The Situation
In 2016, the AbuseOps Team from DigitalOcean was processing and escalating all abuse cases manually and needed to find a more efficient way to process and escalate abuse complaints.
If the number of incidents coming out of their network was not mitigated in a timely manner it could impact their customers, and risk their performance.
The challenge in effectively managing remediation led DigitalOcean to create a complex process which in turn led to increased hiring to handle the workload.
The Challenge
The challenge is that a report or email may come in with one complaint or hundreds. An analyst needs to be assigned and conduct a series of actions for each event.
After being assigned, the analyst must parse the report for each event, conduct a lookup in another system to determine if each IP or link is in their network, create a case if it belongs to them, notify the customer, and track the outcomes if needed.
Each report can take anywhere from a few minutes to hours depending on the size. This is in addition to the need for notifying customers and tracking the outcomes.
The Solution
Automating Processes
DigitalOcean started looking for a solution that allowed their abuse team to focus on the most important tasks. After a trial, DigitalOcean chose AbuseHQ, as the automation processes took care of all the mundane, repetitive work.
Mike White, Legal Ops said: “AbuseHQ removed a huge manual burden from our team. It reduced most of the noise coming into our abuse inbox, and helped us prioritize the important alerts without a human needing to review every complaint.”
Customized playbooks (a series of predefined steps based on set conditions) are utilized to notify, handle, and track each case outcome through automation.
Through the playbooks, they were able to handle different abuse types including Bruteforce, Intellectual Property, Malware, Phishing, Spam, and many other types through improved procedures and automation.
Will Lefevers, SOC Director at DigitalOcean added that “With AbuseHQ we simply get stuff done much faster.”
The Results
Increased efficiency with AbuseHQ
After using AbsueHQ for almost 4 years, DigitalOcean is currently minimizing the workload on the team with the incoming reporters automated and automatically parsing and acting upon incoming complaints.
This increase in efficacy has allowed DigitalOcean to take a proactive approach to protect their customers. AbuseHQ has enabled them to ingest large reports from 3rd party reporters, such as Shadowserver, and automate the processing and customer notification of those reports.
One benefit of this is the ability to proactively notify customers of vulnerabilities in their systems before they are discovered and exploited by others.
Will Lefevers explained that in 2020 a big focus was to continue to hone the efficiency they are receiving by using AbuseHQ. That is why they’re also rolling out a new API that enables them to query even faster.
The teams are constantly improving their inbound processes and playbooks within AbuseHQ to get the most out of the solution. Everybody on the team is now aware of AbuseHQ’s capabilities, which has also improved internal communication between the different teams using the solution.
Streamlined Processes
As AbuseHQ can be fully customized, DigitalOcean and the Abusix engineering team are working closely together to streamline the workflow more and more.
He found it encouraging to see all the events that come in classified and action taken on the abusers or infected systems.
Improved communication and reputation
DigitalOcean is also receiving more and more positive feedback from reporters and customers. “Without AbuseHQ, we would actually not be able to work with all the new reporters, simply because we didn’t have the capacity to do so,” added Mike White, Legal Ops at DigitalOcean.