Tines, a cybersecurity startup that helps enterprise security teams automate repetitive workflows, has added a further $11 million to its series A funding round. The company had initially announced a $4.1 million series A investment six weeks ago, meaning this fresh cash injection takes its total raised in this round to $15.1 million.
The funding extension was spearheaded by Accel, while Index Ventures and Blossom Capital also participated.
Founded out of Dublin in 2018, Tines’ platform enables companies to pre-build what it calls “automation stories” to perform an unlimited number of steps that would normally have to be carried out manually — this could be something such as log and threat intelligence searches, which may help establish whether a security alert requires further action.
For context, most big companies today have a team of security professionals dedicated to detecting and responding to cyberattacks. They will also typically use various smarts to thwart attacks automatically — this could be antivirus software, a firewall, or myriad other third-party tools. But these tools can create a lot of noise and false alarms, which require humans to dig deeper to see what needs further attention.
And that is where Tines is striving to carve out its niche — it’s about automating the manual, resource-intensive steps that comes after an alert is triggered, and is designed to reduce the pressure on human cybersecurity personnel.
How it works
Tines offers a canvas-type storyboard where users can access agent templates to build their automation stories, and which can be combined in any number of ways. Tines also provides pre-built sample agent configurations for common integrations, for example to automatically create a Slack message based on a specific alert, or carry out a search of VirusTotal.
Tines offers six broad agent types:
- Email Agent: sends emails to recipients
- Event Transformation Agent: contains several modes that modify the contents of data collected in a story.
- HTTP Request Agent: makes and receive requests to other tools’ APIs
- IMAP Agent: monitors an email inbox
- Trigger Agent: makes decisions based on the information already collected in a story by previous agents
- Webhook Agent: allows external tools (e.g. GitHub, Jira, and Splunk) to send data to Tines
It’s worth noting that each agent can be configured to work in slightly different ways, meaning that there can effectively be hundreds of agents working together. The webhook agent can be connected to GitHub, for example, to be alerted whenever a change is made to a repository, and then several event transformation agents can be created to check for different types of data (passwords, email addresses, API keys, etc), and then separate HTTP request agents can be set up to contact the repository owner and the on-call engineer through their preferred mode of communication.
In many ways, Tines is a little like IFTTT (If This Then That) for enterprise cybersecurity. It is entirely customizable and can be used to create security-focused chatbots, respond to phishing emails, run vulnerability scans, contact on-call engineers automatically in the event of a security alert, and even on-board new employees.
“The analogy we sometimes use is that of a carpenter who has a toolkit with a hammer, a saw, a drill, chisel, etc,” cofounder Eoin Hinchy told VentureBeat. “Regardless of the job — building a roof or making a table — they’ll just use those tools in slightly different ways.”
Tines’ core selling point is that its software agents are designed to be easily configurable, with no coding experience. There are other similar platforms out there, of course, such as security orchestration and automation platform Phantom, which Splunk bought for $350 million last year.
However, Tines said a major differentiator for its platform is that it can be integrated anywhere with minimal fuss — it doesn’t require pre-built integrations to interact with third-party systems and services, and plays nice with any tool that has an API. By contrast, many similar automation tools out there are limited to a set number of integrations that have been pre-built by the software maker’s engineers. If customers want to do anything more, they would need to ask the software vendor to build something, or use internal resources to figure out a workaround.
Although Tines is focused squarely on the cybersecurity realm, the company also said that some of its customers are using it for other workflows across IT, developer operations (DevOps), and even human resources (HR). This hints at a possible future direction for Tines, but for now it’s firmly focused on the security realm.
“We’re going to stay focused on security for at least the next 18-24 months, and will use our learning over that period to decide whether it makes sense to move into additional verticals and if so which ones,” Hinchy noted. “The interest we’ve had in Tines and our rate of adoption amongst the world’s leading security teams has surprised even us.”
In the past year, Tines has secured some major clients, including Box, Auth0, and McKesson, and now it has nabbed two of the biggest names from the venture capital world to help it add more big clients to the last. For context, Accel alone has backed Facebook, Slack, Spotify, and Dropbox, while it has a host of security-focused brands in its portfolio of companies including Demisto, a similar company to Tines which was acquired by Palo Alto Networks earlier this year.
In short, Tines is in good company.
“Having spent more than a decade as security operators, Eoin and Thomas [Kinsella, Tines cofounder] have a deep understanding of and appreciation for the pain points that security teams are facing today,” Accel’s Seth Pierrepont said. “We believe automation has become a ‘must-have’ tool within enterprise security operations, and Tines’ easy-to -implement and -customize approach positions it well to very quickly become a category leader.”
With $15.1 million in the bank, Tines said that it’s now well-positioned to expand across its existing markets in Europe and the U.S.