Tines Talks to Us About Automation as a Fundamental Part of Cybersecurity

Automation of dull and repetitive, yet important, tasks is one of the staples of life in IT, Development, or cybersecurity (and many other areas of a business). There is often work to be done which is simply not a ton of fun to do. Everything from sorting through tickets, to permissions reviews, to inventories, etc. Finding ways to do these things in a quick and repeatable way can take as much time as doing the actual thing in the first place. Even with some automation platforms out there, you will invest a significant amount of time building the flow and then maintaining it (looking at you Microsoft).

How is Tines different? Being 100% honest, at their core, they are not all that different from other automation platforms. Tines takes complex tasks which require input from multiple tools and streamlines building workflows around them to take some of the complexity out of them. Where things are different is in being tool, and workflow agnostic. Tines is not specific to any type of workflow, so this is not just a cybersecurity automation tool, it is a “let’s automation what makes sense tool.” There are also guardrails built into the platform beyond simple user and group permissions which allow for better governance and security for workflows which should be siloed.

This does make Tines a bit of an easier sell when you are looking to get it in place for your organization. After all, asking the CFO to cough up additional money for a specific cybersecurity tool is a bigger effort than saying, hey we can get this tool which can help everyone, including finance… (sometimes it is the little things that make a difference).

So, now you have gotten the CFO to pry open the wallet, buy Tines and you have built multiple workflows and automations cutting through hours of drudge work. You might still be in a situation where you still must manually search through different workflows to find information or data that you want/need. The solution; have the intern do it. In the case of Tines, the “intern” it an LLM model which is specific to your tenant. It is not a continuously trained model like regular LLMs, instead it is a model that knows who to ask for information (just like the intern). The example used was: The model does not know someone’s email address, but it knows which workflow to ask to get it for you. Because the workflow is deterministic (the data is verifiable and consistent) you are going to get a proper answer and reduce the risk of the LLM making stuff up because of what it sees as a predictive statistical probability. This new option, once launched, will allow for efficient correlation of information between workflows. The same guardrails applied at the workflow level will prevent unauthorized access and retrieval of data via this LLM.

The LLM can also make suggestion on responses for automated tasks with a human check before implementation. This can be vital when dealing with certain cybersecurity responses (like locking things out). This type of GenAI integration was something of a theme at Black Hat 2024. Automation and GenAI integration where still present, but there was a much more sober and logical approach to its use, like the one which Tines presented. It can do many types of tasks faster and more efficiently, but it cannot replace humans.

Tines seems like a good option for enabling existing teams to get back to the work they should be doing. I cannot count the number of times I have heard cybersecurity and IT teams say they cannot get X or Y done because they do not have the available resources to do it. Being able to remove some of the daily grind could free them up to take care of some of those important projects and tasks moving the needle on cybersecurity and resilience just a little in a positive direction.

You can also check out Tines Community Edition if you want to know more.