Accelerating security response with Tines and AWS Security Hub

By: Ashok Mahajan, Sr. Partner Solutions Architect, Startups – AWS
By: Charlie Ardagh, Head of Partnerships – Tines

Tines

Modern security and operations teams face the critical challenge of having more security data than ever before, yet they struggle to respond effectively to security issues. This challenge stems from three main factors: alert volume overwhelming the manual process, fragmented visibility across multiple security tools, and the challenge that security risks emerge and evolve faster than teams can manually respond. Without orchestrated data flows and automated correlation, security analysts spend time on manual alert triage and context gathering, leaving little capacity for strategic risk detections or proactive defense, creating potential security gaps that need immediate attention.

According to the IDC 2025 Voice of Security report, nearly 60% of security teams have fewer than 10 members and 55% teams manage between 20–49 different tools. Organizations measure these understaffed teams on incident volume (34.9%), response time (33.2%), and detection speed (31.5%), creating a difficult performance balance in which evolving security risks demand immediate attention, but finite human capacity is constrained by manual processes.

To stay ahead of evolving threats, security and IT leaders must orchestrate and automate response at scale, both within Amazon Web Services (AWS) and across their security tools and services. The question isn’t whether organizations need better security tools, but whether they can afford to keep security professionals focused on repetitive workflows while security risks evolve rapidly.

Turning insights into action with AWS Security Hub and Tines

AWS Security Hub is a unified cloud security solution that prioritizes your critical security issues and helps you respond at scale to protect your environment. It detects critical issues by automatically correlating and enriching security signals from multiple sources, such as posture management (AWS Security Hub CSPM), vulnerability management (Amazon Inspector), sensitive data (Amazon Macie), and threat detection (Amazon GuardDuty).

Tines, an AWS Security Competency Partner, is an intelligent workflow platform trusted by the leading organizations. With Tines, organizations can operationalize AI, integrate their stack, and automate their security response, unlocking productivity and future-proofing how work gets done.

Together, AWS Security Hub and Tines give security operations teams the visibility, context, and speed they need to outpace security risks. Security Hub simplifies and unifies security operations through centralized enablement, transforming security signals into actionable insights through automated correlation and near real-time risk analytics. It provides comprehensive visibility across your AWS environment with crucial context, resource relationships, and potential impact analysis. Tines complements these capabilities with added context and orchestrates flexible, intuitive workflows that cover enrichment, escalation, and remediation. Workflows can be built and adapted by the whole team without heavy engineering effort.

With Tines, teams can:

• Enrich alerts with context from AWS and third-party solutions (e.g. CrowdStrike, Wiz, Zscaler, and more).
• Consolidate their findings into a single, actionable case view with a full audit trail.
• Trigger smarter, full-spectrum workflows that combine automated remediation, rule-based actions, and analyst oversight, all without heavy engineering lift.
• Route incidents to the right people in real time, balancing speed with control.

Together, AWS Security Hub and Tines transform security operations from reactive to proactive, helping security leaders prioritize critical issues, respond at scale, and stay ahead of evolving security risks.

Here’s one use case of AWS Security Hub and Tines together addressing an overly permissive Amazon Elastic Compute Cloud (Amazon EC2) security group:

1. Tines receives Security Hub findings through Amazon EventBridge.
2. Tines identifies who made the change by correlating AWS CloudTrail with a human resources (HR) database to identify the actor. Tines then updates the Security Hub finding status so analysts know this is already being triaged.
3. Tines workflow uses an AI agent action to summarize the details of the Security Hub finding and automatically create a Tines case for tracking this investigation.
4. If the user is known, reach out to them. Otherwise escalate to operations through email, Slack message, or case management assignment within Tines or platforms such as Jira or ServiceNow.
5. Initiate a chat with the end user who created the vulnerable resource to see if they have an approved security exception to do so.
6. If a valid exception is confirmed, the finding and case are closed. If not, the workflow can automatically remove the security group ingress rule and notify the appropriate manager. Actions like these are fully configurable based on an organization’s need, automation tolerance, and governance policies.
7. Tines records the full investigation results and automatically resolves the case when remediation is successful or escalates to human analysts for complex scenarios requiring additional review.

