Rackspace Deploys Threat Intelligence and Investigation Tool, RiskIQ PassiveTotal

Managed cloud hosting services company Rackspace has deployed RiskIQ PassiveTotal, a threat intelligence and investigation tool, to improve its ability to find, analyze, preempt, and respond to threats beyond the firewall.

Rackspace found it cumbersome and inefficient to obtain and utilize different sources of Internet data sets, such as WHOIS, Passive DNS, IP blacklists, and SSL certificates, in response to researching exploits and possible hacking threats. Also, the company wanted to further enable safeguards to identify and assess domain infringement and brand abuse. It required threat intelligence that enhanced security staff capacity and could integrate with its existing security systems. Lastly, Rackspace wanted to provide its leadership with relevant insight on potential exposures, adversaries, and threat mitigation.

cloud securityWith RiskIQ PassiveTotal, Rackspace realized improvement in its mean time to respond (MTTR) on digital security issues, gained enhanced intelligence on external threats, and was able to more proactively monitor for domain and brand infringement. As a result, Rackspace extended cyber defenses for the company’s and its customers’ brands and hosted infrastructure.

“Finding, analyzing, and responding to threats is a top priority, but it is challenging when the tasks are more manual. This consumes too many resources and may give threat actors more time to do potential harm,” said Gary Ruiz, Rackspace’s senior manager for cybersecurity. “With PassiveTotal, we can detect, verify, and respond to threats automatically, greatly lessening our time to respond to and mitigate issues. As a result, we can minimize or eliminate possible access to employee and customer information, while also defending Rackspace’s and our clients’ brands and domains from infringement through constant monitoring.”

RiskIQ PassiveTotal’s intuitive web app interface provides correlated data pivoting, project collaboration, and active monitoring. Based on observed indicators of compromise (IOCs), like new domains and IPs, RiskIQ PassiveTotal facilitated Rackspace’s means to deploy preventative measures, as well as to identify other environments that might be susceptible to attack, thus helping to prevent future incidents. Also, PassiveTotal would enable Rackspace’s security team to inform its upper management about pertinent exploits, corrective actions, and other companies that may want to collaborate.

Given its success with PassiveTotal, Rackspace plans to further leverage the platform’s API to automate data analysis and enrich context within its own applications, and anticipates expanding the use of RiskIQ’s product line.