A Five-Part Blog Series to Bust the Myths Surrounding VPN Intelligence Data
In this five-part blog series, we tackle the questions our customers ask us, with a goal of busting the myths that are driving those questions. In our first blog post of the series, we dispelled the myth that all VPN-driven data is the same. For Part Two, we addressed the myth that VPN breadth doesn’t matter. Part Three dispelled the myth that IT teams only need to worry about detecting the VPN services included in a Top Ten list they’ve found online.
This blog post, the fourth in our series, tackles a pernicious myth that VPN threat vectors originate from common sources and remain static.
Myth #4: VPN threat vectors originate from common sources and remain static.
There are many reasons why this statement is false. Before we can even begin to identify the IP addresses that are proxies, we need to understand how the IP address space operates. There are three portions of the routable IP space that apply in this context:
ISP blocks, which are tied to ISPs that offer home and business connectivity
Mobile blocks, which are for mobile and IoT devices and provided by telecom companies
Hosting IP blocks, which is where VPN activity originated and continues to live, services all kinds of connectivity needs, such as domain or web hosting, co-location, and so on.
However, over the past 10 years, VPN providers have begun to tap into IP addresses that historically have been within Hosted IP address blocks to dynamic addresses within the ISP and Mobile blocks and are starting to leverage those as proxies.
Dynamic vs Static IPs
Given the distinction in the routable IP space, it’s no surprise that there are two broad classes of IP addresses: static and dynamic.
Static IP Address. A static IP address is one that has consistent geolocation, meaning at the time it is analyzed its geolocation is the same as previously identified. Static IP addresses are likely tied to the same end users if within an ISP block.
Dynamic IP Address. A dynamic IP address is one whose geolocation changes frequently. It’s dynamic because it can service different end users at any given moment. This is more common in Mobile and ISP blocks because end users fluctuate within a given area. These addresses are difficult to block as the end user may be different every day making blocking the IP address problematic.
Example of a Dynamic IP Address
A home user’s IP address, also known as a residential IP address, is a highly valuable IP address to a VPN provider as they are dynamic and can change everyday. A VPN service will use these addresses for their service, knowing that the IP address can change at any given moment, making it easier to circumvent restrictions that would apply to Static IP addresses.
Example of How VPN Exit Nodes Operate
Lets say a user signs up for “Big Name” VPN user and connects to a server in the U.K. They will be assigned a Static IP address of “1.2.3.4” from a hosting provider like “Digital Ocean”. That is the entrance node. The “Big Name” VPN user then wants to visit a streaming media provider. At that point the provider routes the user through an additional IP address “5.6.7.8” from an ISP like “British Telecom”. This is the exit node. And this is the IP address that looks like a residential IP address.
Furthermore, if the “Big Name” VPN user leaves the U.K. server and chooses a U.S. server from the “Big Name” VPN provider, that IP address is “9.10.11.12” and it belongs to a hosting provider, such as “Linode LLC”. This is the entrance node. If the user connects to a media streaming service, they get routed through “13.14.15.16 ” which belongs to an ISP “Comcast Cable”. This is the exit node and this is also another residential IP address.
It’s also a good example of the challenges it poses to companies that offer services to that user. Once upon a time, security teams could reasonably assume that an IP address associated with a proxy was a bad actor who should be blocked from accessing their networks or services or a bot performing a malicious action. But we see in this example that a home user can be associated with a proxy. If you’re a streaming media company, do you still block this home user, who may be a paying customer?
The Bottom Line
What does this mean for security teams? You can identify an IP address as a threat vector and block it, but that is no assurance that you’ve stopped the bad actor. That actor can simply access and use another IP address to attack your network. This is when the process of blocking certain entities can begin to look like a game of whack-a-mole.
The Digital Element Difference:
We deploy multiple strategies to help security professionals to stay on top of threat vectors.
First, we identify which IP blocks are static and which are dynamic using proprietary methodologies. Additionally, we use several different applications, each with its own methodology, to identify the IP addresses that are currently being used as proxies.
Importantly, we also see the volume and frequency of both static and dynamic IP addresses that are tied to VPNs. We can verify that dynamic IPs tied to VPNs remain predominantly in the Hosting space, even as VPN providers are actively moving into static IP space.
Given the dynamic nature of the space, we also have a very robust aging mechanism to ensure that we don’t label an IP address as a proxy longer than we should. This aging mechanism also runs 24/7.
