Why McKesson chose Tines for its refreshing approach to security automation
Ranked at number seven in the 2019 Fortune 500 list, McKesson employs 78,000 people across the globe. It partners with biopharma companies, care providers, pharmacies, manufacturers, governments, and others to deliver the right medicines, medical products, and healthcare services to the patients who need them, when they need them — safely and cost-effectively.
What’s the challenge?
McKesson’s Active Defence team responds to cybersecurity incidents across the company. While it has a highly developed toolset for detecting incidents and raising alerts, there was a need to make the next stage in their work — processing alerts and making sure they’re handled effectively — more efficient.
Director of Active Defence, John McSweeney needed a platform to automate the repetitive work of processing alerts. This would free the team up to focus their time and expertise on the most important incidents.
After assessing solutions from across the market, McKesson chose Tines for its refreshing approach to security automation. Tines’ architecture is built around simplicity and ease of use, meaning it could be production-ready in a short period of time. The Active Defence team was quickly able to set up automation flows without any specialist software development knowledge. Unlike with some rival solutions, there was no need to hire coders. After all, if you have a deep understanding of your work, you’re the best person to automate it.
McKesson’s Director of Active Defence, John McSweeney, explains how the company makes use of Tines.
We began by automating the most mundane tasks the Active Defence team have to deal with. For example, when a new security incident is identified, one of the first jobs is to set up an incident response chat room, including all relevant security professionals and stakeholders from across the company. This used to be done manually and was prone to human error. When as many as 55 people might be invited to the room, it was common that at least sometimes some incorrect people would be invited.
With Tines automation, an incident response chat room is set up, with invites sent to all the correct people, and all the relevant documents and information attached and ready, all without anyone lifting a finger. Next we moved onto a more complicated problem. When we detect a login to the McKesson network from an unexpected location, we have to check that the person logging in is who they say they are —maybe they’re on vacation, or working on assignment in an unusual place. While an email to that person’s manager might seem like a simple task, it has to be done quickly and in the correct language, as McKesson is a global company. With Tines, the right email is sent to the right person, in the right language, as soon as the suspicious login is detected.
Tines also works to correlate reports from our anti-virus software, helping us detect potentially serious mass-breakouts that need our urgent attention. Across our workflows, Tines saves time and money, and eases our workload. And that’s just the start. We have a whole host of other use cases we’ll be putting Tines to work on in the near future. These include assessing risk from our third-party partners, and automating our assessment of software patches applied by McKesson’s IT management teams.
What’s more, the level of support we’ve received from Tines is beyond anything we could ever expect. The Tines team is very fast and responsive, helping us to get up to speed and succeed with automation. And our relationship is a real partnership; our experiences help guide the way the Tines team develops their product. Some of our automation cases may sound simple, but they’re impressively effective. We’ve found that just one of our earliest implementations frees up 1.5 analysts per week. That’s a lot of human hours that we can put into more complicated and professionally rewarding work.
Our success is built on automation, and that success is built on Tines.