Security orchestration sounds great in theory, but in practice, coordinating between different security tools remains a headache. As workflows need to move faster to keep pace with AI-driven attacks, security professionals find themselves overwhelmed with manual “muck work” rather than focusing on business enablement.
In this episode, Matt Muller, field CISO at Tines, explains how their no-code workflow automation platform helps security teams eliminate manual work that bogs them down. Joining him are Bil Harmer, information security advisor at Craft Ventures, and Brett Conlon, CISO at American Century Investments.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Tines
Full Transcript
[Voiceover] Connecting security solutions with security leaders, Security You Should Know starts now.
[David Spark] Welcome to Security You Should Know. Hey, I’m David Spark. I’m co-hosting today’s episode. And today we are talking about Tines and what they are doing in orchestration and automation. Now the problem they’re addressing is coordinating between different security tools. Helping us to get answers to these questions about this very issue are Bil Harmer, who is the information security advisor over at Kraft Ventures, and Brett Conlon, who’s the CISO over at American Century Investments. So, Bil and Brett, I’m going to start with both of you. I’ll start with you, Bil, specifically. Why is coordinating between our different tools still a problem? And by the way, I know we’ve got a lot of them.
[Bil Harmer] It’s still a problem because I think we’re becoming more point solution focused. So, a little less platform, a little bit more very specific to the task at hand. We’ve got a ton of different nomenclature and definitions. People are using them differently within their tools. And we’re moving faster and faster. So, with the AI attacks coming, the workflow has to move faster, and we have too much interpretation on the people side.
[David Spark] Ah, very nice setup. What would you add to that, Brett?
[Brett Conlon] Yeah, I think just adding to that, we see the platforms taking over and sort of once you have a mature space, right? But when you see new technologies such as AI, LLMs coming out, more emphasis around machine learning, then you get point-in-time solutions and then it takes about five years to see that platform evolve. And so, unfortunately, when those platforms evolve, they really focus on what they’re good at, and you’ll see three or four tools combined, but there’s still so many other tools that have to come in that we just can’t get a handle around one unified platform.
[David Spark] Very, very good setup. All right, so we have a really good idea of how sort of nasty this problem is. So, helping us get answers to these questions, as our guest today, we’re going to be talking to Matt Muller, who’s the field CISO over at Tines. To start out, Matt, we want you to answer the three essential questions we ask all guests. So, here we go. The three questions, Matt, are, how do I explain the value of your solution, Tines, to my CEO? What does your solution do and what does it not do? So, what lane do you swim in, if you will? And lastly, what is your pricing model? We want to understand like how do you charge for your product. So, give us an explanation of all three.
[Matt Muller] Well, if you think about what the CEO wants from the security team, it basically boils down to two things, help manage risk and help the business move forward safely. And unfortunately, within the security team, the reality is we spend most of our days doing anything but those two missions, right? We have analysts that are dealing with false positive alerts, right? Maybe a day or even a weeklong backlog of alerts. We have GRC professionals who, rather than helping us figure out the regulations to open up new markets, are buried in manual spreadsheets and figuring out how to pull information across dozens, if not hundreds, of different systems into those sheets. And so, what Tines does is helps security teams deal with those, what we call pieces of muck work, right? Muck work is the undifferentiated work that everyone has to get done but doesn’t really contribute to business value. And we do this through providing a no- or low-code interface for building workflows with automation and AI and help the security team focus on the creative aspects of their jobs rather than having to do that toilsome work. Ultimately, our pricing is sort of reflective of the fact that we want to be able to help you automate as much of your work as possible. And so, we have a base platform fee with a couple different sizes of pricing depending on how much you want to automate or how big your organization is, with a few add-ons here and there on top of that. But ultimately, it’s about helping people map the automation that they do back to the value they’re providing to their CEO.
[David Spark] And just to clarify, if I understand correctly, your pricing is based on how much automation I do with your product, yes?
[Matt Muller] Exactly.
[David Spark] Okay, that’s good. I like that. All right, so we’ve got a basic understanding of what Tines does. I’m going to throw this to you, Brett. I’m sure you’ve got plenty of questions and I kind of like this setup of getting rid of the muck work. So, what are your questions you have for Matt, Brett?
[Brett Conlon] So, Matt, sounds awesome. So, let’s just talk a little bit about, like you mentioned,we have this GRC platform, you have a vulnerability management platform, you’ve got your cloud security platforms. How does your solution sort of tie that in and what does that really shift for my team now that they’re focused on?
