How Box uses Tines to automate security workflows

About Box

Box provides cloud-based content management and file sharing services for 97,000 businesses around the world, including 68% of the Fortune 500. Founded in 2005, the company is based in Redwood City, California and employs more than 2,000 people around the world.


What’s the challenge?

Even before deploying Tines, Box was already deeply invested in security automation. The company has a dedicated Security Automation team, set up to support security incident response across the company. The team builds internal tools, frameworks, and SDKs to help keep Box and its employees safe.

The team had created effective automation tools themselves. But because they were coded into Python scripts, it was hard for a wider audience to read or edit what they did. Only proficient coders were able to make changes as the incident response team’s needs evolved over time. This was a bottleneck to further improving the efficiency dividend that automation provides.

As a result, Box needed a product that simplified the creation of new tools and third-party integrations, And it needed to make editing them easy, no matter the skill set of the security professionals using them.

Why Tines?

Box chose Tines as, unlike some competitors, it integrated well with the company’s existing automation, which was set up and running on web servers. This painless integration meant the company didn’t need to tear down everything it had built and start again. Instead, Tines provides an easy-to-use interface for modifying the existing tools, while also making it simple to create new automations as required.

Tristan Waldear, security automation manager at Box, explains how the company is using Tines to enhance automation workflows and empower security professionals.

Tines has enabled a level of customization and utility that wasn’t previously available to Box’s security analysts. 

We first put Tines to work enriching our investigation workflow for suspected phishing emails. The system we already had in place scanned attachments and links, looked up the sender and recipient, and automatically put all that data into a support ticket. But only we in the Security Automation team knew how it worked or could change it. 

Now incident response analysts can customise the workflow to suit their needs. And they can add extra features to suit their own playbook without having to request any software updates from us. For example, they can create a button that automatically removes a malicious email from an inbox. 

Integrating Tines with our existing technology was incredibly easy, and the super-responsive support we receive has made the ride even smoother. 

So far, we’ve left our previous code in place, but in time we plan to completely replace some of it with Tines. Once that is done, anyone on the incident response team will be able to easily maintain, fix, and improve the entire automation process as needed. 

And it’s not only about incident response. There are ways we can envisage deploying Tines to make the lives of people across all of Box’s security and compliance teams easier. There is a lot more we’ll be doing with this powerful software.

With Tines, we have smarter efficiency.