How Oort improved data science efficiency by 5x using IPinfo and Snowflake
Many organizations face erosion of network visibility due to user access changes, such as accessing accounts from unsecured networks, devices, or residential networks. These businesses need contextualized data such as network insights, logins, and enrichment data to detect and mitigate threats.?
This identity data is often siloed, preventing threat detection teams from gathering the necessary information to mitigate identity risks. Many companies turn to SIEMs to eliminate these silos, but SIEMs typically provide limited context for identity and access management (IAM). SIEMs also often incur more expenses than many organizations are willing to pay.?
Many companies need cost-effective means to access more data to proactively reduce attack surfaces and respond to identity threats.?
This is the challenge Oort solves. Oort provides a unified source of threat intelligence to prevent, detect, and respond to threats efficiently and in real-time.?
Oort: The identity threat detection for enterprises
Oort is a leading Identity Threat Detection and Response organization specializing in solutions for Enterprise organizations. Since 2022, Oort has secured over 500,000 accounts by improving identity security for organizations that need more attack surface visibility.
Using Snowflake, Oort has built an identity security data lake that enables Oort’s users to detect and mitigate threats with contextualized identity data. With IPinfo’s data in Snowflake, Oort has been able to improve their data science team efficiency by 5x and improve their product value for their customers.
IP address data in Snowflake improves identity and access management for Oort’s customers
Oort’s customers needed more visibility when it came to geolocation, ASN data, and masked identities, which is why they began implementing IP address data into their data enrichment feeds. Oort solved several challenges for their internal teams and customers by using IPinfo’s data in Snowflake.
According to Nicolas Dard, VP of Product at Oort, “Geolocation is a really important point for our customers. When an account logs on and is involved in suspicious activities that look like security risks, it’s very important to be able to identify where that person normally logs on versus the location of the suspicious activity. It’s a vital piece of context to make decisions on how to respond to that particular area of risk.”?
Contextualizing disparate datasets
Snowflake’s Data Lake enabled Oort to merge disparate data sources into one unified feed. Before using Snowflake, Oort merged data from a variety of sources, such as Okta, Azure AD, and Salesforce. Some of these data sources limit historical data to a week or thirty days.?
Organizations like Oort need to view longer timelines of events to improve identity threat detection. Now, with Snowflake’s Data Lake, they can easily query all these data sources and maintain a historical feed of their data.
Merging IP address data in Snowflake with all their other data sources was simple. Within a few clicks, Oort’s data science team was able to start contextualizing alerts with IP to Geolocation, Privacy Detection, and ASN data.
领英推荐
Optimizing team efficiency with universal access?
Implementing IPinfo’s data in Snowflake was so easy that Oort’s data scientists could immediately begin drawing inferences from IP insights. According to Did Dotan, CTO of Oort, “With IPinfo, our chief data scientist could immediately access the information in a table and then start to implement it. From an evaluation perspective on our end, this is completely different and a bit of a game changer.”?
The data science team experienced no dependency on the engineering team to implement the data. They immediately began aggregating the data, building new detections, and gaining an understanding of what risks are associated with an identity coming from a given IP address.?
Oort’s team efficiency quickly skyrocketed. Not only did Snowflake and IPinfo enable Oort to implement new detections, but universal access to this data enabled Oort to implement 5x better efficiency within their data science team.
Cost-effective queries
Oort also recognized the need for more cost-effective queries so they could pass along those cost-savings to their customers. Previously, they managed all data in AWS, incurring a variety of extra costs associated with aggregating the data in this platform.?
In Snowflake, the data science team was able to run more cost-effective queries while looking for anomalies within their datasets. Didi Dotan, CTO at Oort mentioned that “using IPinfo’s data in Snowflake allows us to immediately start using the data in our detections…. Our data science team works so much more efficiently.”
Building reliable identity threat detection with accurate IP data
Oort’s customers use their detections to make real-life decisions. The context that Oort offers, therefore, needs to be the highest quality available and needs near-real-time updates.?
Snowflake’s platform allows IPinfo to update our datasets daily, which is absolutely critical for use cases like Oort’s. The result is that Oort’s customers love the newly added IP address context and want Oort to offer even more IP address insights.
According to Nicolas Dard, Oort’s VP of Product, “People love the identity context we’ve added with IP address data. They’re using it and want us to expand this context even further, which is a really great opportunity for Oort.”?
How to get started with IP data in Snowflake
IPinfo’s 10+ listings are available on Snowflake Marketplace including our self-service options. Organizations can start using the data immediately and remove data silos to improve team efficiency.?
Organizations can easily implement the data using IPinfo’s official Snowflake documentation.?Users can also gather more information about easy data implementation using our community docs.
Get started with the free 30-day trial to the All-In-One IP Address Database to determine which datasets fit their use case.