Headquartered in Dublin and Boston, Tines has boomed since launching in 2018. The workflow orchestration and automation platform names the likes of Coinbase, Databricks, GitLab and Mars as customers, and serves over 30,000 unique users globally – even if its brand is still an emerging one in the enterprise SaaS world. 

Security companies are big customers – and big partners. The company’s founders Eoin Hinchy and Thomas Kinsella both spent time working in security operations before launching Tines – regularly coming face-to-face with the duplication, tool sprawl, and manual toil the job can entail. 

Security teams, as they learned the hard way, are often overwhelmed with the need to manage multiple workflows across scores of tools – even if CISOs and CTOs are aggressively looking to consolidate. 

(“We have more than 70 tools in our cybersecurity suite. Our aim is to reduce that by half in the next three years”, as Nomura’s Global CTO Dinesh Keswani told The Stack in an October 2024 interview. That level of “best-of-breed” sprawl is not uncommon at this size of enterprise.)

Low-code automation 

Tines lets users easily build automation into key workflows using low-code tools and integrate with any API. One of Tines’ key use cases is “SOAR” or Security Orchestration Automation and Response platform.

Tines started out by focusing on helping SOC teams automate processes “like phishing attack responses, suspicious logins, vulnerability management, and even employee onboarding and offboarding with a few drag-and-drop actions,” as co-founder Hinchy puts it in a recent Tines guide to workflow automation for security teams

For example, it allows users to help understand that a phishing campaign is widespread across an organisation and identical in technique – rather than a SOC’s staff having to investigate every single alert about it that hits their screens as mass-phishing campaigns target multiple staff. 

The idea is that it makes this all simple with novel use cases able to be added in without the need to write complex Python scripts. 

The Tines and Elastic partnership

Elastic is a big partner – and a Tines customer. One simple example: Elastic uses Tines to enrich and share SIEM alerts with its analysts via Slack. It says it can now process in a week what previously took it 93 days.

Channel partners have been key to Tines’ growth – and synergies with Elastic as well as other EDR and SIEM providers, also an important driver.

Charlie Ardagh is head of partnerships. Sitting down to chat with The Stack at the ElasticON conference in London, he notes that “a lot of our business is sourced from our channel partners.”

Strikingly, even when Tines sources its own opportunities, “we are very proactively paying it forward with the channel. That means not just showing up with our hands out saying, ‘Hey, can you sell Tines to all these customers we know you've got great relationships with?’. 

We're saying, ‘Hey, we went out and sourced this opportunity; we want to work with you on it… it’s a long-term strategy, but it's one that we adopted very early on in the company,” he explains.

Building partnerships? Be patient

Ardagh previously spent years building out channel relationships at Meta. 

The trick to getting them right, he says, is patient leadership.

 “Some people hire a partner leader and expect instant impact. Our partnership with Elastic, for example, has been impactful now for many, many quarters, which has been great, but it's been growing steadily.”

“One of the reasons that this partnership works so well, is because Elastic’s SIEM ingests all of the data from across the business, analyzes it, detects things that need to generate alerts, and then need to be explored and triaged. That's the bit the Tines automates; we complete the story.”

What Tines is, is a technology-agnostic, “arms and legs of your entire stack’ and we can integrate with anything that has an API” Ardagh says.

What to automate? Ask your security analysts

So, what do users normally automate? The quickest way to decide, Tines’ leaders say, is simply ask your security analysts what tasks they’re spending the most time on. The most frequent answers are:

“None of these tasks are particularly complex, they all have several things in common – they’re frequent, they’re time-consuming and they’re not interesting cases for your analysts and engineers,” as the company puts it. 

Customers clearly like what they see. Next up, says Ardagh, Tines is confident that it can continue to grow and support both its existing and future IT-focused customer base. Watch this space. 

Sign up for Tines community edition for free.

Delivered in partnership with Elastic.

The link has been copied!