About Bitpanda
Bitpanda was founded in Vienna in 2014 and is a leading European crypto platform. With a selection of over 2,800 digital assets, including more than 500 crypto assets and numerous stocks*, ETFs*, precious metals and commodities, the Austrian fintech unicorn offers one of the most comprehensive ranges of digital assets available in Europe. Already trusted by over 5 million users, and dozens of institutional partners, Bitpanda holds licences in several countries, and has a proven track record of working with local regulators to keep assets safe and secure. In addition to its headquarters in Vienna, Bitpanda has offices in Amsterdam, Barcelona, Berlin, and Bucharest.
Executive summary
Before Tines, Bitpanda’s security team relied on manual processes for critical areas like identity and access management (IAM), while their security operations team was overwhelmed by high alert volumes - a serious challenge for a company that handles the funds of 20+ million customers. Tines has helped Bitpanda significantly reduce alert fatigue and strengthen its security posture, protecting the business and its assets.
The challenge
Prior to Tines, Corporate IT Security Lead Martin Schlatzer and his team had no automation in place, outside of the functionality built into existing third-party tools like Slack. They looked for a platform that could help them orchestrate and automate workflows while reducing the burden on individual SecOps team members.
“Alert fatigue is a very real thing, so we looked for something to help us manage it better,” he says. “We didn’t want to overload the team with information that then requires additional analysis. We needed a process to filter out alerts that shouldn’t trigger in the first place, and use Tines to conduct additional lookups to help us triage our alerts.”
Why Tines
Martin came across Tines because of its close integration with a security tool that Bitpanda uses for SIEM and EDR. It impressed Martin so much that he didn’t actively look at alternative providers.
“I saw no other tool that really had a security focus, which is important for us as a company,” he explains. “Tines focused from the very beginning on security use cases.”
Martin was also impressed by the flexibility and usability of the Tines platform.
“I feel like you can essentially build anything with Tines. That appealed to me personally because it shows that, in the future, I can do anything with it - I'm not limited.”
The ease of use really appealed to us. You can get started so quickly. It's crazy good.
Martin Schlatzer, Corporate IT Security Lead
The impact
Tines has empowered Bitpanda to optimize security processes, strengthen resilience against threats, boost employee satisfaction, and reduce alert fatigue.
Improved resilience through new security processes
Tines has allowed Martin’s team to make enhancements to their security posture that simply weren’t possible before, for example, a workflow that helps the team reduce the risk of employee security policy violations - see their “Work from anywhere” detection and alerting workflow in the Top Workflows section.
Time saved on manual tasks
A major advantage of Tines has been its ability to lighten the workload for both the security team and other departments.
I think the biggest benefit in terms of our team’s performance is satisfaction.
Martin Schlatzer, Corporate IT Security Lead
“Certain people on the team are really interested in the tooling and want to work with it. They’re happy that such a tool exists and that it can take some work off their hands, or we can support others to take some work off their hands too.”
Improved threat detection without alert fatigue
To handle the high volume of alerts more effectively, Bitpanda’s security team uses Tines to optimize their threat detection processes. “Tines can prefilter certain things,” Martin says. “So we're very happy that we can have the detection that we want and not overload our team with the results.
With Tines, we're capable of building more complex detection rules, based on our organization’s needs.
Martin Schlatzer, Corporate IT Security Lead
Increased visibility into non-security automation
Martin encourages users outside the security team to explore Tines for their own use cases, allowing them to "play around" with the platform in a controlled way. With the Tines change control feature enabled, these users have the freedom to test their ideas without the ability to publish workflows directly. Before any workflows go live, they’re reviewed by the security team to verify they meet stringent security standards.
This approach ensures that Martin’s team maintains oversight of all workflows and upholds robust security policies across the organization, without being a blocker to innovation.
Top use cases
Identity and access management (IAM)
Vulnerability management
Threat detection
Alert management
Top workflows
Check Workday for unauthorized travel and alert in Slack
Get login events from JumpCloud and Google and enrich the location from the source IP. If the location matches a list of unauthorized travel sources and has not already been registered in Workday, verify the login with the user and their manager. If it is an unknown login, page the security team with OpsGenie.
Community author
Muhammet Tekbicak
“Work from Anywhere” detection and alerting
This workflow was developed in response to a specific security incident - an employee outsourced their work by sharing their credentials with someone in a different country, leading to increased security risk. “We were searching for a way to easily detect this and it turns out it's not that easy,” Martin says.
With Tines, his team created an automated workflow that takes login events from JumpCloud and Google and enriches the location from the source IP. If the location matches a list of unauthorized travel sources and hasn’t been registered in Workday, the login will be verified with the user and manager. If it’s an unknown login, Opsgenie will be triggered to alert the security team.
Martin notes that the workflow would simply be impossible to maintain at this level of precision without a solution like Tines.
Without Tines, we would not be able to do this at all, because it would not be possible to achieve this granularity of alerting - it would generate too many alerts.
Martin Schlatzer, Corporate IT Security Lead
Proactive user engagement
With this workflow, a Slackbot informs users about security events associated with their accounts or devices, and allows the security team to retrieve relevant information on the event. It also sends requests to users, for example prompting them to reboot their machine, helping increase remediation times.
Inactive asset and user detection
This workflow searches for inactive users and devices, alerting the team if a device or user hasn’t connected to the central management system after a pre-determined period. This helps the team identify errors such as failed offboardings.
Application alerts
This workflow connects to Elastic and Jumpcloud to alert the security team when specific mandatory applications aren’t running on certain endpoints.
Device management with Google Workspace
To streamline device management within Google Workspace, Martin’s team uses serial numbers from an inventory tool to identify company-owned devices across various platforms. Recognizing a device as company-issued enables the system to grant additional privileges and access to specific resources, enhancing identity and access management. This process ensures that only trusted, verified devices can access sensitive information, reinforcing security protocols while simplifying permissions management.
Tines support
Martin has been extremely impressed with the quality and speed of Tines’ customer service.
“It’s awesome. I have never seen such good support, honestly,” he says. “It’s support via Slack, which particularly larger vendors do not do. They’re continuously communicating in Slack and the response time is really fast.”
What’s next
Next up for Bitpanda’s security team is a workflow to assist in handling employee requests. By using AI to address initial questions, this workflow will save time and help the team prioritize more effectively. “We also want to review the workflows that we have and see if we can make them more efficient.” Martin says.
He’s also working on setting up a central pipeline for security alerts in Tines. “All of the alerts from our security tooling comes in, we format it in one structure that is always the same, and then we can build our automations based on that.”
In the long term, Martin is keen for other departments to use Tines. “I would love to centralize automation across the organization. It should be in a controlled environment so somebody should look over the code - there should be some kind of four-eye principle to ensure the security of automations."
We invested in Tines because of its security features, so it would be great if other teams could benefit from them too.
Martin Schlatzer, Corporate IT Security Lead