[Matt Muller] Yeah, what we find is that a lot of teams have very effective point solutions, right? And a point solution can actually be fairly broad. Maybe it’s a magic marker and not necessarily a pencil. But at the end of the day, the security team is often operating in a different context than, say, your engineering team in maybe a vulnerability management world. And so, in a previous manual operations world, we’ve talked with teams that went into their vulnerability management tool, manually pulled out every single vulnerability, deduplicated the results, pasted those into tickets for the engineering team to pick up and then manually tracked the results of themremediating those vulnerabilities. With Tines, we can help automate the connection of all those tools, right? It’s sort of the glue or the last mile of automation that really helps eliminate those manual processes. So, we’re not looking to displace necessarily the GRC solution that you already have, but we do think that we have ways to make it more effective and easier to use in terms of how the outcomes and outputs from that gets disseminated to the rest of the organization.
[David Spark] I kind of like that. Bil?
[Bil Harmer] So, I’m just going to bounce off of that and sort of keep going then. So, based on that scenario and not fully replacing a GRC, but providing that automation in the workflow, what visibility and audit capabilities exists inside Tines for monitoring automated actions?
[Matt Muller] There is a tremendous amount of visibility, and this is actually one of the things that we actually find security teams end up appreciating a lot about the platform because if you look at our modern sort of SaaS-based world, let’s be honest, there’s not a lot of telemetry that you can pull out of most SaaS solutions, right? And the audit trail can be a little bit bare and maybe some of our dual controls around approvals versus applying changes can’t necessarily operate in a SaaS context. So, within Tines, when you build a workflow, all of the sort of meta information about who is building things, who’s editing things, how are they managing the platform, everything is instrumented as an audit log. But then we actually go one step further. Every action within Tines, every time it executes, records its own audit trail, and these audit trails build up as you execute a workflow. So, by the time you’ve reached the end of your workflow, you have a complete picture of all the data that went into it, every manipulation of that data, all the outputs that occurred, right, and what those outputs were. And you can retain this audit trail for as long as you like so that youhave, again, that visibility and more importantly, that control over what’s happening in your other systems. We think as the automation platform that’s sort of serving as the glue here, we can often help fill the gaps where maybe another solution that you want to use is a little bit less mature when it comes to monitoring, auditing, and accountability there.
[David Spark] All right, going back to you, Brett, any other question you have?
[Brett Conlon] Yeah, just real quick and hitting on sort of the auditing piece a little bit, but obviously in heavily regulated sectors, so like finance for myself, right, you have integration of AI and LLM workflows in there. So, how do you ensure that Tines’ AI guardrails are maintaining security and privacy for a company like myself?
[Matt Muller] Yeah, our motto is that we allow you to bring as much AI as you would like to any sort of given workflow context and scenario. And sometimes that means zero AI, right, for not every workflow, but some have to be deterministic. Sometimes the stakes are too high to even consider introducing AI, and we think that’s totally fine. Where you do want to introduce AI, by default, we use AWS Bedrock for our cloud environments, which means no logging, no internet traversal of any of your data, no training on any of that data, and we also allow you to bring your own AI models as well. So, if you have a preferred AI model proxy or if you have a preferred AI provider that you have an enterprise relationship with, we’re not going to get in the way of that. We believe that teams should be able to use AI to their comfort level and in the scenarios that they want to without us prescribing even the specific set of models that you have to use. And again, everything that the AI does within the platform is still subject to all of the audit logging and monitoring and audit trails that we have for our regular workflows as well.
[David Spark] Bil?
[Bil Harmer] I love this. Brett sets them up and I’m just going to jump on that one and sort of go further.
[David Spark] Oh, then I’m going to make you ask the next question after that, too.
[Laughter]
[David Spark] Give Brett a chance.
[Brett Conlon] No, no. I love his questions. They’re fantastic. So, sort of with that access, like you mean not just AI, but you’re going to have access to a lot of different systems in there. And I would assume more than just the security systems as well because if I want context to some of my workflows, I’m going to need to bring that into Tines. How do you guys manage the credentials, secrets, API keys? Like, I don’t want to be putting Tines in and finding out that I just put a whole bunch of hard-coded, clear-text passwords[Laughter] into a workflow.
[Matt Muller] Yeah, absolutely. We put a lot of thought into our credential management systems. And so, in addition to everything being encrypted in transit and at rest, we have multiple levels of field layer encryption on the credentials that we hold for you. Who is able to access those credentials is extremely limited in terms of you being able to apply your own roles, right? Credentials are sort of a right-only thing. Once you put a credential into the system, you can use it, but a human cannot retrieve that value out of the system again. And we definitely have folks who are in either highly secure environments or air-gapped environments where even using a cloud version of Tines doesn’t meet their security requirements. And so, we have a containerized version of Tines that can deploy on-premise in any containerized environment. And for those customers, we give them that full control, everything from the database on up to make sure that Tines is operating according to their security standards.
