With its growth and success, Rackspace, a leading managed cloud company, is increasingly dependent on the reliable performance of its internal networks and must avoid downtime or data loss due to breaches. But the costs and time frames of incident response (IR) were on the rise. With Symantec, Rackspace has cut IR time frames and costs significantly while improving customer service.
Taking a proactive approach to IR
The traditional model of IR simply wasn’t working for Rackspace. Existing IR processes were inefficient and inconsistent; network visibility was limited; and it was impossible to understand the full context of events triggered by its intrusion detection system and FireEye sandbox. “We were fighting the same battles every day,” said Gary Ruiz, cyber security team lead at Rackspace. “We were in passive mode, responding to incidents that occurred with very rudimentary forensic intelligence.” What Rackspace needed was a proactive IR approach.
"We will continue to turn to Symantec for leading-edge cyber security solutions because Symantec has consistently kept us a step ahead in this ongoing arms race."
"With the Security Analytics appliances we get the insight we need to understand the context of events, so we can contain a breach and remediate immediately."
Symantec Security Analytics 10G appliances and virtual appliances
A longstanding Symantec customer, Rackspace deployed a full-packet capture solution featuring Symantec™ Security Analytics physical and virtual appliances. Now deployed in 12 Rackspace facilities worldwide, the 10G appliances and virtual appliances capture, index, and classify all network traffic in real time–including full-packet header and payload–and also provide rapid analysis to support all IR activities.
- Slashed IR time frames from hours to minutes
- Gained actionable insights into all network traffic, including Tor traffic
- Improved customer service and satisfaction levels