DigitalOcean simplifies cloud computing so developers and businesses can spend more time building software that changes the world. With its mission-critical infrastructure and fully managed offerings, DigitalOcean helps developers, startups and small and medium-sized businesses (SMBs) rapidly build, deploy and scale applications to accelerate innovation and increase productivity and agility.
DigitalOcean needed a way to scale its ability to mitigate abuse cases as its business grew. Their abuse analysts’ daily workload was full and they wanted to provide more value to customers.
DigitalOcean chose Abusix’s AbuseHQ as their real-time abuse handling tool to automate the parsing and mitigation of abuse complaints.
AbuseHQ helped DigitalOcean integrate their abuse handling processes into their security operations center (SOC), speeding mitigation, and if necessary, the shutdown of compromised droplets.
With AbuseHQ, DigitalOcean has been able to establish close partnerships with more reporters as the platform allows for robust data consumption and permits automatic categorization of such data.
The addition of automation has also allowed the team to proactively reach out to their customers and let them know about vulnerabilities that could be leveraged to compromise their systems and lead to unauthorized access.
In 2016, the AbuseOps Team from DigitalOcean was processing and escalating all abuse cases manually and needed to find a more efficient way to process and escalate abuse complaints.
If the number of incidents coming out of their network was not mitigated in a timely manner it could impact their customers, and risk their performance.
The challenge in effectively managing remediation led DigitalOcean to create a complex process which in turn led to increased hiring to handle the workload.
The challenge is that a report or email may come in with one complaint or hundreds. An analyst needs to be assigned and conduct a series of actions for each event.
After being assigned, the analyst must parse the report for each event, conduct a lookup in another system to determine if each IP or link is in their network, create a case if it belongs to them, notify the customer, and track the outcomes if needed.
Each report can take anywhere from a few minutes to hours depending on the size. This is in addition to the need for notifying customers and tracking the outcomes.
DigitalOcean started looking for a solution that allowed their abuse team to focus on the most important tasks. After a trial, DigitalOcean chose AbuseHQ, as the automation processes took care of all the mundane, repetitive work.
Mike White, Legal Ops said: “AbuseHQ removed a huge manual burden from our team. It reduced most of the noise coming into our abuse inbox, and helped us prioritize the important alerts without a human needing to review every complaint.”
Customized playbooks (a series of predefined steps based on set conditions) are utilized to notify, handle, and track each case outcome through automation.
Through the playbooks, they were able to handle different abuse types including Bruteforce, Intellectual Property, Malware, Phishing, Spam, and many other types through improved procedures and automation.
Will Lefevers, SOC Director at DigitalOcean added that “With AbuseHQ we simply get stuff done much faster.”
Increased efficiency with AbuseHQ
After using AbsueHQ for almost 4 years, DigitalOcean is currently minimizing the workload on the team with the incoming reporters automated and automatically parsing and acting upon incoming complaints.
This increase in efficacy has allowed DigitalOcean to take a proactive approach to protect their customers. AbuseHQ has enabled them to ingest large reports from 3rd party reporters, such as Shadowserver, and automate the processing and customer notification of those reports.
One benefit of this is the ability to proactively notify customers of vulnerabilities in their systems before they are discovered and exploited by others.
Will Lefevers explained that in 2020 a big focus was to continue to hone the efficiency they are receiving by using AbuseHQ. That is why they’re also rolling out a new API that enables them to query even faster.
The teams are constantly improving their inbound processes and playbooks within AbuseHQ to get the most out of the solution. Everybody on the team is now aware of AbuseHQ’s capabilities, which has also improved internal communication between the different teams using the solution.
As AbuseHQ can be fully customized, DigitalOcean and the Abusix engineering team are working closely together to streamline the workflow more and more.
He found it encouraging to see all the events that come in classified and action taken on the abusers or infected systems.
Improved communication and reputation
DigitalOcean is also receiving more and more positive feedback from reporters and customers. “Without AbuseHQ, we would actually not be able to work with all the new reporters, simply because we didn’t have the capacity to do so,” added Mike White, Legal Ops at DigitalOcean.
AbuseHQ removed a huge manual burden from our team. It reduced most of the noise coming into our abuse inbox and helped us prioritize the important alerts without a human needing to review every complaint.