Up Next: In our fifth and final myth of this series, we’ll talk about the pitfalls of relying only on geolocation datasets, and explain why blocking an entire geographic region isn’t always in your best interest.
VPN usage exploded during the pandemic, as consumers sought ways to hide their location so that they could circumvent geographical restrictions to content. Consumers face no difficulty in finding a VPN service provider, as a plethora of free and paid residential proxy services have entered the market.
Some of these VPN services are favored by nefarious actors because the service offers features that allow them to mask their malicious activities, including scraping, scanning and network password testing. The FBI has warned that cyber criminals are exploiting home VPN usage to break into corporate systems.
As a result of this surge in the VPN market, it’s essential that security professionals gain a deep understanding of the VPN market so they can properly protect data and network assets. Knowing which VPN providers promise criminal-friendly services can help you make important decisions about the traffic that can access your network, and set policies to keep nefarious actors at bay.
Organizations Need Granular Detail Around VPN Traffic, Usage, and Intent
Earlier this year we introduced, Nodify, a threat intelligence solution that identifies whether inbound or outbound traffic is tied to a VPN, proxy, or a darknet. Nodify provides security professionals with a wealth of context around VPN providers to help you distinguish legitimate users from bad actors.
Recently we’ve made important updates to Nodify, making it the most extensive VPN detection system available. The notable updates are:
Higher Frequency: With proxy IPS and VPNs changing rapidly, Nodify data is collected on an hourly basis and provides customers with a daily update on usage.
Deeper Insights: Going beyond the generic VPN collection, Nodify provides users with critical insights into the VPN user, including services provided by the VPN provider such as “no logging,” “multihop,” and “corporate.” These fields help clients determine the good vs the bad based on their use case.
Ease of Use: Nodify has a user interface that allows clients to quickly get a complete understanding of any VPN provider through a simple web dashboard.
Created to help security professionals understand and respond to the surge in VPN providers and usage, this brief describes the new classes of VPNs that have emerged during the pandemic, how they exploit consumer usage, and the unique risks they pose to corporate systems.
It also provides concrete steps that security teams can take to protect their networks proactively using Nodify insights.
A Five-Part Blog Series to Bust the Myths Surrounding VPN Intelligence Data
In this five-part blog series, we tackle the questions our customers ask us, with a goal of busting the myths that are driving those questions. In our first blog post of the series, we dispelled the myth that all VPN-driven data is the same. For Part Two, we addressed the myth that VPN breadth doesn’t matter.
In this blog post we take on the myth that corporate security and IT teams only need to worry about the ability to detect and screen the VPN services included in a Top Ten list they’ve found online. But as you’ll see, there are flaws to this strategy.
As any IT professional knows, the increased popularity means increased risk. VPNs have been popular tools for cybercriminals, who use them to obfuscate their original location, circumvent firewall blocks or even deep packet inspection, among other things. Once a nefarious actor has breached a network through a compromised device, such as the work PC of a remote worker, the entire network is at risk. In January of this year, police in Europe shut down VPNLab, a VPN service that cybercriminals used to distribute malware and ransomware to over 100 businesses throughout the continent. These cybercriminals were able to avoid detection tools because the VPN encrypted the traffic to the endpoint.
For publishers, people using VPNs for streaming may often be circumventing digital rights management rules put in place to prevent piracy from siphoning off revenues. In fact, piracy is expected to skyrocket as inflation and subscription fatigue collide. Content owners and operators are fighting to protect intellectual property, and are finding that fighting piracy and protecting content assets is coming down to a cybersecurity issue within their organizations.
These are not idle concerns. Naturally, corporate security teams are keen to understand the VPN market better, including which services are favored by bad actors and which are more benign. It’s a topic we’re asked about frequently, and are happy to provide our clients with the insight and tools they need to make smart decisions regarding who can access their networks, who should be flagged for additional authentication, and who should be blocked altogether.
Myth #3: Covering the top Ten VPN sites provides sufficient protection.
Fact:
Google “Top Ten VPN sites” and you’ll get a plethora of results. In fact, Google returned 53 million results in less than one second. Some of the Top Ten lists are created by well known entities, such as Forbes, Security.org and CNET, while others, like Top10VPN.com, should raise alarm bells.
But even if the source is reputable, should you trust its analysis? Take the Forbes list, which analyzed VPNs for the key features that Forbes editors value, namely cost and number of servers worldwide. The top VPN selected, Private Internet Access, was chosen because it “strikes a perfect balance of pricing, features, and usability.” To their credit, Forbes notes that some security teams are uncomfortable with its “checkered past.”
