About the customer
This organization is a pioneering healthcare technology company offering a cloud-based software platform that provides a precise view of the US healthcare system. With a comprehensive database of anonymized patient medical histories, this innovative analytics platform helps healthcare providers, life sciences companies, and other organizations improve patient care and lower medical costs through data-driven insights.
Executive summary
The security of any organization's data is always important, but when it includes healthcare data, that scrutiny is even greater. So it’s little wonder that this organization’s six-person, highly qualified team, wanted additional safeguards to ensure that security. Their primary challenge was the overwhelming amount of manual, repetitive tasks that limited their time for strategic work.
With Tines, security, IT, and infrastructure teams freed themselves of some of their most time-consuming tasks, allowing them to focus on more meaningful work and improve security posture along the way. In just two months, the security team reduced their vulnerabilities by 30% using a single Tines workflow.
The challenge
Before they started using Tines, the organization’s security team was overwhelmed by manual tasks. “We were on an endless loop of manual work, so we never had the time to make progressive changes to our security operations,” their senior security engineer explains.
They considered automating some of these tasks using Python. But this approach creates several challenges. Writing the code requires time and a specific skillset, which not everyone on the team possesses. Custom code also needs to be maintained with detailed documentation and necessary updates, creating more work for the team.
Given how constrained we were with people’s time and resources, I didn’t want to create a new burden for people,” the organization’s senior security engineer says.
If, for some reason, I’m not available to maintain our integrations, I still want the company to be successful with how they’re automating workflows and improving processes.
He looked for a platform that would empower the whole team to build their own workflows. Tines satisfied every item on his wish list, which read like this:
Easy to use
Accessible to team members with and without coding skills
Pre-built workflows to speed up build time
Flexibility to connect with internal and external tools
Reporting capabilities
Within budget
Why Tines
As the organization’s senior security engineer started to research potential tools, he attended a Tines bootcamp – a virtual, hands-on session guided by a platform expert.
By the end of the one-hour session, he had built a workflow that had a meaningful impact on his team’s operations - a workflow for analyzing malware using VirusTotal.
At that point, I say ‘Whoa!’, this platform is amazing. With Tines, you can easily build sophisticated workflows that have a big impact on your day-to-day work.
“There wasn’t any need for extensive training. With initial guidance from Tines, we were able to jump in and start building really effective automations right away.”
The flexibility of the platform was another major selling point. “Tines was the perfect platform for our needs, because it’s vendor agnostic,” he says. “As long as you have a REST API, you can communicate with Tines and build workflows for any kind of application or data source.”
The Impact
The organization’s security team now uses Tines workflows for vulnerability management, endpoint security, compliance, and more. Let's take a closer look at the impact of these workflows.
Removing the burden of repetitive tasks
The organization can move faster and save significant time and effort by building workflows in minutes that would take days with custom code.
Improving security posture
With a single vulnerability management workflow, the security team reduced vulnerabilities by 30%, and in just two months.
The goal for building any Tines workflow is to spend less time searching and documenting a security alert and more time improving our security posture.
Building a culture of automation
The security team’s use of Tines was so successful that IT and infrastructure teams are now using the platform to build, run and monitor their own important workflows. In total, they have 30 workflows in flight, all of which are adding value to the business.
This is down to the organization’s senior security engineer, who promotes the use of automation by encouraging other team members to use Tines, attend bootcamps, and complete certifications. “It’s about teaching others to fish, so to speak, so they can also eliminate the burden of manual, repetitive tasks that prevent them from focusing on more important, long-term operational improvements."
Given Tines’ ease of use and flexibility, there’s no need to babysit anyone. They can just pick up Tines and go on their own.
While everyone on the security, IT and infrastructure teams has access to Tines, they don't have access to the existing workflows. This means they can build on their own without compromising security or impacting anyone else's workflows.
