Managed Cloud Provider Rackspace Leverages Splunk to Help Power Its Decision Analytics Engine

Rackspace, a managed cloud provider delivering its services globally, is now leveraging Splunk Enterprise and Splunk Enterprise Security (Splunk ES) as the foundation for the company’s decision analytics engine. Rackspace utilizes Splunk solutions across security, compliance, DevOps, business intelligence, application management and IT operations.

splunk cloud analyticsAs a managed cloud provider, there are more than 10 areas of PCI security standards Rackspace must comply with to help ensure its internal infrastructure can host sensitive customer data. Rackspace selected the Splunk App for PCI Compliance for Splunk Enterprise over competitors and legacy solutions for the PCI compliance initiative because of the solution’s ability to scale, retain historical data and perform ad-hoc forensic searches.

Rackspace analysts can now detect and respond to anomalous threat activity and recommend remediation steps in near real-time. Splunk collaborated with Kinney Group throughout the project for on-the-ground deployment and support services.

3 Terabytes of EData

Rackspace ingests nearly three terabytes of data per day into Splunk software to create meaningful visualizations, to diagnose anomalous activity, and to remediate issues across all business processes.

As a result, Rackspace’s security and compliance teams are projected to improve the speed of security event, accelerate investigation of high-priority security incidents and decrease the overall financial impact of security outages. Through automation of these processes, Rackspace security analysts would get valuable time back to focus on establishing proactive security strategies. 

“With Splunk ES, our IT team can gain visibility across thousands of endpoints continuously – including servers, network devices, security scans and threat feeds – enabling faster threat detection and resolution for our customers,” said Dave Neuman, vice president and chief information security officer (CISO), Rackspace. “Our Splunk adoption began at the grassroots level, with small network teams running log analysis and application management to streamline IT troubleshooting and operations. Once our leadership realized the full potential of Splunk, we broadly deployed Splunk ES to help ensure the success of a major PCI compliance initiative.”

Moving forward, Rackspace will rely on the Splunk Machine Learning Toolkit to operationalize machine learning across IT, security and business operations throughout the company’s automated business processes.

“Organizations rely on Splunk ES to be their security nerve center, giving security analysts the ability to rapidly and automatically coordinate a security response once a threat is detected,” said Haiyan Song, senior vice president of security markets, Splunk. “This automation improves the overall security and compliance posture for customers and end-users, which is a paramount necessity as hackers continue to up their game. At the heart of Rackspace’s PCI project was the desire to maintain compliance and improve operations. The project enabled broader Splunk adoption, extending the deployment beyond small IT or security teams and into a company-wide initiative, effectively extending a stronger security posture to its customers.”