Skip to content
    Back to Security Operations (SecOps)
    Security Operations (SecOps)StartupNo-Code SecOps

    Tines

    No-code security automation platform replacing legacy SOAR workflows

    Mkt Cap / ValPrivate $1B+
    RevenueEst. $60M ARR
    Growth+110% YoY
    Dec 2025: Series C $50M; expanded no-code SOAR with AI action suggestions
    Tines brings a refreshingly clean, no-code approach to security automation that eliminates the playbook maintenance burden that kills SOAR adoption — security analysts love it because they can build and own their own automations without needing a SOAR engineer.
    Analyst take · Competitive edge

    SWOT Analysis

    Strengths
    • No-code story builder designed for security analysts, not developers — highest organic adoption in SOAR
    • API-first architecture: any security tool with an API can be integrated without pre-built connectors
    • Used by high-trust organizations (Coinbase, Canva, Databricks) for mission-critical security workflows
    • $1B+ valuation with strong enterprise customer references validating product-market fit
    • Human-in-the-loop design for security approvals — escalation paths are built-in, not bolted-on
    Opportunities
    • SOAR market disruption: enterprises frustrated with XSOAR complexity looking for simpler alternatives
    • Security engineering teams: Tines as the automation platform for modern, code-adjacent security ops
    • IT operations expansion: security team success creating foothold for broader IT automation
    • AI security workflows: building GenAI-powered automated investigation and response stories
    Weaknesses
    • No built-in LLM reasoning engine — AI capabilities rely on connecting to external APIs
    • Playbook content library smaller than legacy SOAR platforms (XSOAR, Splunk SOAR)
    • Limited pre-built detection and alerting capabilities — Tines is automation, not detection
    • Sales motion is still primarily inbound and product-led — enterprise outbound scale still building
    Threats
    • Torq competing directly in the same no-code SOAR displacement market
    • Palo Alto XSOAR and Splunk SOAR improving no-code capabilities to reduce their switching losses
    • Microsoft Sentinel automation rules covering basic SOAR needs within M365-centric organizations
    • Chronicle SOAR (Google) and AWS Security Hub competing for cloud-native security teams

    User Sentiment

    Synthesized from G2, Gartner Peer Insights, and analyst review data.

    What users love
    • Story-based visual automation is the best UX in the security automation market
    • Security analysts can build and own their workflows without writing Python or relying on engineering
    • Any API integrates via HTTP action — complete flexibility without waiting for vendor connectors
    • High trust: teams automating critical workflows (incident response, access revocation) reliably
    • White-glove onboarding and customer success drives fast adoption
    Common complaints
    • No built-in AI reasoning — GenAI steps require external API configuration that analysts find technical
    • Pre-built content library is smaller than legacy alternatives — more initial building required
    • Complex branching logic in long stories is hard to debug
    • Licensing at enterprise scale can be expensive for high-volume automation

    Pricing & TCO

    Analyst-synthesized pricing signals — directional only, contact vendor for current terms.

    Module-BasedLow TCOPublic Pricing Free Trial / Tier

    Starting Price

    Free (5 live Stories); from $500/month (Team)

    Typical ACV (Mid-Enterprise)

    $30K–$200K for enterprise security automation

    Market Segments

    Mid-MarketEnterprise

    Deployment

    SaaS

    Key Cost Drivers

    • Number of live automation workflows (Stories) across security use cases
    • Monthly action run volume above plan limits
    • AI Story Builder usage in Enterprise tier

    Published price list is rare in security tooling — exceptional transparency.

    Full comparison

    Customer Profile

    Who buys this

    Typical segments

    Security Engineering Teams at Tech CompaniesOrganizations Replacing Legacy SOAR with Modern AutomationHigh-Compliance Companies Needing Auditable Security Workflows

    Typical buyer

    Head of Security Engineering, CISO, or Detection and Response Lead

    Top use cases
    1. 1Automated security incident response: triage, enrichment, and containment workflows
    2. 2Alert management: intelligent routing and prioritization of high-volume security alerts
    3. 3Security operations automation: vulnerability management, access reviews, and compliance reporting

    Future Focus Areas

    1

    Tines AI: native LLM reasoning for intelligent security decision-making within stories

    2

    Security content library: building a pre-built playbook library to match legacy SOAR platforms

    3

    IT and non-security automation: expanding platform scope to cross-functional enterprise workflows

    4

    Tines Platform API: third-party SIEM and XDR vendors embedding Tines automation in their products

    5

    Enterprise analytics: ROI measurement and automation effectiveness dashboards