We at Digital Element are uncomfortable with the whole notion of a Top Ten VPN list, and the advice it delivers. How many VPNs were analyzed to begin with? How were they selected? In the case of Forbes, that data is absent from its report.
In its The Best VPN of 2022 list, Security.org tells readers that its security experts analyzed “dozens” of VPNs, to determine which are the best. How many dozen? And why were they selected? If a VPN wasn’t analyzed, can we assume it’s safe? How should the security team treat traffic that comes through those unanalyzed VPNs?
This is the challenge with relying on Top Ten VPN lists. On the whole they are a meaningless metric for a variety of reasons, all of which are well worth exploring. For starters, there are way more than 10 VPN services in the world today. In fact, there are way more than dozens of services. There are literally thousands of existing services, with new entrances occurring daily. In such an environment, how can anyone claim which ones ought to be included in a list of Top Ten? From our take, the most popular VPNs in the Top Ten lists are affiliate links that pay the person promoting the VPN. You can see in this list, the commissions for a sale. There is quite a lot of money in it. It’s no wonder so many people promote them.
Second, some VPNs are more concerning to specific industries than others. If you’re a company that streams copyright-protected content to subscribers, the commercial VPNs are more relevant to you than corporate VPNs. Many of the VPNs boast the ability to circumvent digital rights access parameters, which is a direct threat to your business. Consequently, your list of Top Ten VPNs will be based on a different set of criteria than a global retailer’s.
Third, the lists themselves are very suspect. While there are thousands of VPN services, many are owned by the same set of parent companies. For instance, 105 separate VPN services are owned by just 24 companies. As it happens, the VPN parent companies also own the review sites, which means they’re essentially grading their own homework. Kape Technologies owns multiple VPN services, including ExpressVPN, CyberGhost, Private Internet Access, as well as a collection of VPN review sites. There is an obvious conflict of interest between owning a service and writing its review.
This is a significant issue in the VPN space. In fact, U.S. lawmakers recently asked the Federal Trade Commission (FTC) to examine the promises VPN service providers offer consumers, as a study revealed that 75% of them make exaggerated or outright false claims about the level of protection and privacy consumers can expect.
The Digital Element Difference
Digital Element has a policy to review and classify all new VPN services as they emerge. We also monitor more than ten — or even dozens of VPN services. Currently, we monitor 361 VPNs, 56 proxies, and two darknets, which we’ve identified through mapping out the entire provider network and identifying darknet nodes.
We go beyond determining if a service is a VPN or proxy, we also go to the source of where those VPNs exist. We also provide contextual information about the VPN provider itself, a feature that is unique to Digital Element.
For instance, we provide nearly 20 fields about the provider, ranging from ID, Provider, Site URL and whether it’s a paid or free service, to location and whether it accepts crypto payment.
The rich detail we provide allows security teams to establish best practices for VPN traffic. For instance, you may opt to ban all users who use a VPN that has no paper trail, accepts payment in crypto or located in a region of the world where you have no customers, offices or employees.
Next Up: VPN threat vectors originate from common sources and remain static. Or do they? We’ll dig deeper and report on what our proprietary technologies reveal.
Did you know that October is Cybersecurity Awareness month? We have answered the National Cybersecurity Alliance’s call for cybersecurity champions, because we share the Alliance’s dedication to promoting a safer, more secure and more trusted internet.
Founded in 2004, Cybersecurity Awareness Month, is the world’s foremost initiative aimed at promoting cybersecurity awareness and best practices. Led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), Cybersecurity Awareness month is a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.
A 24/7 Mission for Digital Element
It’s important to note that our dedication to cybersecurity isn’t limited to the month of October. Everyday we help security teams across the globe protect their networks against cybersecurity threats and attacks.
Moreover, we work continuously in developing new tools and relationships so that we can provide security teams with more data, insights and tools they need to keep their network and customer data secure. For instance, we recently announced enhancements to Nodify, our threat intelligence solution which provides critical context surrounding VPN traffic, enabling cybersecurity teams to understand the level of threat such traffic poses, as well as set policy around that traffic.
Education is critical to achieving our mission, and in that vein, our employees, recognized domain experts in the field, share their insights on emerging trends and security strategies by authoring white papers, presentations and articles for the benefit of the cybersecurity commission.
