About Jamf
Jamf provides management and security solutions for the Apple environment. With Jamf, IT and security teams can manage and protect devices, data, and applications without detracting from the Apple experience. Jamf manages and secures more than 31 million devices, for companies like Salesforce and National Geographic.
Executive summary
Jamf’s SecOps and IT teams use Tines to eliminate development bottlenecks, reporting a 20x increase in workflow development speed, greater levels of innovation, and improved cross-functional collaboration. Their Tines workflows power use cases including threat intelligence and distributed alerting to enhance Jamf’s end-user experience.
The challenge
Jamf’s SecOps and IT teams include several developers who used Python web applications to create automated workflows before Tines. These workflows added value, but development was slow – each one took about a week to build, and only those with Python experience could build them.
On top of that, only that subset of engineers could manage those workflows.
This created a blocker to innovation - the team had a long backlog of workflows they wanted to automate, but not enough time to automate them.
Meanwhile, SOC analysts and IT engineers were spending time on manual tasks that took their focus away from more impactful work.
Why Tines
Senior Security Manager Dino Minutolo spotted Tines at an event and was intrigued by the platform. He asked Senior Information Security Engineer Andrew Katz, who recently joined Jamf, to take a look.
“I checked out Tines and just started building really awesome things really fast,” Andrew says. “I think that was the eye-opening moment for me with Tines. I was impressed by how fast it was to drag and drop actions and configure them. It was significantly faster than writing the same thing in Python. That speed was the biggest thing for me.”
Tines gained traction at Jamf and use expanded beyond SecOps to the IT team, where IT Automation Engineers Phinehas Bynum and Jeff Munoz were able to build stories that saved over 150 person-hours in the first month of using the platform and created workflows that would be infeasible to perform by hand.
The impact for both teams was instant - with Tines, they could build workflows in hours, not days, and the platform’s usability allowed an additional 20+ team members to start building.
Andrew was also thrilled with his interactions with the Tines team. “From the support team that fields the basic tickets to Troy and Brett on the Customer Success Team, everyone has been just amazing. I can't say enough good things about them.”
The impact
Increased development speed
When they started using Tines, Jamf quickly reduced their average workflow build time from one week to just one or two hours.
Reclaimed SOC analyst time
Jamf’s workflows created time savings that allow SOC analysts to focus on the work that matters most.
“The biggest impact that we've seen is for our SOC,” Andrew tells us. “90% of the alerts are handled end-to-end by Tines. Before Tines, our SOC analysts would manually communicate with end users to verify activity in an alert. Now they can work on more impactful and interesting stuff.”
Reduced barriers to entry
Non-coding team members were able to pick up Tines incredibly quickly, due to the simplicity of the platform, Andrew explains.
“One big thing that I didn't even know was missing, was having visual cues when you’re building. When you’re building in Tines, you’re seeing how the automation runs in real-time with the full workflow visualization that includes the events by action and the output of each directly in the UI. You can also search across all that data. That really makes a huge difference.”
Fewer obstacles to innovation
Before they started using Tines, the team at Jamf had a strong culture of automation. But too many ideas were left unactioned.
“There was never a really easy, intuitive platform to rapidly create proof of concepts, so a lot of extremely good ideas would not be capitalized upon,” Andrew says. “With Tines, every day there’s some new idea that we want to try. Like anything, most ideas are not that good, but there's always a few that stick around and turn out to be really valuable for our team.”
Andrew adds that many of the team’s good ideas now come about organically through building in Tines.
I haven't seen many other products that allow you to be so creative and think about problems in out-of-the-box ways.
Andrew Katz, Senior Information Security Engineer, Jamf
Enhanced culture of automation
In just over a year, Tines has become an essential ingredient in security and IT operations at Jamf. The SecOps team presents their Tines stories at All Hands, and the wider team shares works in progress in a weekly IT automation meeting.
“When I joined the company, I started sharing what I was doing with Tines, and it was an instant hit,” Andrew says. “And now the whole IT automation meeting is all about what we're building in Tines.”
Cross-functional collaboration
Showcasing their Tines workflows in weekly meetings has the added benefit of fueling cross-functional collaboration. “I would say our collaboration has never been better,” Andrew says.
I feel really comfortable building in Tines. It's very, very rare that I encounter something that I can't build completely within the platform.
Andrew Katz, Senior Information Security Engineer, Jamf
Top workflows
Andrew’s team uses Tines workflows to improve their security posture by increasing situational awareness, enhancing the user experience for Jamf’s end users, and promoting a culture of security across the organization.
Threat intelligence
The team’s automated threat intelligence workflow integrates with their SIEM, improving security for Jamf’s end users. Within a month, it had ingested over 150,000 unique indicators of compromise.
It's like having a team of threat analysts just constantly searching 24 hours a day for 100,000 different things all at the same time.
Andrew Katz, Senior Information Security Engineer, Jamf
Distributed alerting
One of Andrew’s favorite workflows uses distributed alerting to save SOC analysts time. Users receive an automatic message asking them to verify a recent activity, reducing the need for analysts to manually communicate with users.
Responsive phishing reporting
Before Tines, end users would report suspicious emails to Jamf’s email security platform and never receive any feedback. “It was like sending it into a black box, basically,” Andrew says. “With Tines, we set up a workflow that integrated with our email security platform to inform end users whether the email they reported was clean, spam, or threat. It sends end users a Slack message within five minutes of reporting it. We got a lot of really good feedback about that one.”
Alert enrichment
Before Tines, the SecOps team had access to standard information about alerts, without additional context and correlation from other tools. “Now, with Tines, we're taking all of the IP addresses, hash values, user names, and other information from our alerts, and we're looking up that information in other security platforms like VirusTotal, and adding those back into the alerts,” Andrew explains. “It gives us more situational awareness.”
Phinehas and Jeff also highlighted a couple of workflows from the IT team:
Employee alert notifications
This Tines story receives a feed of all office “badge-in” events, and creates groups in Jamf’s emergency notification tool. “In the event of an emergency, alerts can be sent to an up-to-date list of employees working in any of our offices around the globe,” Jeff says.
On-demand FileVault key recovery
Before this workflow, folks who were locked out of their Macs would work directly with IT support to gain access to their recovery keys. Phinehas explains, “Using Tines, we can intake a request, validate a user’s identity, lookup their FileVault key via API, securely deliver that key, and finally rotate their key via Jamf Pro, all with an automated audit trail. This allows us to improve user experience, save time, and uphold security in the process.”
What’s next?
The teams at Jamf have big plans for 2024, including extending their use of Tines beyond the SecOps and IT teams. Next up, Product Security.
We’re going to keep building and expanding and enabling more teams to do the same.
Andrew Katz, Senior Information Security Engineer, Jamf
