Case study

How Sophos is using Tines to keep its employees and data around the world safe


  • Security software and hardware company
  • Helps secure networks used by 100 million
  • More than 3,000 employees

“Thanks to Tines, the first time an analyst looks at the case, they already have all the information they need.”

About Sophos 

Sophos has been producing antivirus and encryption products for 35 years. Today, its products help secure networks used by 100 million people in 150 countries, protecting more than 400,000 organizations of all sizes. Based in Abingdon, UK, the company employs more than 3,000 people around the world.


The internal security team at Sophos uses a wide range of products to deliver a comprehensive service that keeps the company and its employees safe from cybersecurity threats. Making all of these products work together can be a huge task in such a large organization. This means they needed a way of simplifying the creation of complex workflows that orchestrate between many products.

Why Tines? 

Sophos’ Tom Sage explains how the company makes use of Tines to keep its employees and data around the world safe.

"Phishing can be a serious threat to a company’s security, and protecting against these attacks is just one way we use Tines. When a user reports a suspicious email, Tines extracts data from the messages, such as URLs and file attachments. It then passes them to a number of scanning tools such as antivirus software and sandboxing tools that automatically test links and files to determine what they do.

"Tines then takes the results of these tests and adds them to our ticketing system for a security analyst to pick up. Thanks to Tines, the first time an analyst looks at the case, they already have all the information they need to decide what action to take.

"This workflow saves around 50% of an analysts’ time working on each case. But it’s not just about time. Through using Tines, we eliminate the human error that can creep into manual processes, giving us valuable consistency to our security testing."

Tom Sage

Senior Security Engineer, Sophos

"Tines’ component-based approach is a major part of its appeal to us. It means we don’t have to reinvent the wheel every time to want to automate something new. Components we’ve already built can be put to use in new contexts multiple times with no additional effort.

"In all, we’ve automated more than 20 use cases in Tines. These include push notifications that check with users that they created an account. For example, if a user account goes from ‘disabled’ to ‘enabled’ we can automatically prompt the user to confirm they authorized this. And we use Tines to correlate company admin accounts to email accounts to provide two-factor authentication prompts to the right users at the right time.

"We also have workflows that correlate data from different services to alert us when a user is added to a privileged group that gives them lots of rights on the network, or when a new host is discovered on the perimeter of the network.

"And if there’s something we can’t do in Tines, their responsive, helpful support team is there to quickly set us on the right path. That’s not something we could say about the previous automation product we used!

"We’ve found the team there to be really helpful with both sales and support."

Tom Sage

Senior Security Engineer, Sophos

"And it’s a really good product to use. You can get things done really quickly. We could achieve similar results by writing manual code, but it would take a very long time."‍

More case studies

Built by you, powered by Tines

Talk to one of our experts to learn the unique ways your business can leverage Tines.