In the spirit of raising awareness around cybersecurity, we’ve collected some educational materials for you to access, including:
The Need for Proxy/VPN Data in Today’s Heightened Cybersecurity State. This white paper looks at the meteoric rise in VPN usage, the new classes of VPNs that have emerged and the risks they pose to corporate security. It also addresses how corporate security teams can apply rules to mitigate those risks.
Three Ways IP Data Can Enhance Cybersecurity, also by Jonathan Tomek, that provides practical steps security professionals can leverage IP data to improve their cyber security.
Cybersecurity is all of our concern, and we all play a role in promoting a safer, more secure and trusted internet. Together we can achieve those goals.
About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/
A Five-Part Blog Series to Bust the Myths Surrounding VPN Intelligence Data
No trend deserves the corporate security team’s attention more than the explosion of VPN usage, as well as the influx of VPN providers to the market.
The numbers speak for themselves:
By 2027, the total VPN market may reach $92.6 billion.
Consumers will contribute to the growth; per IDC, the market for consumer VPNs will double in size, reaching $834 million by 2024.
Countless people will attempt to access corporate systems and websites via a VPN service, forcing security teams to make decisions as to which are legitimate, which are suspect, and which are likely to have nefarious intentions.
In our first blog post of the series, we dispelled the myth that all VPN-driven data is the same. In this post we take on the myth that VPN breadth doesn’t matter.
Myth #2: VPN breadth doesn’t matter. Once you know the entrance IP addresses you have the VPN covered.
Fact: Google “VPN providers” and you’ll see plenty of Top 10 or Top 25 lists, few of which contain the exact same providers. How many VPN services are there exactly? It’s a difficult question to answer, but it’s probably somewhere in the thousands. With that many providers, breadth absolutely matters!
Let’s start with some basics. Not all VPN services are the same. Broadly speaking, there are four main types:
1. Commercial VPN aka Personal VPN
This is a service that’s geared to individual or personal use rather than business use. Personal VPNs are used to protect a home or office computers and devices from external attacks. They’re also used to circumvent geography-based restrictions to content. These can be used on mobile devices, laptops, and home routers.
2. Corporate VPN aka Remote Access
This is a service that allows employees who work remotely to access and use their employers’ corporate data, systems and applications. All traffic between the user and the corporate network is encrypted.
3. Private Relay
This is designed to enable privacy for an individual without allowing them to circumvent geography-based restrictions. The goal of these types of VPNs is to encrypt network traffic to prevent data snooping.
4. Site-to-Site VPN
This is a connection between two or more networks, such as a network within a corporate HQ and one in a local branch office.
Complicating matters further, VPN infrastructure can be quite broad with numerous entry and exit points that change frequently. For instance, a commercial VPN service allows a user to enter the VPN via a US-based IP address and exit it via an IP address that’s located in another country. This allows the user to bypass any geo-restriction policies — an action that you will miss if you have just the US-based point of entry IP address.
Keep in mind that there are many free and low-cost commercial VPN services on the market that offer simple interfaces that allow users to change the location of their IP addresses quickly and easily. In fact, many services offer this functionality as a key selling point.
This means that an employee can also use a personal VPN service from within your corporate campus to circumvent your internal company policies, such as one that bans streaming videos while in the office. Worse, a VPN can be used to exfiltrate internal data outside of the network — an event that security tools can’t always detect.
The bottom line: One IP data point — either the entrance or exit point — is like one hand clapping.
The Digital Element Difference: We are an IP address intelligence data provider that tracks both entrance and exit points of your traffic, which means we are the only company that can eliminate these blindspots for you.
Our breadth of data provides the context you need to protect your corporate network by establishing and implementing best practices about VPN traffic.
Next up: The common myth that covering the top 10 VPN sites provides sufficient protection. We look forward to giving you the whole story on this.
A Five-Part Blog Series to Bust the Myths Surrounding VPN Intelligence Data
It’s no secret that VPN usage is exploding. Driven by the pandemic and lockdown orders, consumers everywhere signed up for a VPN service in order to access content that was otherwise off limits to them. Others were keen to secure their privacy.
Today, some 1.6 billion people — about 31% of the world’s Internet users — rely on a VPN to surf the web and access apps anonymously.
That enormous pool of users is an irresistible draw for entrepreneurs, investors, consumers and nefarious actors who see an opportunity to cash in on the trend. There are thousands of VPN services (though most are owned by the same subset of parent companies). Obviously, a great deal of VPN usage is benign, but not all of it. For instance, the credentials of 21 million VPN users were stolen from just three VPN apps, SuperVPN, GeckoVPN and ChatVPN, and are now up for sale on the dark web.
