Using IP Intelligence in the ongoing battle for cyber security

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

Rapid surges in digital activity made 2020 a record-breaking year on multiple fronts. Internet use reached unprecedented levels — climbing to four hours per day amid the early Covid-19 outbreak — while global online shopping grew at the fastest rate since 2008. At the same time, cybercriminals were busier than ever, with UK threats up by 20 percent against 2019. 

On average, each business faced 690,000 attempted cyber-attacks last year: equivalent to one every 46 seconds. Given the significant damage breaches can inflict on company finances, data security, and reputation, this sudden spike is concerning, but it’s especially troubling when rising digital dependence is added to the picture. With embracing online tools and offerings becoming increasingly important to organizational success, criminal interest is only going to keep soaring; as will the impact of illegal infiltration, ransomware, and network takeovers. In fact, the worldwide cost of cybercrime is predicted to hit $10.5 trillion annually by 2025.

What makes bad actors so hard to tackle?

For cybercriminals, applying camouflaging techniques that mask their location has become the standard means of ensuring anonymity, with proxies often a popular choice. Using tools such as anonymizers, virtual private networks (VPNs) and Tor services, online offenders make themselves harder to trace by hiding behind the IP address of a proxy server. 

It therefore might seem as though the most obvious step for companies striving to bolster their digital security is blocking traffic coming from proxies. This approach, however, is too blunt for the modern web. Thanks to greater availability of affordable IP re-direct options, proxies and particularly VPNs were gaining wider traction pre-pandemic, used by 25 percent of the online population globally as far back as 2018. Following the transition to digital-first living, adoption has accelerated apace.

Studies show the VPN market is due to expand by just under 30 percent in 2021 as users turn to proxies for a range of purposes beyond crime. At the top of the list is protecting online privacy, but these tools are also playing a key role in other areas, including remote working. For organizations of all shapes and sizes, enabling secure connection from home remains important in the ever-changing current climate and VPNs frequently offer vital support. See, for instance, Microsoft’s corporate VPN, which provides access for up to 55,000 employees in varying regions and locations daily.

What does that mean for proxy blocks? 

The bottom line is that proxies don’t automatically indicate illegal or harmful intentions. By classing any VPN user as a definite risk, organizations are likely to end up with high numbers of false positives; where legitimate users are mistakenly labeled threats and barred from networks. As well as locking out large swathes of their out-of-office workforce, doing so could mean firms cut off customers from accessing online services.

Instead, businesses must improve their ability to analyze users on a case-by-case basis and determine whether a specific case of proxy use should send alarm bells ringing or not. Equally, it will also be crucial to shore up defenses against bad actors by spotting and stopping suspicious traffic before criminals have the chance to launch attacks, in addition to guarding against delays that impede operational efficiency and drive customer frustration. 

Although this sounds like a challenging task, one relatively straightforward answer lies with homing in on how — and specifically where — users connect. By diving deeper into location data, organizations can unlock valuable insights that help unmask the real criminals.

The location holds the key to successful navigation 

Put simply, tackling the many nuances of cybercrime calls for nuanced evaluation. Rather than immediately assuming proxies mean danger, companies need the capacity to assess users, pinpoint signs of dubious activity, and conduct a robust assessment, at speed. A core part of that is establishing how proxies are being used, and this is where location comes in. 

IP intelligence can provide a detailed yet non-personally identifiable view of users that goes right down to postcode level. By analyzing IP entry and exit nodes — where users appear to be connecting from and logging off — and tapping reliable, high-quality location data, companies can obtain an array of useful information for detecting criminals at work, whether they’re aiming to carry out payment fraud, penetration attacks, DDOS attacks or an account takeover.

For example, traffic stemming from unexpected regions can be an instant red flag, such as UK-based teams connecting from other countries. Meanwhile, in-depth analysis of velocity patterns can also highlight infeasible and unrealistic jumps in location, including users swapping between geographically distant areas in a single session. By running continuous measurement of incoming IP intelligence, companies can generate an ongoing flow of insight that paves the way for real-time action and helps them guide smarter decisions. 

In practical terms, that could include a mixed defensive strategy built around specific risk levels and event-based rules. Detection of some proxies known to be used by criminals might trigger immediate blocks to prevent serious threats, with less obviously harmful traffic marked for verification, such as an SMS message or email. As well as avoiding unnecessary friction, implementing these multifaceted mechanisms will demonstrate a commitment to maximizing online safety and delivering consistently positive experiences for genuine users.

By recognizing the intricacies of proxy use and harnessing the insights afforded by granular IP intelligence, companies can achieve an all-inclusive perspective of individual connections that will enable robust but not over-zealous defenses.

Andy Ashley, International Marketing Director, Digital Element

Andy Ashley, International Marketing Director, Digital Element.