[David Spark] All right. I’m going to give each of you just one quick question because we only have about a minute and a half left. So, I’m going to start with you, Bil, so you don’t get to ride on Brett again. Bil, what’s your last question?
[Bil Harmer] [Laughter] All right. My last question then is going to go down to the privacy side. Who at Tines, in a cloud version, I understand you have container and on-prem, but in probably the most common sense or common deployment, who at Tines has access to my data and how do I know when and if they’re accessing it?
[Matt Muller] Yes, this is something that we take very, very seriously. And there’s a small number of folks in sort of our infrastructure and engineering organization who are able to escalate permissions into AWS, but everything they do there is instrumented, right? Every command that they run, every action that they take, everything is audited and monitored. And again, we want to make sure that if a human does access your data, it’s with your permission, right? Maybe we’re helping you troubleshoot something. And otherwise,making sure that we’re locking as many humans at Tines out of production systems as possible. You’ll be relieved to know I have no access to your production data, right? So, definitely something that we tried to build in from the ground up there, for sure.
[Brett Conlon] So, with the last question, can I ask a little bit more about like customer impact? So, could you share a specific customer story where Tines significantly transformed like the team’s workflow or security operations and what made that implementation particularly successful?
[Matt Muller] Yeah, I mean, there’s a couple examples that come to mind. We worked with Texas A&M University recently to help them automate hundreds of hours of work per month. We have a case study with Elastic who I believe is able tosubstitute the work of a couple FTEs with Tines. And it’s because what these teams were working on was that sort of manual painful work, right? You don’t need a human being to analyze every single phishing email that gets reported to the security team. Sometimes they are legitimately going to be from your human resources system, right? And maybe you have an especially paranoid end user that’s just reporting everything to the security team. And so, by automating this work where humans truly don’t add value to that process, these customers were able to then refocus on finding the adversaries, right? Shifting those resources to actually providing the business value and ultimately making sure that when you have a security team member, that they’re not just a button pusher, right? They were actually able to leverage their knowledge and expertise in different places.
[David Spark] Excellent. Well, that brings us to the almost tail end of our show. Matt, I have one last question for you. Is there something that did not come up, just one thing you would like everyone to know that didn’t come up in our conversation?
[Matt Muller] I think the one thing about Tines that all of our customers come to appreciate is just how customer obsessed we are when it comes to shipping new features. If you go to tines.com/whats-new, you will find sometimes dozens of new features a month that we’re shipping. And these are actual meaty features, right? That serve a real need. Almost every single one of them came from a customer request. We are that obsessed with making sure we are an extension of your security team and shipping the software that is actually valuable and wanted by our end customers, which can be a little weirdly rare in the cybersecurity world.
[David Spark] That is awesome to hear.I love the fact that you have that space. So, see for yourself how often they’re updating it by going to tines.com/whats-new, did you say?
[Matt Muller] /whats-new.
[David Spark] All right. Well, that’s it for this episode of Security You Should Know. I’m David Spark, who’s filling in for Rich Stroffolino. To learn more though, head over to Tines’ site. Remember, you can just go to tines.com. If you want to see the new stuff, you go to tines.com/whats-new. If you have any feedback or questions for Matt, you can send them to us at feedback@CISOseries.com. We’ll get them to him, but you can also contact Matt. Matt Muller, we’ll have a link to his profile over on LinkedIn as well. And huge thanks to our two guests. That’d be Bil Harmer and Brett Conlon for helping us learn more about Tines. And thank you, Matt Muller from Tines, for your time and being game to answer all of the questions of which, by the way, I should mention to our audience, he didn’t know any of these before this started. We don’t send him the questions beforehand. We just say you’re going to get asked a lot of questions. So, he answered those all on the fly. So, thank you to our audience. We greatly appreciate you listening to Security You Should Know.
[Voiceover] That wraps up another episode of Security You Should Know. If you like this program, please subscribe, tell your friends, and leave us a review. All companies showcased on this program are sponsors of CISO Series. If your company would like to be spotlighted and interviewed by our security leaders, go to our contact page on CISOseries.com or just email us at info@CISOseries.com. Thank you for listening to Security You Should Know, connecting security solutions with security leaders.