Residential users aren’t the only victims, as the FBI has warned that cyber criminals are exploiting home VPN usage to break into corporate systems. Meanwhile, streaming companies and compliance teams have seen VPN users circumvent their geographical rights management and digital rights restrictions.
The crimes are both serious and costly given that many VPN providers are happy to turn a blind eye to the activities of their users, providing them with a gateway for a range of malicious activities, including scraping, scanning and testing passwords in order to access your network.
Today, corporate security and compliance teams must navigate treacherous waters. With remote and hybrid work models a permanent fixture, employees sign into their workspaces via the corporate VPN by day, and their personal VPN by night, exposing the company’s systems to unprecedented risk.
Security and compliance teams feel a tremendous urgency to get a handle on the VPN market so they can make smart decisions about which VPN traffic to allow, which to investigate, and which to ban altogether. To make those distinctions, however, they need context and insight. VPN intelligence data is essential. But not all VPN data is equally valuable; critical differences exist, and those differences can spell the difference between a hack that is cauterized quickly, and one that makes national headlines.
There are many myths about VPN data. In this five-part blog series, we examine those myths one at a time. First up: the myth that all VPN-driven data is the same.
Fact: No, Not All VPN-Driven Data is the Same
Too often we hear that “all VPN-driven data is the same.” The differences begin with where the data originates — the VPN provider itself — and its intentions when offering a service to the market.
For instance, some VPN services are built for securing an organization (e.g. Zero-Trust Gateways), while some are privacy focused (e.g. Google VPN). Some allow the user to determine his or her exit destination to circumvent restrictions (e.g. NordVPN) in order to bypass digital rights restrictions. This means that each and every traffic source must be evaluated in its own right to determine which is safe, potentially suspect, or outright nefarious.
Additionally, the breadth of data can vary from provider to provider. A lot of VPN intelligence data providers get their data from a limited scope of sources, such as gambling apps. This is a huge problem because it misses vast swaths of VPN usage. For instance, schools and universities require students to use their VPN to register for classes or pay their tuition. None of this traffic will be covered by a service that relies on limited sources for their main source of data.
Millions of people who are not gamblers sign up for a VPN service in order to circumvent digital access rights so that they can stream content outside of their geo-location (e.g. stream The Office via UK Netflix rather than pay for a Peacock TV subscription).
And there are corporate VPNs which convolutes things. Let’s say an employee is at her desk researching products for her job via your corporate VPN. When she visits a website outside your network, she will appear to that website as an unknown actor hiding behind a VPN. Is she a legitimate customer or a competitor seeking to steal company secrets? To make that determination, the security team for that website will need more context around your VPN itself, such as the company name, provider URL, and so on.
Here’s another example for why context is critical: you may consider all VPN traffic originating in Russia as suspect and block it automatically. But what if you have employees (or students, if you’re a university) traveling there for work or a study abroad program? You may block legitimate people from accessing your network based on broad brushstrokes.
The Bottom Line
There is no one “best source” of data to protect business interests. The datasets that are right for your industry depends on your sector, geo-location, users, employees, and a host of other factors. There is no one-size-fits-all.
The Digital Element Difference: We don’t rely on a single source for our IP address intelligence data. Rather, we tap into multiple sources to ensure we have no gaps. And importantly, we distinguish between different types of VPN traffic and provide context around each VPN to help security teams understand the user behind the traffic.
Our breadth of data provides the context you need to investigate and contain breaches, enforce digital rights management, as well as establish and implement best practices about VPN traffic.
Next up: The common myth that VPN breadth doesn’t matter. Once you have one IP, you have the VPN covered. We look forward to getting the facts straight on this one.
Today’s enterprise IT professionals are navigating a challenging cybersecurity environment. In many ways, the problem’s scope is stunning and alarming. For instance, ransomware attacks increased by 151 percent year-over-year in 2021, while phishing scams increased by 440 percent in a single month.
The escalating attacks come with a price. According to IBM’s Cost of a Data Breach Report 2023, the average cost of a data breach in 2023 was USD $4.45 million, a 2.3% increase from 2022’s cost of $4.35 million.
As a result, companies are increasing their cybersecurity investment, fortifying their defensive postures to avoid the financial expense, reputational damage, and productivity loss that inevitably follows a cybersecurity incident.
