Home / Companies / Tines / Blog / April 2024

April 2024 Summaries

10 posts from Tines

Filter
Month: Year:
Post Summaries Back to Blog
Sysdig and Tines have partnered to offer an integrated solution that enhances cloud security by combining Sysdig's expertise in Runtime Insights with Tines' orchestration and automation capabilities. This collaboration allows DevSecOps, Operations, and SOC teams to streamline security processes, quickly detect and respond to sophisticated cloud attacks, and adhere to the 5/5/5 Cloud Detection and Response Benchmark, which aims to detect threats in 5 seconds, triage in 5 minutes, and respond in 5 minutes. The partnership provides enhanced threat detection and automated response, allowing security teams to quickly address threats like Scarleteel while reducing human intervention. The solution also promotes flexible security workflows, simplifying the management of complex security issues. A sample workflow involves Sysdig generating an alert, followed by Tines automating the enrichment, triage, and remediation process, such as blocking a user's AWS console login if necessary. Users can explore these capabilities by signing up for Tines' always-free Community Edition.
Apr 29, 2024 349 words in the original blog post.
Tines has reached a significant milestone with its library now hosting 750 pre-built workflows, 75 of which were submitted by users, showcasing the platform's capability to inspire creativity and collaboration among its community. To celebrate, Tines Labs highlighted five user-submitted workflows that demonstrate the diverse applications and potential of workflow automation. These include a macOS software update management system, an integration of multiple platforms for intrusion detection and alerting, an Azure AD MFA fraud alert monitoring tool linked with Jira, a device locking mechanism via Slack, and an advanced live response tool for Microsoft Defender. Each workflow illustrates the ability of Tines to streamline complex processes, enhance security, and facilitate seamless data sharing across various platforms without compromising security, while the platform's intuitive nature encourages even new users to create sophisticated automation solutions.
Apr 25, 2024 1,208 words in the original blog post.
In a recent episode of The Future of Security Operations podcast, Brent Deterding, currently the Chief Information Security Officer (CISO) of Afni, discusses his journey and unique approach to security leadership. With over 25 years of experience in the field, Deterding shares insights from his unconventional path to becoming a CISO and highlights the importance of reducing stress in incident response while emphasizing risk prioritization and leadership as major challenges in the security domain. Known as "the happy CISO," he focuses on maintaining high job satisfaction and building a team with zero attrition. Brent advocates for strong security measures such as multi-factor authentication, endpoint detection and response, and rapid patching to mitigate common risks like ransomware and phishing. He also discusses the need to focus on efficient processes and recounts his strategic approach during his first three years at Afni, aiming to make security operations seamless and non-urgent. Deterding's philosophy underscores the importance of basics in cybersecurity, advocating for simplicity and a renewed focus on fundamental practices to enhance security effectiveness.
Apr 23, 2024 954 words in the original blog post.
In the latest episode of The Future of Security Operations podcast, Nicolas Chaillan, a prominent security leader with significant roles in US federal agencies, discusses his extensive experience in implementing cutting-edge technologies such as zero trust architectures and Kubernetes for government systems, including jets and space systems. As the founder of multiple companies, Chaillan shares insights into the complexities of introducing new technologies to federal agencies, the evolution of the threat landscape, and the critical role of cross-team collaboration in fostering innovation. He emphasizes the challenges faced by entrepreneurs, particularly in understanding profits and avoiding isolated development, and highlights the transformative potential and challenges of AI in security. Chaillan also addresses the controversial role of platforms like TikTok as national security threats and envisions a future where AI significantly dominates security operations, outpacing human capabilities in dealing with rapidly evolving threats.
Apr 22, 2024 1,266 words in the original blog post.
The integration of Tines and Elastic Observability enables cloud engineers to enhance security operations and achieve cost savings by automating workflows based on real-time insights. By leveraging these platforms, organizations can dynamically scale resources, schedule non-production instance shutdowns during off-peak hours, and implement cost allocation policies to optimize spending. A specific example of such automation is a workflow that detects and remediates high CPU usage on AWS EC2 instances, which automatically adjusts resources to maintain performance. Detailed guides and workflows are available on Elastic's blog, with options for users to import workflows and explore Tines and Elastic's capabilities through free trials.
Apr 16, 2024 436 words in the original blog post.
