Want all of the data behind our APIs? Our downloadable IP address databases deliver insights into millions of IPs

Learn more
Oort🔓 Cybersecurity

How Oort optimizes identity threat detection and response with IPinfo

Lowering costs and improving efficiency by 5x

Oort uses IP address data in Snowflake to improve team efficiency for Identity Threat Detection. Using IPinfo’s data in Snowflake, Oort is connecting disparate data sources into one unified feed, eliminating data silos between teams, and giving their customers a unified view of identities.

📈 Market position

About Oort

Since 2022, Oort has developed a leading identity threat detection & response solution that has secured over 500,000 accounts. They are dedicated to solving the problem of enterprise security by focusing on the crucial aspect of identity management. While many organizations are overwhelmed with complex and ever-changing data related to identities, technologies, relationships, and users, Oort provides a unified source of threat intelligence to prevent, detect, and respond to threats efficiently and in real-time.

  • twitter
  • linkedin
  • website
  • Client
    Michael Mariott
  • Customer Since
    2022
  • Company
    Oort
  • APIs used
    IP Geolocation, Privacy Detection, and ASN
🤔 The problem

Gathering actionable intelligence more quickly

Oort needed to gather more context to separate suspicious logins from authorized account users. Their team of data scientists required insights that could be used immediately to develop and test highly tuned detections for Oort’s customers. In particular, geolocation context is an important parameter for Oort’s customers, allowing them to detect suspicious activity to improve risk monitoring and inform decisions. Their customers also wanted more information about VPN usage to enforce organizational policies regarding commercial VPNs.

Our customers are trying to understand when accounts are performing suspicious activities. They need to determine if the user identity is who they’re claiming to be. IP address data is a really good indication of that.

Nicolas Dard
Nicolas Dard
VP of Product
⏳ The process

Finding the right IP address partner

Oort began looking for an IP Geolocation, ASN, and Privacy Detection data source with a high data quality standard and seamless access options. They needed context that was immediately available to use. Their ideal IP data solution would be easily implemented into their identity management products to reduce the amount of time data scientists and engineering teams spent testing and preparing the data for use. The solution also needed to merge disparate data sources into one unified feed while also providing near-real-time updates enabling the best enrichment for their products.

Geolocation is a really important point for our customers. When an account logs on and is involved in suspicious activities that look like security risks, it’s very important to be able to identify where that person normally logs on versus the location of the suspicious activity. It’s a vital piece of context to make decisions on how to respond to that particular area of risk.

Nicolas Dard
Nicolas Dard
VP of Product
🔬 The solution

Using IP address data in Snowflake

This is when Oort discovered the cost-savings associated with using IPinfo’s data in Snowflake. They could easily connect their existing data sources with IP intelligence to give their team full visibility of the insights immediately. The fact that these IP data queries could be run easily and at a low cost in Snowflake added significant value. Using IPinfo’s data in Snowflake also meant there was no barrier between Oort’s data science team using the IP data. This is because Snowflake’s platform eliminated dependency on Oort’s engineering team to integrate IP address intelligence into their solution. This freed up Oort’s engineering team to work on other pieces of functionality while their data science team began aggregating the data, building new detections, and gathering the context they needed to understand what risks are associated with a given identity based on IP address data. Oort is now using IPinfo’s IP to Geolocation data to monitor suspicious logins and other security risks. With this data, they can identify the location of those logins to detect anomalies to provide more context before responding to incidents. Oort has also implemented the Privacy Detection dataset to help their users pinpoint VPN users. Now Oort’s customers can receive notifications of commercial VPN usage which provides enough context to enforce compliance with organizational policies.

With IPinfo, our chief data scientist could immediately access the information in a table and then start to implement it. From an evaluation perspective on our end, this is completely different and a bit of a game changer.

Didi Dotan
Didi Dotan
CTO at Oort

Using IPinfo’s data in Snowflake allows us to immediately start using the data in our detections. That means that our data science team is working so much more efficiently.

Didi Dotan
Didi Dotan
CTO at Oort
🎉 The result

Since implementing IPinfo’s data in Snowflake, Oort estimates a five times improvement in efficiency for their data science and engineering teams. The IP geolocation and Privacy Detection data have given Oort’s customers more visibility over accounts to determine when logins are suspicious and need to be investigated. Oort has also discovered they need more context surrounding masked IP addresses and are exploring additional use cases with IPinfo’s team. Oort’s users love the context provided with IP addresses and are excited about the further implementation of this data.

Using IPinfo data within Snowflake has improved the efficiency of Oort’s data science team by five times for IP-based detections.

Didi Dotan
Didi Dotan
CTO at Oort

People love the identity context we’ve added with IP address data. They’re using it and want us to expand this context even further, which is a really great opportunity for Oort.

Nicolas Dard
Nicolas Dard
VP of Product

Related Customer Stories

  • Graylog
    🔓 Cybersecurity

    Graylog realized they had an opportunity to further enrich their customers’ data. Learn how they leveraged IP data to enrich intel.

  • GreyNoise
    🔓 Cybersecurity

    Since using IPinfo, GreyNoise has become recognized as the go-to Anti-Threat Intelligence source.

Get started with IPinfo