In the process, cybersecurity leaders and organizational decision-makers face difficult decisions as they allocate resources, invest in new solutions, and support their personnel. This is especially challenging as threat actors display remarkable agility, exploiting novel vulnerabilities and harnessing the latest technologies to wreak havoc on a company’s digital infrastructure.
However, by evaluating the latest technology trends, companies can get ahead of the next threats.
New Technologies Introduce New Threats
New technologies invite threat actors to invoke fresh tactics when launching ransomware attacks, infiltrating company networks, or illegally occupying consumer accounts. In a pandemic-stricken environment, many are leveraging camouflage techniques that allow them to operate anonymously from anywhere in the world.
Most prominently, virtual private networks (VPNs), proxy servers, queue networks, and domain name systems (DNSs) allow threat actors to operate with nearly total anonymity.
At the same time, many organizations have made VPNs, encrypted connections over the internet from a device to a network–through a single IP address, available to the employees, providing expanded access to company IT from anywhere in the world. Collectively, companies deploy VPNs for several reasons, including:
Ensuring general security, such as avoiding identity theft
Minimizing privacy concerns, such as securing personal data
Mitigating information exposure from public WiFi
Accommodating job-specific requirements
Meanwhile, more than half of VPN users rely on the technology to access region-restricted content from streaming services and digital platforms. Unfortunately, many users are downloading free VPN software to access this region-restricted content, and they’ve unknowingly had their residential IPs hijacked by these VPN providers.
When consumers download and sign up for a free commercial VPN, many agree to give the VPN provider the right to use their IP address in the entire proxy pool for routing purposes. While this clause is often hidden in the Terms of Service, it can have significant implications for cybersecurity.
Threat actors have found proxies to be an effective way to masquerade their malicious activity. Companies can’t prevent VPN users from accessing the internet, but this practice increases the risk of labeling customers or employees as threat actors while failing to detect or discover the root of cybercrime.
Incorporating IP Data for Protection
Simply put, it’s evident that companies need to develop the capacity to separate threat actors from genuine users. The ability to identify threat actors operating through a proxy enables companies to flag potential criminal activities, set protocols for handling this type of “non-human” traffic, and review post-action analytics.
By incorporating proxy and VPN data on the front-end of online security measures, companies can automatically flag IP addresses as suspicious and reject or block the incoming IP from connecting to their service, website, or network. In addition, proxy data can trigger variable fraud alerts that enable companies to differentiate authentic traffic from fraudulent activity more effectively.
Most importantly, success is predicated on data quality. Information reliability can vary significantly among data sources, but the most accurate proxy data providers ensure that this information is constantly updated and originates from excellent sources. The cybersecurity implications are far-reaching, including:
Government agencies can use IP-based VPN data to filter and identify safe VPNs.
Financial services and eCommerce platforms can incorporate proxy and VPN data to implement smart rules to verify consumer IP addresses automatically.
Managed security service providers can use proxy and VPN data as a foundational, front-line layer of fraud prevention and security enhancement.
To thrive in a shifting cybersecurity landscape, companies must continually equip themselves with the data and tools to protect their digital assets. Developing the capacity to analyze and respond to high-quality proxy and VPN data strips threat actors of their anonymity, making it one cybersecurity strategy that companies can’t ignore in the year ahead.
To get more information about using IP data to solve cybersecurity challenges for your organization, access our guide, “The Need for Proxy/VPN Data in Today’s Heightened Cybersecurity State” here.
The year 2021 was a bit of a tumultuous one for marketers. The global pandemic forever altered consumer behavior and the rules of digital advertising saw radical shifts, led by changes in privacy and the death of the cookie. But the digital advertising ecosystem is one that has been marked by drastic changes, and we have no doubt that marketers will find their way to thrive. In fact, we already see evidence of marketers, with the help of their partners, doing just that.
Here are the three trends we think will define the year ahead for digital marketers.
Privacy Regulations are Changing the Data Rules
Over the past 20 years, marketers relied on third-party cookies to identify likely prospects, provide them with relevant ads, and assess how well marketing campaigns performed. But that model has been under attack since 2018, when GDPR went into effect. In the U.S., California was the first state to adopt a consumer privacy law; Virginia and Colorado have followed suit.
It’s just the beginning. According to the National Conference of State Legislatures, at least 38 states introduced more than 160 consumer privacy related bills in 2021, sending a message to marketers everywhere that they need new tactics going forward. Many companies, including Digital Element, have solidified their commitment to privacy controls as a result.
