Managed cloud provider uses Symantec Security Analytics

Read the Case Study


With its growth and success, Rackspace, a leading managed cloud company, is increasingly dependent on the reliable performance of its internal networks and must avoid downtime or data loss due to breaches. But the costs and time frames of incident response (IR) were on the rise. With Symantec, Rackspace has cut IR time frames and costs significantly while improving customer service.

The Challenge

Taking a proactive approach to IR

The traditional model of IR simply wasn’t working for Rackspace. Existing IR processes were inefficient and inconsistent; network visibility was limited; and it was impossible to understand the full context of events triggered by its intrusion detection system and FireEye sandbox. “We were fighting the same battles every day,” said Gary Ruiz, cyber security team lead at Rackspace. “We were in passive mode, responding to incidents that occurred with very rudimentary forensic intelligence.” What Rackspace needed was a proactive IR approach.

The Solution

Symantec Security Analytics 10G appliances and virtual appliances

A longstanding Symantec customer, Rackspace deployed a full-packet capture solution featuring Symantec™ Security Analytics physical and virtual appliances. Now deployed in 12 Rackspace facilities worldwide, the 10G appliances and virtual appliances capture, index, and classify all network traffic in real time–including full-packet header and payload–and also provide rapid analysis to support all IR activities.


  • Slashed IR time frames from hours to minutes
  • Gained actionable insights into all network traffic, including Tor traffic
  • Improved customer service and satisfaction levels

Related Products