Case Study

DigitalOcean Partners with Abusix to Take a Stand Against Spam and Abuse to Protect its Network and Customers

Industry

Cloud & Hosting Provider

Background

DigitalOcean simplifies cloud computing so developers and businesses can spend more time building software that changes the world. With its mission-critical infrastructure and fully managed offerings, DigitalOcean helps developers, startups and small and medium-sized businesses (SMBs) rapidly build, deploy and scale applications to accelerate innovation and increase productivity and agility. 

Challenges

DigitalOcean needed a way to scale its ability to mitigate abuse cases as its business grew. Their abuse analysts’ daily workload was full and they wanted to provide more value to customers.

Solution

DigitalOcean chose Abusix’s AbuseHQ as their real-time abuse handling tool to automate the parsing and mitigation of abuse complaints.

Results

AbuseHQ helped DigitalOcean integrate their abuse handling processes into their security operations center (SOC), speeding mitigation, and if necessary, the shutdown of compromised droplets.

With AbuseHQ, DigitalOcean has been able to establish close partnerships with more reporters as the platform allows for robust data consumption and permits automatic categorization of such data.

The addition of automation has also allowed the team to proactively reach out to their customers and let them know about vulnerabilities that could be leveraged to compromise their systems and lead to unauthorized access.

The Situation

In 2016, the AbuseOps Team from DigitalOcean was processing and escalating all abuse cases manually and needed to find a more efficient way to process and escalate abuse complaints.

If the number of incidents coming out of their network was not mitigated in a timely manner it could impact their customers, and risk their performance.

The challenge in effectively managing remediation led DigitalOcean to create a complex process which in turn led to increased hiring to handle the workload.

The Challenge

The challenge is that a report or email may come in with one complaint or hundreds. An analyst needs to be assigned and conduct a series of actions for each event.

After being assigned, the analyst must parse the report for each event, conduct a lookup in another system to determine if each IP or link is in their network, create a case if it belongs to them, notify the customer, and track the outcomes if needed.

Each report can take anywhere from a few minutes to hours depending on the size. This is in addition to the need for notifying customers and tracking the outcomes.

The Solution 

Automating Processes

DigitalOcean started looking for a solution that allowed their abuse team to focus on the most important tasks. After a trial, DigitalOcean chose AbuseHQ, as the automation processes took care of all the mundane, repetitive work.

Mike White, Legal Ops said: “AbuseHQ removed a huge manual burden from our team. It reduced most of the noise coming into our abuse inbox, and helped us prioritize the important alerts without a human needing to review every complaint.” 

Customized playbooks (a series of predefined steps based on set conditions) are utilized to notify, handle, and track each case outcome through automation.

Through the playbooks, they were able to handle different abuse types including Bruteforce, Intellectual Property, Malware, Phishing, Spam, and many other types through improved procedures and automation.

Will Lefevers, SOC Director at DigitalOcean added that “With AbuseHQ we simply get stuff done much faster.”

The Results 

Increased efficiency with AbuseHQ

After using AbsueHQ for almost 4 years, DigitalOcean is currently minimizing the workload on the team with the incoming reporters automated and automatically parsing and acting upon incoming complaints. 

This increase in efficacy has allowed DigitalOcean to take a proactive approach to protect their customers. AbuseHQ has enabled them to ingest large reports from 3rd party reporters, such as Shadowserver, and automate the processing and customer notification of those reports.

One benefit of this is the ability to proactively notify customers of vulnerabilities in their systems before they are discovered and exploited by others.

“With AbuseHQ, we simply get stuff done much faster.”

Will Lefevers, SOC Director, DigitalOcean

Will Lefevers explained that in 2020 a big focus was to continue to hone the efficiency they are receiving by using AbuseHQ. That is why they’re also rolling out a new API that enables them to query even faster.

The teams are constantly improving their inbound processes and playbooks within AbuseHQ to get the most out of the solution. Everybody on the team is now aware of AbuseHQ’s capabilities, which has also improved internal communication between the different teams using the solution.

Streamlined Processes

As AbuseHQ can be fully customized, DigitalOcean and the Abusix engineering team are working closely together to streamline the workflow more and more.

“AbuseHQ has allowed us to visualize a complete history for our customers that enables us to understand what our customers are attempting to accomplish with DigitalOcean products.”

Cashan Stine, Security Operations Center Analyst II, DigitalOcean.

He found it encouraging to see all the events that come in classified and action taken on the abusers or infected systems.

Improved communication and reputation

DigitalOcean is also receiving more and more positive feedback from reporters and customers. “Without AbuseHQ, we would actually not be able to work with all the new reporters, simply because we didn’t have the capacity to do so,” added Mike White, Legal Ops at DigitalOcean.

Picture of Mike White DigitalOcean

AbuseHQ removed a huge manual burden from our team. It reduced most of the noise coming into our abuse inbox and helped us prioritize the important alerts without a human needing to review every complaint.

— Mike White, Legal Ops, DigitalOcean

Share
Linkedin Icon Twitter Icon Facebook Icon E-mal Icon

Products & Tools

Type

Topic

Get in touch

Talk to us

The quickest way to get in touch with the team is via our online chat feature at the bottom right of this page. Alternatively, feel free to email us at [email protected] or send us a message via our form.

Is your IP blocked?
To get that resolved, please use our lookup-service and follow the instructions in order to delist your IP/domain.