inDrive and RST Cloud logo

Strengthening SOC Operations at inDrive with RST Cloud CTI

Mar 3, 2026

inDrive, a global mobility and urban services platform, utilizes a modern geo-distributed Linux-based infrastructure built on a multi-cloud strategy, with an extensive reliance on Kubernetes for container orchestration that powers its global digital services. With infrastructure spread across multiple regions, and as part of its ongoing security maturity efforts, the team prioritized:

  • Access to timely, high-confidence threat intelligence with minimal false positives and automatic removal of outdated IoCs, enabling efficient SOC operations at inDrive’s scale.
  • Comprehensive threat intelligence coverage derived from global research, integrating OSINT with proprietary intelligence sources for deeper visibility.
  • Easy integration into existing SOC workflows.

Solution

To enable real-time detection, inDrive selected RST Cloud as its cyber threat intelligence (CTI) provider, using RST Threat Feed as its core threat intelligence source and RST IoC Lookup for incident enrichment, due to the following capabilities:

  • Wide coverage of threats across multiple regions and industries.
  • Integration of OSINT with proprietary intelligence sources and research.
  • High-quality, contextualized data suitable for automated security processes.

As described by inDrive Senior SOC Manager, Ivan Saakov:

“We needed a CTI provider with broad threat coverage, strong OSINT, proprietary research, and minimal IoC latency. RST Cloud aligned well with our operational and automation priorities.”

Outcomes

Because cyber threats evolve faster than manual processes can handle, inDrive’s security engineers have built their SOC around automation, ensuring they can respond quickly without being overwhelmed. Through the integration of RST Cloud products, the SOC at inDrive has strengthened its ability to receive prioritized, contextualized threat intelligence, with new IoCs available within an hour of detection. This enables the rapid identification of relevant threats and the implementation of effective, automated protection mechanisms.
As a result of the integration, the team gained enhanced visibility into:

  • Threat actor activity.
  • Industry-specific risks.
  • Emerging vulnerabilities.

This enables the SecOps team to detect, anticipate, and respond to threats more quickly.

Contact us to explore how we can support your security operations.