Customer Story

Transforming ExpressVPN’s business processes with automations

Investing in the right tools for my team is paramount for me. Workato is at the cutting edge of its field, and enables us to get things done quicker, solve more interesting problems, and go on to deliver greater value.

Patrick Kittle

Patrick Kittle

Head of IT


  • Scaling business processes to match the company’s growth
  • Spending too much time investigating false positives in security alerts

Founded in 2009 by two friends and technology entrepreneurs (Peter and Dan), ExpressVPN was launched to build a safer, better digital world. The company has been a leader in privacy and security technology since its founding, and is driven by the mission to make the internet more secure and accessible for all.

Today, ExpressVPN is one of the largest providers of VPN services, with millions of users in 180+ countries. Closer to home, the company constantly strives to improve their internal business processes in order to provide better services to their users, and also to enable their employees who are distributed around 20+ cities around the world to work more efficiently.

Meet Patrick Kittle, Head of IT at ExpressVPN. He is responsible for the management of the systems and apps that the company uses, as well as the internal processes that empower the company to collaborate efficiently and deliver a world-class product to their users.

With ExpressVPN rapidly growing, there has been a big push for IT to automate as many workflows as possible to enhance employee experience, gain better visibility over their security processes and free up time to focus on more value-adding activities.

ExpressVPN uses the Splunk platform to monitor for potential security alerts. Each time an alert is picked up by Splunk, the security team manually logs onto the platform to check on the alert. While this process worked at the beginning, the IT team gradually found that there was no way to differentiate if the alert was a real security breach or simply a false positive. Over time, the team was spending hours investigating false positives, and had less time to focus on investigating real security issues.

Data security is of utmost priority for the ExpressVPN team. With the company scaling rapidly and shifting their focus to automation, they needed to streamline their security breach management process, all while keeping up with the speed of the company’s growth.

ExpressVPN’s IT team needed a solution that was quick to implement, easy to maintain, resilient and scalable.


  • Automated security breach alerts to eliminate false positives

ExpressVPN’s IT team integrated Splunk, OKTA, and Workbot for Slack, to monitor for potential security breaches.

When an alert is picked up by Splunk on the backend, Workbot for Slack routes the alert to the relevant employees implied in the log. The employee is prompted to respond with a “Yes” or “No” via Slack, to indicate if they made the change in data.

With this verification step in place, the security team is now able to determine whether they should investigate an alert. As a result, the IT team is able to easily remove false positives and focus their time on more critical work, such as investigating real issues.


  • More time to focus on high value work
  • Faster time to go live with integrations
  • Go live with new use cases every 2 weeks

Now, there is enhanced security and faster reaction time when incidents occur. ExpressVPN’s IT team has greater visibility of incidents across the organization, and the ability to act on incidents anytime, anywhere (including via mobile), through Workbot for Slack.

With one of the widest VPN server coverage in the industry, the company manages a fleet of servers in 94 countries to ensure users have a wide range of server choices, adequate bandwidth, and good speed. As the company scales, ExpressVPN has plans to extend the use of Workato across the organization starting with other IT teams, but also extending beyond IT.

To ensure that their processes, cycles and communication channels are standardized across all countries and vendors, ExpressVPN plans to explore leveraging Workato to orchestrate the synchronization of information across all avenues.

ExpressVPN’s ultimate goal is to provide the best service quality to their users. With Workato to help eliminate errors and enable faster reaction time, the team is now able to tackle more complex tasks that deliver a better experience to their users.

Related Solutions & Content

Let’s start automating

Schedule a Demo