R3 is a leading provider of distributed ledger technology and services for the development of distributed solutions that power multi-party workflows in regulated markets where trust is critical. R3 provides the world's leading distributed application platform Corda powering digital finance.
The R3 security team needed an automation solution to scale their operations and improve their ability to communicate their ROI (Return on Investment) with key stakeholders across the organization. They turned to Tines to achieve these goals.
Tines saves the team approximately 223 hours a month, 219 hours of which are related to a Microsoft Sentinel workflow, and $6,400 a month. Jake Roberts, Security Operations Engineer at R3, talks through the challenges his team was experiencing, the impact of Tines, and their plans to develop more automation workflows with Tines and AWS.
R3 has a small security team, and its security operations were still relatively immature when Security Operations Engineer Jake Roberts began considering automation.
“I was the first security operations hire at R3. My main responsibilities are to build our security operations function, develop our incident response capabilities, and all the trappings and trimmings of the security operations team but within the constraints of a company R3’s size. So, triaging events and alerts, security engineering of tools and products, and automation for which Tines is our sole vendor and a key component of what we do.”
The team used some basic automation tools before Tines but recognized they had a skills gap. Jake was unimpressed with other SOAR platforms on the market based on his previous experience.
“I didn’t know about Tines until I went to a security conference in London, BSides, where I met one of the co-founders, Thomas Kinsella. I had a really good conversation with him about a lot of the challenges, our use cases, and the misconceptions I had about products in this space before seeing Tines and how the product works.”
Since they’re a small team, Jake wanted a solution capable of scaling quickly and was impressed by Tines’ ability to support their evolving use cases while enabling them to continue to be agile.
“We’re a small company, so we don’t need to scale too hard, but being able to scale up quickly in parallel with our DevOps vibe is important - we have to be nimble because we’re only three people. So that was kind of the tipping point.”
“We were looking down the barrel of being a small team with a SOC, a SIEM, and things to run, but we didn’t have any automation. Then Tines fell into my lap, and it was the perfect fit. It was one of those rare cases where a vendor has a product that really fits your needs, and Tines did and still does for me.”
Security Operations Engineer, R3
“Other big box providers have good products, but if you’re a small business like us and you don’t have or care to have someone with a bunch of Python experience, then before Tines, there weren’t really a lot of options. Tines comes on the market, and suddenly, it doesn’t matter if you know a programming language or not. It helps if you can understand the concepts, but you don’t need code to use Tines.”
The team had an old Python module for a scanning product that required a lot of resources and coding skills to maintain. With Tines, they managed to completely eliminate the maintenance and people hours needed to ensure this process runs smoothly.
“It took less than a week to transfer this workflow to Tines from start to finish. That’s a real-world example of having a body of code already doing some automation stuff, but I don’t want to maintain it, and I need to be able to articulate it to the business to show our ROI as a team. Then comes Tines, enabling us to augment what we already have and make it even better.
“I look back to previous times of trying to explain Python functions and the inner workings of a workflow to executives, upper management, and other teams into words they could understand, whereas, with Tines, you can have this unified conversation without having to spend time prepping and converting code into talking points, because Tines is inherently accessible, you can showcase as you would a graph in a PowerPoint, it’s just a flow chart.”
With Tines, R3’s security team estimates they’ve been able to build an automation function that equates to the work of more than five engineers. Jake explains, “It’s very hard to quantify just how much time we've saved or even the cost, apart from the monetary salary count for five people plus hours spent, but it’s even more than that. Looking at the numbers, Tines saves us approximately 223 hours a month. If I had heard that before, I wouldn’t have believed it but seeing how Tines impacts my team and the benefits are remarkable.”
Finally, the team was won over by Tines’ laser focus on automation. Jake adds, “Tines is not trying to be any other product; it knows what it is, and that’s what it’s doing. So many other products try to be a Swiss Army knife because it’s lucrative, but they dilute themselves so much that the core product is lost. My wish is for Tines to stay in its lane because that’s why it’s dominant in the market.”
Next, the R3 team is looking to build AWS workflows with Tines. “Very soon, we will be doing things with AWS and Tines, for example, enriching AWS alerts with more context using GuardDuty, then taking action to isolate new connections, lock attackers down, and that type of thing. It’s a maturity thing, so that will be a natural progression for us, and Tines will definitely be at the forefront of that.”