Rackspace Builds Trust and Confidence with Rapid7 Solutions

Challenge

At Rackspace, security is really important. It’s important that customers know that when they put their data on the Rackspace platform, or choose to interact with Rackspace that their data will be secure. Rackspace will protect it as if it's their own.

Solution

Rackspace uses a suite of Rapid7 products, including InsightVM, Metasploit, and InsightAppSec.

Christina Galligan, Director of Cybersecurity Operations at Rackspace, knows that trust and confidence is core to everything her team does. She describes why they chose to partner with Rapid7, and how vulnerability assessment has been an evolutionary journey for her team with InsightVM, Metasploit, and InsightAppSec. Learn how the Rackspace team collaborated with Rapid7 to develop features in InsightVM like the endpoint agent, container assessment, and more.

I lead the threat and vulnerability analysis team. We do vulnerability assessment, red teaming, and threat intelligence for internal Rackspace and we also support the customer security operation center for vulnerability assessment.

So my team uses a suite of Rapid7 products, including InsightVM, Metasploit, and InsightAppSec. At Rackspace, security is really important. Trust and confidence is really the basis of what we do. So security really adds to that, right, so if you're a customer at Rackspace, you have to know that when you put your data on our platform, or you choose to interact with us, we're going to keep your data secure, we're going to make sure that we protect it as if it's our own.

Vulnerability analysis and vulnerability management at Rackspace, I think, it's been an evolutionary story for us. A few years ago when we didn't have Rapid7 on board, we were quantifying our vulnerabilities in a different way. Now, we're able to report more quickly and really remediate faster. It allows us to get the data into the hands of the people that need it.

From an adoption perspective, as soon as we introduced the platform to the team, they were really excited about it. They were really jazzed that it seemed like a land of infinite possibilities in terms of the flexibility it provided, which we weren't seeing with other products.

Before we went to Rapid7 we did evaluate some other vulnerability assessment products and other vendors. There were two differentiators that stood out with Rapid7. One was the level of API integration and automation that we felt it would enable. We were a small team at the time, so it was really important that we were able to automate as much as possible. 

The other differentiator was support. Tickets get answered, and they don't just get answered, they get answered really comprehensively and so first pass yield is really high with being able to remedy the issue or really being able to answer questions for us.

We love to be involved in any program that the vendor offers where we can provide feedback and really be kind of driving the roadmap. I think one thing we really liked about Rapid7 when we looked at them, and as we do check-ins is that features that are discussed on the roadmap are developed on the roadmap.

I think a lot of times what's being released by Rapid7, so containers and agents are things that we've asked for and so we're really excited when they're introduced. Being able to interface on the dev level with the people that are actually building the product and the ones who have actually written the API and the integration is just really huge. So we found a ton of flexibility. And we're excited to continue to work to build out the agent API as well with Rapid7.