In a recent episode of The Future of Security Operations podcast, George Griesler, a veteran in cybersecurity since 1997, shared his extensive experience in protecting large-scale events, particularly as the Senior Director of Cybersecurity at the NFL. The discussion covered the evolution of security operations from his early days at the USGA to his current role in securing the Super Bowl, highlighting the complexities of managing threats in both digital and physical arenas. Griesler emphasized the importance of collaboration with organizations like CISA, the FBI, and local partners, as well as the integration of automation and AI in incident response. He also underscored the critical need for a culture of security awareness and knowledge sharing among teams, which is essential for handling the high-pressure environment of live sports events. The conversation touched upon the challenges of securing various elements, such as scoreboard systems and player identities, against potential cyber threats, while also preparing for possible disruptions, as evidenced by the recent MGM Resorts cyber attack.
Apr 15, 2024 1,312 words in the original blog post.
In a recent episode of The Future of Security Operations podcast, cybersecurity expert Adam Khan shares insights from his 25-year career, discussing topics such as the impact of a significant DDoS attack on his career trajectory, the importance of automation in reducing alert fatigue, and strategies for bridging the cybersecurity skills gap. Currently the VP of Global Security Operations at Barracuda, Khan highlights the potential of AI-driven XDR to enhance security operations and elaborates on how AI is both aiding defenders and being exploited by adversaries. He emphasizes the crucial role of continuous learning and a culture of resilience, drawing from his experiences in site reliability engineering and the importance of embracing mistakes as learning opportunities. Khan's reflections include the benefits of external XDR platforms for growing companies, the evolution of cyber threats in the AI era, and the value of community knowledge sharing in advancing cybersecurity practices.
Apr 08, 2024 1,053 words in the original blog post.
Tines has launched a channel partner program aimed at enhancing collaboration with over 200 leading organizations, including companies like Mars, McKesson, and Dropbox, to address business and technology challenges through automated workflows. This initiative is designed to capitalize on the rising demand for solutions that enhance operational efficiency and risk mitigation. The program segments partners into three tiers—Verified, Select, and Growth—based on their investment and shared customer engagement, offering competitive incentives, sales support, and marketing tools that increase in value with partner progression. In 2023, Tines doubled its partners, with 90% of new customer deals involving them, and 35% of net new revenue sourced from partnerships. This growth is supported by comprehensive product and technical certifications for engineers, ensuring expertise in the Tines platform. The program underscores Tines' commitment to fostering a collaborative ecosystem that drives shared growth and optimizes crucial business workflows.
Apr 03, 2024 505 words in the original blog post.
In a guest blog post, Marcus Hallberg and Attila Dulovics, senior security engineers at Spotify, describe a Tines workflow they developed to facilitate identity federation between Google Cloud Platform (GCP) and Amazon Web Services (AWS). As organizations increasingly adopt multi-cloud strategies due to business needs such as acquisitions and partner integrations, identity federation becomes crucial for enabling secure and efficient access to resources across different cloud environments with a single set of credentials. This process involves exchanging authorized identities based on pre-established trust relationships, allowing, for instance, a GCP service account to access AWS resources without static credentials. The authors illustrate this with a specific example of enabling a Google service account to list AWS S3 buckets by utilizing Google’s OpenID Connect infrastructure and configuring AWS Identity and Access Management (IAM) roles accordingly. This setup not only streamlines cross-cloud access but also enhances security by reducing the need for service account keys, and it facilitates automation for tasks ranging from cloud security to regular operations. The blog post also offers additional resources, including a GitHub repository and a Tines story, to help users implement and test this identity federation approach.
Apr 02, 2024 658 words in the original blog post.
Matt Johansen, Head of Software Security at Reddit and a guest on The Future of Security Operations podcast, discusses his extensive experience in cybersecurity, emphasizing the importance of scrappiness, overcoming the sunk-cost fallacy, and moving beyond superhero culture in security teams. He shares insights from his career transition from Bank of America to Reddit, highlights lessons learned from the 2014 Sony hack, and stresses the significance of automating incident response to enhance efficiency. Johansen also touches on mental health in security, advocating for work-life balance and moving past imposter syndrome. He underscores the necessity of cross-team collaboration, particularly with legal teams, to streamline incident response, and highlights the benefits of documenting every step in the process. Ultimately, he promotes development practices that blur the line with security practices, advising aspiring security professionals to demonstrate their passion and knowledge through proactive learning and contributions to open-source projects.
Apr 01, 2024 1,402 words in the original blog post.