Subpar IP Decisioning Data Can Drive Risky Security Decisions

Cyber threats have driven companies to invest heavily in security data, technologies and services.

istock 621358098

Arguably, the most recognized – and perhaps most overused – cliché in the computer industry is “garbage in, garbage out.” Of course, there’s good reason why this phrase has had such staying power, and why it has migrated far beyond its original computational confines. “Garbage in, garbage out” is fundamentally true, regardless of the technical or business situation in which it’s applied.

In few areas is this truism more important than in the realm of cybersecurity. Organizations of all types and sizes find themselves under an escalating barrage of cyber attacks. A recent survey by the industry association ISACA found that 78% of all those surveyed reported such attacks, and more than half said the volume of attacks had increased in the past year.

These increasing cyber threats have driven companies to invest heavily in security data, technologies and services. The cybersecurity sector, which was a $3.5 billion market in 2004, will surpass $120 billion this year, one research firm estimates. Unfortunately – garbage in, garbage out – the quality of the security these investments deliver is only as good as the quality of data the controls and services provide.

An increasingly critical element of many organization’s security strategy is obtaining insight about an IP address that is attempting to connect or access data within an organization. Among other data, this IP insight ideally will provide granular information including the location of the connected device, a risk assessment of the device’s IP address, and an indication of whether the device is using a proxy or some other anonymizer technique that hides its true location. This data, in turn, can help in deciding whether to give access to a device as it goes through an authentication and authorization process. However, if the IP location and/or risk data is vague, inconsistent, or unreliable, the subsequent access decisions may also be flawed.

A related problem is the use of IP decisioning data, from different data providers, by different departments within an organization.  For example, if the Platform team makes customer journey decisions based on IP data from one data provider, and the Cybersecurity team makes security decisions based on IP data from another provider, conflicts can result.   IP data decisioning conflicts can not only cause a dramatic increase in review queues and customer friction – but unless the IP decisioning which is considered “source of truth” within an organization is accurate, high risk IPs may be granted access to the organizations data and assets, thus putting the organizations cybersecurity posture at risk.  Organizations should attempt to identify the best source of IP decisioning data, and standardize on that single source across the organization to achieve optimal operational efficiency and security.

Duo Security, which is in the business of providing secure access to any application, via any device, over any network, decided to utilize Neustar’s IP Intelligence decisioning data to supplement the core two-factor authentication of its access approval platform. “In particular, our customers wanted alerts about anonymous IP proxies – compromised or suspicious hosts our platform may have blacklisted,” explains Jon Oberheide, co-founder and CTO of Duo Securities.

Because Neustar’s IP Intelligence dataset includes more than 40 attributes about IP location, network access, risk assessment and alerts about anonymized connections, the addition of this information has helped give Duo Security’s customers high confidence when approving log-ins.

“Our beta customers love the new set of advanced security features, including everything that IP Intelligence brings,” says Oberheide. “They know where the user is coming from and if that location is risky or suspicious in nature.”

IP decisioning data is just one element of a comprehensive cybersecurity regime. But, done right, it can become one of the most trusted and valuable contributors to an overall security strategy.


Copyright © 2017 IDG Communications, Inc.