Helping the organization become resilient to change
Another welcome benefit of using Tines is that it becomes easy for team members, regardless of technical skillset, to maintain and make changes to the organization’s workflows. “If I'm not there anymore, I still want the company to be successful with their workflows,” the senior security engineer tells us. “That’s why I introduced Tines to as many people as possible.”
Top workflows
Security workflows
Investigate vulnerabilities from Snyk
The security team started automating vulnerability management quickly by using a pre-built workflow from the library and configuring it to meet their needs, which succeeded in reducing vulnerabilities by 30%. “The story as you see it in the library is very generic, but customizing and adding to it was very simple,” the senior security engineer explains.
This workflow receives alerts from Snyk, enriches them with data from various sources, formats the data, creates a ticket in Jira, and assigns them to an appropriate team member. “It removed a lot of burden from our team,” he says.
Track Snyk issues in Jira
Analyze projects in Snyk, search Jira for open vulnerabilities, and create tickets as required.
Tools
Investigate EDR alerts from Carbon Black
This workflow receives Carbon Black alerts, enriches them from various sources, formats the data, creates a ticket in Jira, and assigns them to an appropriate team member.
The engineer tells us, “I can look at the criticality, I can escalate to a JIRA ticket, I can send a message to Slack in a channel or I can send an alert to PagerDuty. It gives me so many more abilities that I didn’t have with the integration with my SIEM. And it took me 45 minutes to build it. That’s it.”
Launch DAST scan on web app via CI/CD pipeline
A simplified version of this workflow was added to the Tines library as part of the You Did What With Tines? competition.
The organization’s senior security engineer explains, “I wanted to make sure that the workflow can be used by anybody, without being too specific. The actual one is much more complex. It has AWS integration and just kicks off a Docker container, and that Docker container is registered to Tenable as a scanner. I can leverage this to scan a local web application that isn’t exposed to the outside.”
Launch DAST scan on web app via CI/CD pipeline
This story is getting triggered from the CI/CD pipeline to launch a DAST scan on a specific web app. It takes 2 arguments, such as APP Name and ConfigID. It will launch a scan from Tenable.io and will send a PDF with the results if successful.
Community author
Julien D.
IT workflows
Employee offboarding
This IT workflow automates the process of revoking employee access to services when they hand in their notice, by connecting to Workday, Okta, and other applications. It supports the offboarding process in several ways, even creating and providing the employee with a UPS label, which they can use to ship their laptop back to the organization.
Asset management
The IT team also uses a Tines workflow to cross-reference SnipeIT and Jamf to ensure assets have matching tags and information.
Favorite feature
The organization’s senior security engineer calls out a few favorite features, including cURL to Tines, Send to Story, the Receive Email action, and Pages. “Pages are cool because you can create a pretty interface that triggers a workflow, making it easier for an employee to engage with it,” he says.
Using a Tines Page is so much better for the end user experience, rather than creating a ticket in Jira or having an engineer SSH to a server or log into a website. That definitely saves time for everybody.
Pages
Interact with and share insights from the workflow through simple, elegant webpages.
cURL to Tines
Generate pre-configured actions by copying a cURL command from a services API docs.
Send to story
Reuse sets of actions anywhere, even across different teams in your company.
Tines support
Customer service has also been a major factor in helping this organization succeed with Tines.
“Tines provides one of the best customer support experiences of any vendor I have ever worked with,” the senior security engineer says. “It’s nothing short of fantastic. I love the community Slack channel, too.”
Tines provides mentorship rather than hand holding, which has helped us learn fast.
What’s next
This organization is just getting started with Tines. One of the engineering managers plans to use a Tines Tunnel to integrate the organization’s products with Tines via an internal API.
Meanwhile, their senior security engineer tells us that there are even bigger plans for Tines once they onboard a new SIEM.
“We’re currently in the process of changing our SIEM, so we can leverage Tines as much as we can with repetitive workflows, or maybe even use Tines Cases.”
My goal is to create a balanced and coherent experience for the security engineer on call, so they’re spending less time searching and documenting a ticket and more time on meaningful tasks.