Automating customer demos with Tines SOAR

Automating customer demos with Tines SOAR

10 minutes of awkward introductions. 30 minutes of stock-slides. A 15-minute vanilla product demo (the only part you’re actually interested in). And finally, 5-minutes of rushed questions before your hard-stop at the top of the hour. Sound familiar? From our experience, this is how a vendor demo typically goes. We want demos of the Tines security automation platform to be different. In this post, we explore how we use our SOAR platform to automate customer demo preparation, ensuring we provide as valuable an experience as possible.

Automating customer demo scheduling

(Left hand flow in story diagram)
In Automating Trial Creation, we described how we use Tines to automate interaction with non-traditional security tools like DigitalOcean and SendGrid. Another great example of the flexibility that the action-event integration architecture provides is how we use Calendly. When a customer books a Tines demo either on or, a Webhook action receives the details from Calendly.

Depending on the event type from Calendly, Tines creates or removes an appointment on a shared calendar where we track customer demos. In addition, Tines updates our CMS, Hubspot, with the customer’s details.

Using the Tines Security Automation platform to customize demos

(Centre flow in story diagram)

Tines supports an unlimited number of automation use-cases. To ensure our demos are focused on a use-case that matters to the customer, we let them choose an automation story which we then walk through during their demo.

48 hours before their demo is scheduled, the customer will receive an email similar to the below.

Tines demo email sent to customer

By including a link to the Tines employee’s LinkedIn profile and a slide deck describing Tines, its core features and differentiation points, nine times out of ten we can skip the long intros and jump straight into the most valuable part: the product demo.

This email also allows the customer to “choose their own adventure”. Each of the story links uses a Tines Security Automation Platform prompt widget which will emit an event in our HQ Tines tenant when clicked. Although there are other ways we could collect this feedback, by using the prompt widget, we try our best to ensure the customer has had some exposure to the Tines Security Automation Platform before the demo even starts!

Automating customer context collection with the Tines SOAR platform

(Right hand flow in story diagram)
Allowing the customer choose the subject of their demo is a great start, however, there’s many more pieces of information that would help us tailor the demo with more granularity. For example: how mature is the customer’s security program, what tools do they use, and what are their current priorities?

Without asking the customer, there’s no way to know the answers to these questions. However, we can automate passive collection of open source intelligence that will at least help us develop a clearer understanding of the customer’s security program.

For example, in advance of a customer demo, we automate collection of the following with Tines HTTP Request actions:

  • Basic information about the company (size, location, revenue)
  • Best guess at the demo requester’s LinkedIn profile
  • Previous Tines trials for both the demo requester and others at the company
  • Whether the company submits attributable suspicious URLs to public sandboxes
  • Current security-related job openings (these will often provide insight into tools the company uses)
  • Whether the company has DMARC enabled on their domain
  • Number of customer employees that have been included in known data breaches
  • Who is the company’s email provider
  • Where is the company’s website hosted

The end result is that 24 hours before the customer demo, the Tines employee scheduled to provide the demo will receive an email similar to that shown below:

Sample of Tines email sent to employee in advance of demo


The impact of a vendor demo is still largely reliant on the person providing the demo. Their ability to engage the customer, understand their requirements and answer their questions clearly and effectively is crucial. However, automating large parts of the demo preparation up-front, means we avoid many of the common pitfalls all too common in vendor demos.

The kind of laid-back shortcut described in this post isn’t going to change the world, but the efficiency and improved customer experience it provides adds up. With the Tines SOAR platform there is virtually no limit to the automation possibilities available. The action-event integration architecture provides a consistent integration experience regardless of the target system. This is increasingly important as security teams automate interaction with non-traditional security tools.

*Please note we recently updated our terminology. Our "agents" are now known as "actions," but some visuals might not reflect this.*

Do less. A lot more.

Subscribe to our newsletter and get world class automation ideas straight to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.