About Intezer
Intezer is an AI SOC platform that automates alert triage, investigation, and correlation across various security detection tools. Intezer can autonomously respond to alerts or escalate and provide response recommendations.
Executive summary
Intezer needed to scale their service delivery beyond automated threat investigation. Their solution engineering and customer success teams relied on development resources to build custom post-investigation workflows for customers, which created bottlenecks that limited their ability to deliver tailored notifications and response capabilities. Intezer selected Tines for the intuitive interface and workflow-building experience, enabling their entire team to build and deploy custom workflows independently. As a result, Intezer can now say yes to more customer requests and impact was felt immediately.
The challenge
Intezer’s solution engineering and customer success teams needed to extend their AI SOC platform’s capabilities beyond automated investigations. Their customers required custom post-investigation workflows, such as custom notifications or specific response capabilities, which are not native to Intezer’s platform.
Intezer’s Senior Director of Solutions Engineering Shaul Holtzman shared, “We wanted to expand what we can offer to our customers to provide more value and become more integral in their day-to-day processes. Offering automatic and custom notifications and additional response capabilities really completes that cycle.”
Why Tines
Intezer also evaluated BlinkOps before selecting Tines for the platform’s intuitive UI and workflow building experience. During the POC, Intezer’s team was able to quickly build and deploy their custom workflows in Tines.
Additionally, Tines’ professional services team was instrumental in supporting Intezer during the POC and after becoming a Tines customer. Shaul shared “It was excellent, they were really a group of professionals. If there was any issue, they were able to help and mitigate it. Our experience with Tines’ professional services team was above expectation.”
The Impact
Prior to Tines, Intezer could only build a limited number of custom workflows for their customers because each one required development team resources. With Tines, their solutions engineering and customer success teams can build custom workflows for customers, freeing the development team to focus exclusively on enhancing the Intezer platform.
The impact of Tines was immediate. The moment we had Tines, we were able to say yes to many more questions and requests from customers.
Shaul Holtzman, Senior Director of Solutions Engineering, Intezer
Top workflows
Phishing attack response
The first workflow they built in Tines was phishing attack response. When the Intezer platform flags a phishing threat, this workflow instantly blocks malicious URLs and email senders.
Microsoft Teams bot
This workflow automatically triggers when feedback from a user is required and sends them a message in Microsoft Teams. As Shaul explains, “if there was an alert triggered on the user because they logged in from an unknown or unusual location, then as part of our investigation using Tines, we were able to message the user and ask them if they recognize the behavior. Their feedback is accepted through the bot and our original classification is updated."
Post-investigation workflows
Intezer leverages Tines to build customer-specific post-investigation workflows that adapt to each environment. While every deployment is unique, common workflows include tailored alert notifications and response actions that integrate with the customer’s existing security stack.
Favorite feature
Shaul’s favorite feature is Pages, which are web pages powered by Tines workflows that end users can provide input to or view output from. Previously, when Intezer needed information from a user to trigger an investigation or response, someone on the team had to manually collect it and execute the workflow. With Pages, they have been able to migrate this process to be fully user driven. Users will submit the required information via a Page and then the API call is kicked off automatically.
Tines support
Intezer has had an extremely positive experience working with Tines’ customer success and support teams, and they have drawn ideas on how to improve their own support processes.
“It's really been one of the highlights of the relationship with Tines,” Shaul shared “It even inspired our own support team on how they can be more like Tines.”
What’s next
Intezer plans to continue extending the value of their platform with additional custom workflows for customers. To accelerate development, Shaul is also exploring Story copilot—Tines' AI-powered chat interface for the storyboard that helps users understand, build, and maintain stories more efficiently.