Figure 1: Solution workflow

A real-world example

Jarix started out as a security team within Eron International, a global fintech technology platform supporting payment processors and other regulated financial institutions, where they managed a large AWS environment that receives thousands of alerts every day. They quickly realized that there was an opportunity to expand on this expertise and to deliver cybersecurity as a service to other businesses, and they turned to Tines to help scale. Leveraging AWS Security Hub, Tines, and AI-driven enrichment, Jarix built an automation layer that now serves as the backbone of its managed security services. This framework allowed Jarix to expand from securing Eron International to delivering scalable, AI-enhanced security operations for fintech and payment companies across the region. With reusable workflows and intelligent triage, Jarix helps organizations strengthen their security posture, reduce operational overhead, and gain access to advanced detection and response capabilities – without requiring large, specialized security teams.

According to José Huenumán, Jarix CEO and co-founder, “Before Tines, a single security alert could take 20–30 minutes to investigate and resolve. With Tines, that same process happens automatically in seconds.”

Using multiple orchestrated workflows integrated with AWS Security Hub and other AWS services such as Amazon GuardDuty and Amazon Inspector, Jarix has transformed its entire approach to security operations. One workflow triages security alerts, enriches them with context, and sends summarized results to Slack. Another automatically reviews AWS Identity and Access Management (IAM) policies to detect sensitive permissions, and others manage user access, compliance checks, and device control. The outcome is faster remediation, fewer false positives, and significant time savings that free analysts to focus on strategic work.

“With AWS and Tines,” Huenumán says, “we gave our analysts a way to breathe again—turning hours of manual work into seconds and creating a scalable model we now deliver to our customers.”

Looking ahead, Jarix continues to push the boundaries of what’s possible with AWS and Tines. The team is experimenting with AI-powered validation agents using Model Context Protocol (MCP) to automatically gather additional context from complementary security systems, such as Cloudflare WAF. This approach helps validate findings across multiple layers of their environment and further reduce false positives before they reach analysts—extending the value of AWS Security Hub and Tines orchestration to deliver more accurate, intelligent workflows across their entire security stack.

Delivering stronger outcomes, together

Tines connects AWS Security Hub to your entire security and IT systems to enrich alerts with the data needed to orchestrate and automate resolution. Tines helps customers resolve security risks faster and consistently. Tines has developed pre-built workflows for AWS Security Hub and many other AWS services. These workflows act as a starting point, making it easier for teams to get up and running fast.

Together, AWS Security Hub and Tines deliver:

• Faster deployments with ready-to-use workflow templates
• Seamless collaboration across AWS and other tools
• Flexibility for both engineers and analysts to collaborate with or without code
• Scalability to keep pace with evolving security risks and business demands

By combining AWS Security Hub centralized visibility with the orchestration power of Tines, customers can strengthen their security posture without adding headcount or complexity.

The path to proactive security

The threats security teams face aren’t slowing down and neither can the workflows that defend against them. By combining AWS Security Hub unparalleled security visibility with the orchestration power of Tines, organizations can transform how they operate, moving from reacting to alerts to running proactive, intelligent workflows with confidence.

The result is more than merely faster response times. It’s sustainable resilience where teams have the power to outpace security risks and protect their most valuable assets. Tines is a AWS Security Competency and DevOps Competency partner and is available in AWS Marketplace.

Learn more about Tines and AWS Security Hub.

Tines – AWS Partner Spotlight

Tines is an AWS Advanced Technology Partner and AWS Competency Partner that provides intelligent workflow platform to help security and IT teams turn AWS signals into reliable, end-to-end action.

Contact Tines | Partner Overview | AWS Marketplace