Automating customer demos with Tines SOAR

Last updated on

Written by Eoin Hinchy

10 minutes of awkward introductions. 30 minutes of stock slides. A 15-minute vanilla product demo (the only part you’re actually interested in). And finally, 5-minutes of rushed questions before your hard stop at the top of the hour. Sound familiar?

From our experience, this is how a vendor demo typically goes. We want demos of the Tines security automation platform to be different. In this post, we explore how we use our SOAR platform to automate customer demo preparation, ensuring we provide as valuable an experience as possible.

Automating customer demo scheduling 

(Left-hand flow in Story diagram)
In Automating Trial Creation, we described how we use Tines to automate interaction with non-traditional security tools like DigitalOcean and SendGrid. Another great example of the flexibility that the Action-Event integration architecture provides is how we use Calendly. When a customer books a Tines demo on, a Webhook Action receives the details from Calendly.

Depending on the event type from Calendly, Tines creates or removes an appointment on a shared calendar where we track customer demos. In addition, Tines updates our CMS, Hubspot, with the customer’s details.

Using the Tines Security Automation platform to customize demos 

(Centre flow in Story diagram)

Tines supports an unlimited number of automation use-cases. To ensure our demos are focused on a use-case that matters to the customer, we let them choose an automation Story which we then walk through during their demo.

48 hours before their demo is scheduled, the customer will receive an email similar to the below.

By including a link to the Tines employee’s LinkedIn profile and a slide deck describing Tines, its core features, and differentiation points, nine times out of ten we can skip the long intros and jump straight into the most valuable part: the product demo.

This email also allows the customer to “choose their own adventure”. Each of the Story links uses a Tines Security Automation Platform prompt widget which will emit an event in our HQ Tines tenant when clicked. Although there are other ways we could collect this feedback, by using the prompt widget, we try our best to ensure the customer has had some exposure to the Tines Security Automation Platform before the demo even starts!

Automating customer context collection with the Tines SOAR platform 

(Right-hand flow in Story diagram)
Allowing the customer to choose the subject of their demo is a great start, however, there are many more pieces of information that would help us tailor the demo with more granularity. For example: how mature is the customer’s security program, what tools do they use, and what are their current priorities?

Without asking the customer, there’s no way to know the answers to these questions. However, we can automate the passive collection of open-source intelligence that will at least help us develop a clearer understanding of the customer’s security program.

For example, in advance of a customer demo, we automate the collection of the following with Tines HTTP Request Actions:

  • Basic information about the company (size, location, revenue)

  • Best guess at the demo requester’s LinkedIn profile

  • Previous Tines trials for both the demo requester and others at the company

  • Whether the company submits attributable suspicious URLs to public sandboxes

  • Current security-related job openings (these will often provide insight into tools the company uses)

  • Whether the company has DMARC enabled on their domain

  • Number of customer employees that have been included in known data breaches

  • Who is the company’s email provider

  • Where is the company’s website hosted

The end result is that 24 hours before the customer demo, the Tines employee scheduled to provide the demo will receive an email similar to that shown below:


The impact of a vendor demo is still largely reliant on the person providing the demo. Their ability to engage the customer, understand their requirements and answer their questions clearly and effectively is crucial. However, automating large parts of the demo preparation up-front, means we avoid many of the common pitfalls all too common in vendor demos.

The kind of laid-back shortcut described in this post isn’t going to change the world, but the efficiency and improved customer experience it provides adds up. With the Tines SOAR platform, there is virtually no limit to the automation possibilities available. The Action-Event integration architecture provides a consistent integration experience regardless of the target system. This is increasingly important as security teams automate interaction with non-traditional security tools.

*Please note we recently updated our terminology. Our "agents" are now known as "Actions," but some visuals might not reflect this.*

security teams

Get started