Where the regulations drop off, Big Tech picks up. Not content to wait until privacy regulations apply to every citizen of the world, Apple and Mozilla have banned third-party tracking in their browsers. Google announced plans to follow suit, though when that will actually occur is anybody’s guess, as the company has postponed the date multiple times.
Neither the regulations nor the browsers are banning the use of first-party data, however, and throughout 2021 every major brand, across all sectors, began to pivot. Simultaneously, the industry has seen an influx of companies offering products and services to help brands harness their first-party data and deploy it for marketing initiatives.
That’s not to say that purchasing audience segments for targeting purposes will go away; many companies with data will still offer them up.
Ad Spend is Pouring into CTV
Americans have always watched a great deal of TV but lockdown changed the game. Digital TV viewing minutes shot up in 2020, and never came back down in 2021. In August 2021, a Roku/Harris Poll study showed that TV streaming has overtaken linear TV in terms of view time.
Marketers are keen to follow them there for the very good reason that people tend to be highly engaged while consuming TV content. It can also play a critical role in the purchasing journey, especially if advertisers can deliver a TV ad to consumers who read about their products on their laptops or smartphones.
But homing in on those audiences can be difficult for many reasons, including publisher reticence to share viewer data, and the need to link laptops, smartphones, smart watches and other devices to a particular user’s smart TV.
The IP address is a very good proxy for CTV, as every device connected to the Internet is assigned one. If you can associate a user’s smartphone, laptop and CTV IP addresses, you can plan customer journeys that span multiple channels, including TV.
ID Graphs Will Dominate Targeting, but Buyers Should Beware
The concept of ID graphs isn’t new; companies like LiveRamp have long relied on them to help marketers resolve the identity of their customers and prospects. Companies like Experian use them to help marketers reach their audience segments across devices.
What is new is the plethora of companies that have come to market with an ID graph solution. The sheer number of solutions speaks to the demand expected. Clearly, ID graphs are seen as a reliable way to target once the third-party cookie finally crumbles. But can we assume that all ID graphs are created equal? We suspect not, and that marketers will go through a learning process when selecting one that’s right for their needs. It also means that consolidation is inevitable, with the better (or better funded) solutions buying up the smaller ones.
Marketers will quickly realize the power of ID graphs, especially when they can layer in IP data into their segments. IP data is quite rich and nuanced, which will enable marketers to glean even more insights about their target audiences.
Looking ahead, marketers will spend 2022 learning about, testing and comparing emerging privacy-compliant strategies for building their customer bases.
On November 18, Digital Element’s parent company Digital Envoy announced a new initiative that enables non-profits and research-based organizations to leverage location data to help make the world a better place in material ways. The new program, Data for Impact, aims to identify opportunities where aggregated global location data can have a positive impact on humanitarian, economic and global events.
Digital Element’s IP geolocation data will play an important role in this initiative, giving non-profit and research-based organizations greater certainty in leveraging high-quality, privacy-conscious IP and geolocation data to solve real-world problems. Our precise, real-time geolocation data compliments data from our sister company, Outlogic, to enable program partners to have a powerful social impact where it is most needed.
Using Data to Solve Real Challenges We believe that if we can make a difference in people’s lives, then we are obligated to do so. In that spirit, Digital Envoy will make its data available to experts who can use it tackle humanity’s most difficult challenges, including:
Protecting human rights: The Data for Impact program will actively provide data and information vital in stopping human trafficking and promoting fundamental human rights.
Navigating nature: Information from heat maps has the ability to provide vital data in the case of natural disasters and global pandemics. Of note, this type of information has already produced a groundbreaking study on improving evacuation routes in advance of a natural disaster and on analysis regarding whether preventive COVID-19 measures are working and how the virus may spread.
Shedding light around economic uncertainty: Public policy, infrastructure and services are heavily dependent on data. The Data for Impact program will be working with organizations to identify new opportunities that can provide more effective sector and program prioritization, design, implementation, monitoring, and evaluation.
Some of the initial Data for Impact program partners include the COVID Alliance, MIT and The World Bank. We are proud of the material gains our data has already provided, and look forward to working with worthy organizations in the future.
Have a Need? If you represent an organization, or know someone who does, that would benefit from the Data for Impact program, please get in touch with Jake Ellenburg, Vice President of Communications at Digital Envoy, parent company of Digital Element.
