Tines, a cybersecurity startup that helps enterprise security teams automate repetitive workflows, has added a further $11 million to its series A funding round. The company had initially announced a $4.1 million series A investment six weeks ago, meaning this fresh cash injection takes its total raised in this round to $15.1 million.

The funding extension was spearheaded by Accel, with participation from Index Ventures and Blossom Capital.

Founded out of Dublin in 2018, Tines enables companies to prebuild what it calls “automation stories” to perform an unlimited number of steps that would normally have to be carried out manually. This could include log and threat intelligence searches to help establish whether a security alert requires further action.

For context, most big companies today have a team of security professionals dedicated to detecting and responding to cyberattacks. They will also typically use various smarts to thwart attacks automatically — from antivirus software to a firewall or myriad other third-party tools. But these tools can create a lot of noise and false alarms that require humans to investigate more deeply.

This is where Tines is striving to carve out its niche — by automating the manual, resource-intensive steps that come after an alert is triggered and reducing the pressure on human cybersecurity personnel.

How it works

Tines offers a canvas-type storyboard where users can access agent templates to build their automation stories and combine them in any number of ways. Tines also provides prebuilt sample agent configurations for common integrations, to automatically create a Slack message based on a specific alert, for example, or carry out a search of VirusTotal.

Tines offers six broad agent types:

  • Email Agent: sends emails to recipients
  • Event Transformation Agent: contains several modes that modify the contents of data collected in a story
  • HTTP Request Agent: makes and receive requests to other tools’ APIs
  • IMAP Agent: monitors an email inbox
  • Trigger Agent: makes decisions based on the information already collected in a story by previous agents
  • Webhook Agent: allows external tools (e.g. GitHub, Jira, and Splunk) to send data to Tines

Above: Automating tasks in Tines

It’s worth noting that each agent can be configured to work in slightly different ways, meaning there can effectively be hundreds of agents working together. The webhook agent can be connected to GitHub, for example, and be alerted whenever a change is made to a repository. And then several event transformation agents can be created to check for different types of data (passwords, email addresses, API keys, etc.), after which separate HTTP request agents can be set up to contact the repository owner and the on-call engineer through their preferred mode of communication.

In many ways, Tines is a little like IFTTT (If This Then That) for enterprise cybersecurity. It is entirely customizable and can be used to create security-focused chatbots, respond to phishing emails, run vulnerability scans, contact on-call engineers automatically in the event of a security alert, and even on-board new employees.

“The analogy we sometimes use is that of a carpenter who has a toolkit with a hammer, a saw, a drill, chisel, etc.,” cofounder Eoin Hinchy told VentureBeat. “Regardless of the job — building a roof or making a table — they’ll just use those tools in slightly different ways.”

Tines’ core selling point is that its software agents are designed to be easily configurable, even with no coding experience. There are other similar platforms out there, of course, such as security orchestration, automation, and response (SOAR) platform Phantom, which Splunk bought for $350 million last year.

However, Tines said a major differentiator for its platform is that it can be integrated anywhere with minimal fuss — it doesn’t require prebuilt integrations to interact with third-party systems and services, and it works with any tool that has an API. By contrast, many similar automation tools out there are limited to a set number of integrations that have been prebuilt by the software maker’s engineers. If customers want to do anything more, they would need to ask the software vendor to build something, or use internal resources to figure out a workaround. “We fundamentally disagree with this approach and believe that users on the front line, with no development experience, should be able to automate any workflow,” Hinchy said.

Beyond security?

Although Tines is focused squarely on the cybersecurity realm, the company said some of its customers are using it for other workflows across IT, developer operations (DevOps), and even human resources (HR). This hints at a possible future direction for Tines, but for now it’s firmly focused on the security realm.

“The interest we’ve had in Tines and our rate of adoption amongst the world’s leading security teams has surprised even us,” Hinchy continued. “We’re going to stay focused on security for at least the next 18-24 months and will use our learning over that period to decide whether it makes sense to move into additional verticals, and if so which ones.”

In the past year, Tines has secured some major clients, including Box, Auth0, and McKesson, and it has now nabbed two of the biggest names from the venture capital world. For context, Accel alone has backed Facebook, Slack, Spotify, and Dropbox, and it has a host of security-focused brands in its portfolio, like Demisto, which is a similar proposition to Tines and was acquired by Palo Alto Networks earlier this year.

In short, Tines is in good company.

“Having spent more than a decade as security operators, Eoin and Thomas [Kinsella, Tines cofounder] have a deep understanding of and appreciation for the pain points that security teams are facing today,” Accel partner Seth Pierrepont said. “We believe automation has become a ‘must-have’ tool within enterprise security operations, and Tines’ easy to implement and customize approach positions it well to very quickly become a category leader.”

With $15.1 million in the bank, Tines said it’s now well positioned to expand its cybsersecurity automation platform across its existing markets in Europe and the U.S.

Sign up for Funding Weekly to start your week with VB's top funding stories.