Network abuse is escalating daily, with service provider security battling a 125% increase in Distributed Denial of Service (DDoS) attacks and a 26% increase in web application attacks. As abuse increases, so too does the flood of reports that network abuse teams have to handle on a daily basis. The result is that many abuse teams only get through a quarter of their daily reports and many serious threats go undetected and unmanaged, leading to higher levels of network damage.
Network abuse drains time and revenue from service providers, as they have to maintain active abuse teams to ensure their systems aren’t compromised. To address this, companies like Abusix have designed a specialist product, AbuseHQ, in response to M3AAWG Abuse Desk Common Practices and M3AAWG/i2 Coalition Anti-Abuse Common Practices for Hosting Cloud Service Providers.
AbuseHQ enhances service provider security in a number of key ways:
Providing Real-Time Visibility, Detection, And Response
Abusix has accumulated the knowledge of over 25 years of abuse management experience and provides real-time visibility, detection, and response capabilities to security and abuse teams around the globe. AbuseHQ is able to process reports from over 3000 reporters during an average week.
Reporters include FBLs from AOL, Comcast, Microsoft, and many others, as well as copyright, trademark and DMCA reports, CC-IRC (Canadian Government), child exploitation, malware, blocklist reports, Shadowserver, and many more.
AbuseHQ ingests four types of input:
- Messages
- Messages with embedded multi-line reports
- Messages with attached reports (excel, csv, txt, and other delimiters available)
- Internal or 3rd party abuse reports, abuse or edge system portal data, and edge system logs
See also: Introducing The New AbuseHQ Top Twelve Features To Look Out For
Organizing And Managing Incident Reports
Instead of dealing with a constant flow of abuse reports streaming in, AbuseHQ can place a well-attributed case into your ticketing system triggered by a transition. Then either a webhook or email integration with our ticketing system can push the information upstream. As a result, your team ends up with fewer tickets, clearer tickets, and improved actionability.
Functionality features that improve managing abuse reports include:
- All network abuse statuses are presented in real-time, filtered by various time periods.
- Network reporting and customer search functionality automatically correlates and clusters events with real-time filtering and sorting.
- Your abuse team can view the network using 11 parameters, 14 filters, and hundreds of other one-click sub-filters.
- It is also possible to view an individual customer’s IP resource usage and 31 different types of abuse event details in real-time
- A mailbox feature also provides an overall view of all messages and reports that AbuseHQ has received.
Classifying Events And Providing Insights
The biggest challenge abuse desks face is their huge report load, which makes it almost impossible to differentiate between high-priority reports and trivial abuse. Ticketing systems that deal with cases on a one-to-one-bases don’t provide the aggregation and clarity needed for the abuse team to determine whether one abuse event is responsible for the majority of the reports.
AbuseHQ solves this by automatically classifying over 30 events, thereby helping the network abuse team understand the severity of any given abuse event. The Abusix engine does this by performing continuous, integrated abuse and threat processing, both in real-time and retrospectively, so the team can gain insights buried deep inside their network’s abuse data.
Identifying Customers Creating Abuse
AbuseHQ is preconfigured with the event IP address to be the default Customer ID, regardless of whether the report is an IP address or domain report. In the case of a domain report, the system will automatically look up the IP address corresponding to the hosted domain. AbuseHQ is then able to create event reports by filtering over 30 event types. The reports available on each case created by AbuseHQ include:
- Event Type Information
- Case Summary
- State, Create, Event Count, and Assignee
- Events Graph
- Event Details
- Case History
- Network Details
- Reporter Information
- Malware Information
See also: Developing Your Abuse Handling Solution: Build Or Buy
AbuseHQ from Abusix helps service providers assess risks earlier, thereby lowering network operations and support costs. It simplifies abuse and security operations and raises productivity while improving customer care and quality of service. The result is happier customers, improved retention, and delighted service providers.
For more information about how Abusix can help you resolve up to 99% of network abuse incidents, get in touch with a network abuse specialist today.