, Slack prompts, or any other messenger prompts, cases, or opening a ticket on your designated ticketing platform.
The human element of providing complete control over the automation ensures that they're managing every security process. Also while leveraging the efficiency of automation, balancing the need for the technology with the value of human decision-making.
How do you see the future of automation in the cybersecurity industry evolving? What role do you think Tines will play in this evolution?
Right now, people in the cybersecurity industry feel overworked and understaffed. The global cybersecurity workforce is 3.4 million people short. That's a large number of people needed to fill the available jobs and the gap is growing.
These short-staffed teams spend most of their time fighting fires and responding to an avalanche of false alerts. The average team receives 10,000 alerts every single day. Simply put, our workforce is burnt out. Neither industry recruiters nor legacy tech solutions have kept up with the scope of problems we addressed.
Solving the problem of too much work and not enough staff requires doing more with less. All while maximizing the potential of the staff you do have. How do you accomplish this? Automation.
Automation eases the burden by automatically handling time-consuming tasks. It amplifies the power of each individual analyst and democratizes the technical prowess across the team. It's not that security experts don’t want to do the fundamentals of their job. It's rather a matter of needing better tools and better processes — not a “work-harder” approach to checking off more manual tasks. Instead, a “work-smarter” approach that automates and streamlines tasks.
Essentially, restructuring security analysts’ time commitments. This refocuses them on proactive, higher-value efforts bolstering the organization’s security posture. That's an especially crucial endeavor when companies can ill afford an expensive breach or outage.
Tines will play a leading role in this evolution by providing the industry’s best automation, speeding up processes, freeing resources, and allowing everyone on different teams to focus on more impactful work.
Tell us, what’s next for Tines?
The challenges we can tackle with Tines' automation are limitless. As we grow in this space, we’re finding new opportunities to protect organizations from ever-evolving threats. We recently launched Cases, a new solution for case management that helps security teams surface opportunities to optimize existing automated workflows or introduce new ones.
We spent a long time steering clear of this topic because, frankly, case management can be a crutch for bad automation. And we’re an automation platform! We don’t have bad automation, which would be bad for business. But, as we were talking about earlier, automation needs humans.
Our Cases solution makes it easier for humans to collaborate on an incident within Tines. That includes tracking the steps taken and reporting outcomes within a single interface. Cases also integrate directly into existing workflows. Or, it can get extended out to other systems for better cross-functional collaboration. After all, remediation involves teams outside of security as well.
Beyond Cases, we’re always focused and making improvements to the product. This quarter we’re centered on three key areas: speed and scalability, user experience for less technical users, and enterprise-grade capabilities.