Case Study: Rackspace Technology automates phishing investigations and cuts response time from 90 minutes to under 1 minute with Splunk Phantom (Splunk)

Automating Phishing Investigations at the No. 1 Managed Cloud Company

Rackspace, the world’s leading managed cloud company with over 6,000 employees across four continents, faced a growing phishing investigation burden: daily volumes of ~45 phish and burst attacks up to 300, with a manual workflow that touched as many as 10 security products and could take 90+ minutes per incident. Cross-team coordination and after-hours actions further slowed response and risked inconsistent handling.

Rackspace implemented Splunk Phantom to automate and orchestrate phishing investigations using modular Apps and Playbooks that perform searches, URL and file reputation checks (VirusTotal, PassiveTotal), sandbox detonations, and Jira updates, with pre-approved quarantine actions available. The result: investigations that once took 90+ minutes now complete in under a minute, delivering consistent, auditable responses, simplifying cross-team workflows, improving security, and freeing analysts to focus on high-value investigations.

Rackspace Technology

David Neuman

Vice President & CISO