Rackspace Deploys RiskIQ PassiveTotal to Accelerate Investigation
August 2017 by Marc Jacob
RiskIQ announced that Rackspace has deployed RiskIQ PassiveTotal, a threat intelligence and investigation tool, to improve its ability to find, analyse, preempt, and respond to threats beyond the firewall. With PassiveTotal, Rackspace realised improvement in its mean time to respond (MTTR) on digital security issues, gained enhanced intelligence on external threats, and was able to more proactively monitor for domain and brand infringement. As a result, Rackspace extended cyber defences for the company’s and its customers’ brands and hosted infrastructure.
Rackspace, a recognised leader in managed cloud services with customers in 150 countries, helps businesses tap the power of cloud computing without the complexity and cost of managing it themselves. Rackspace engineers deliver specialised expertise, easy-to-use tools, and Fanatical Support® for leading technologies, including AWS, Google, Microsoft, OpenStack, and VMware.
Like many other global enterprises and service providers, the company found it cumbersome and inefficient to obtain and utilise different sources of internet data sets, such as WHOIS, Passive DNS, IP blacklists, and SSL certificates, in response to researching exploits and possible hacking threats. Also, the company wanted to further enable safeguards to identify and assess domain infringement and brand abuse. It required threat intelligence that enhanced security staff capacity and could integrate with its existing security systems. Lastly, it wanted to provide its leadership with relevant insight on potential exposures, adversaries, and threat mitigation.
“Finding, analysing, and responding to threats is a top priority, but it is challenging when the tasks are more manual. This consumes too many resources and may give threat actors more time to do potential harm,” said Gary Ruiz, Rackspace’s senior manager for cybersecurity. “With PassiveTotal, we can detect, verify, and respond to threats automatically, greatly lessening our time to respond to and mitigate issues. As a result, we can minimise or eliminate possible access to employee and customer information, while also defending Rackspace’s and our clients’ brands and domains from infringement through constant monitoring.”
Rackspace turned to RiskIQ PassiveTotal, which enabled it to centralise and consolidate tools and internet data sets, expedite investigations, and advance its security program to fortify external threat defenses. Because PassiveTotal collects, correlates, classifies, and monitors extensive internet data including exploits, attackers, and their infrastructure, Rackspace could more quickly understand and assess possible exposures, pertinent threat actors, and how they operate.
The solution’s intuitive web app interface provides correlated data pivoting, project collaboration, and active monitoring. Based on observed indicators of compromise (IOCs), like new domains and IPs, PassiveTotal facilitated Rackspace’s means to deploy preventative measures, as well as to identify other environments that might be susceptible to attack, thus helping to prevent future incidents. Also, PassiveTotal enables Rackspace’s security team to inform its upper management about pertinent exploits, corrective actions, and other companies that may want to collaborate.
Given its success with PassiveTotal, Rackspace plans to further leverage the platform’s API to automate data analysis and enrich context within its own applications, and anticipates expanding the use of RiskIQ’s product line.