Want all of the data behind our APIs? Our downloadable IP address databases deliver insights into millions of IPs
Learn moreOort needed to gather more context to separate suspicious logins from authorized account users. Their team of data scientists required insights that could be used immediately to develop and test highly tuned detections for Oort’s customers. In particular, geolocation context is an important parameter for Oort’s customers, allowing them to detect suspicious activity to improve risk monitoring and inform decisions. Their customers also wanted more information about VPN usage to enforce organizational policies regarding commercial VPNs.
“Our customers are trying to understand when accounts are performing suspicious activities. They need to determine if the user identity is who they’re claiming to be. IP address data is a really good indication of that.”
Oort began looking for an IP Geolocation, ASN, and Privacy Detection data source with a high data quality standard and seamless access options. They needed context that was immediately available to use. Their ideal IP data solution would be easily implemented into their identity management products to reduce the amount of time data scientists and engineering teams spent testing and preparing the data for use. The solution also needed to merge disparate data sources into one unified feed while also providing near-real-time updates enabling the best enrichment for their products.
“Geolocation is a really important point for our customers. When an account logs on and is involved in suspicious activities that look like security risks, it’s very important to be able to identify where that person normally logs on versus the location of the suspicious activity. It’s a vital piece of context to make decisions on how to respond to that particular area of risk.”
This is when Oort discovered the cost-savings associated with using IPinfo’s data in Snowflake. They could easily connect their existing data sources with IP intelligence to give their team full visibility of the insights immediately. The fact that these IP data queries could be run easily and at a low cost in Snowflake added significant value. Using IPinfo’s data in Snowflake also meant there was no barrier between Oort’s data science team using the IP data. This is because Snowflake’s platform eliminated dependency on Oort’s engineering team to integrate IP address intelligence into their solution. This freed up Oort’s engineering team to work on other pieces of functionality while their data science team began aggregating the data, building new detections, and gathering the context they needed to understand what risks are associated with a given identity based on IP address data. Oort is now using IPinfo’s IP to Geolocation data to monitor suspicious logins and other security risks. With this data, they can identify the location of those logins to detect anomalies to provide more context before responding to incidents. Oort has also implemented the Privacy Detection dataset to help their users pinpoint VPN users. Now Oort’s customers can receive notifications of commercial VPN usage which provides enough context to enforce compliance with organizational policies.
“With IPinfo, our chief data scientist could immediately access the information in a table and then start to implement it. From an evaluation perspective on our end, this is completely different and a bit of a game changer.”
“Using IPinfo’s data in Snowflake allows us to immediately start using the data in our detections. That means that our data science team is working so much more efficiently.”
Since implementing IPinfo’s data in Snowflake, Oort estimates a five times improvement in efficiency for their data science and engineering teams. The IP geolocation and Privacy Detection data have given Oort’s customers more visibility over accounts to determine when logins are suspicious and need to be investigated. Oort has also discovered they need more context surrounding masked IP addresses and are exploring additional use cases with IPinfo’s team. Oort’s users love the context provided with IP addresses and are excited about the further implementation of this data.
“Using IPinfo data within Snowflake has improved the efficiency of Oort’s data science team by five times for IP-based detections.”
“People love the identity context we’ve added with IP address data. They’re using it and want us to expand this context even further, which is a really great opportunity for Oort.”
Graylog realized they had an opportunity to further enrich their customers’ data. Learn how they leveraged IP data to enrich intel.
Since using IPinfo, GreyNoise has become recognized as the go-to Anti-Threat Intelligence source.