Marketers are navigating a period of change. Apple and Mozilla have already blocked third-party tracking in their browsers, and Google is testing ways to limit cookies while letting users choose whether to allow them. With these shifts, how will you continue to target your audience accurately and measure campaign performance?
The answer is a resounding yes for a simple reason: Not all data stems from third-party cookies.
For instance, ubiquitous and persistent, IP data is highly valuable to marketers, and can be leveraged to improve targeting, assess inventory quality (e.g. detect fraudulent impressions), drive campaign performance, and attribute business outcomes to specific channels.
And when used in conjunction with your first-party data or other privacy-compliant data sets, IP data provides contextual signals about sessions and traffic.
Here are seven tips for leveraging IP data to enhance your initiatives as we move forward into a privacy-centric world.
How IP Data Supports Marketing in a Post–Third-Party Cookie World
As third-party cookies are phased out, marketers are rethinking how they identify audiences while maintaining privacy compliance. While IP addresses can be considered personal data in some contexts, they can still be leveraged in a privacy-conscious way. By focusing on aggregation, minimization, and purpose limitation, IP intelligence enables localization, security, and measurement without relying on third-party cookies.
This approach allows organizations to:
Use IP data at an aggregate or contextual level rather than tracking individuals
Limit data collection to what’s strictly necessary for a given purpose
Support compliance with modern privacy regulations and consent frameworks
IP data enables marketers to maintain granular audience insights such as location context, connection type, and network environment without tracking individuals across the web. This makes it a valuable solution for personalization, fraud prevention, and analytics in a cookie-restricted ecosystem.
Tip #1: Make data a priority at your organization/build a data-driven culture
Data will always be the key to better understanding who your prospects and customers are, segmenting them into distinct personas, as well as gaining insight into their customer journeys.
IP data is especially helpful in improving targeting, attribution, and analysis while complying with existing and emerging privacy regulations. For instance, you can leverage IP addresses to uncover quite a bit of insight about your audiences, including their geolocation (country, city, postal code), whether they’re a home or business user, if their IP is associated with a suspicious proxy connection, their business name, and more.
These data points will help ensure you’re targeting the right audience, as well as assess the markets that deliver the most success for your campaign and products.
Tip #2: Discuss your company’s objectives to determine the type of data you’ll need to meet them
The types of data required for your marketing initiatives and advertising campaigns should align directly with your company’s key objectives. For example, if your goal is to verify that your advertising spend reached real humans rather than bots, you’ll need to go beyond and in tandem with IP geolocation data.
Effective ad fraud detection typically combines:
Proxy, VPN, and hosting signals
Behavioral and anomaly detection patterns
Verification through trusted ad measurement partners
Similarly, if your goal is to verify ad quality, auditing ad clicks ensures that your messaging is served to the correct audience segment. Specific datasets are available to help you refine a variety of use cases. From delivering localized content that improves the customer experience, to gathering insights that enhance operations and campaign performance.
What information can marketers derive from IP Intelligence?
While IP data is often associated with geographic location, modern IP intelligence provides a much broader set of insights that help marketers understand user context.
Connection type (residential, mobile, corporate, hosting)
Carrier and ISP information
Network ownership and organization
Geographic resolution (country, region, city, postcode)
Proxy and VPN indicators
Business vs. residential usage patterns
Together, these signals help businesses determine whether a user is likely accessing content from home, the office, or a mobile environment, enabling more accurate targeting, messaging, and fraud detection.
Tip #3: Examine which data you currently collect and integrate (or not) to identify gaps
Most companies have been building their pools of first-party data gathered from multiple customer touchpoints, including their websites, social media, campaign landing pages, customer care portal and so on. While these touchpoints provide a plethora of data, they don’t always provide the full context you need. If you’re not also leveraging IP data you will inevitably confront gaps in your insights, which can negatively affect your initiatives.
IP data enables you to:
Gain detailed and nuanced insights that you can deploy to improve campaign metrics. For instance, you can target audiences by geolocation and other data to improve results. Let’s say you’re a brick-and-mortar store and your campaign goal is to drive in-store foot traffic. IP data lets you answer the question: what is the optimal distance from an outlet to encourage in-store visits by new customers?
Create contextual or aggregated audience segments that support privacy-conscious marketing and allow you to measure campaign incrementality; optimizing performance without tracking individual users.
Manage distribution of online content, ensuring that licensing and agreements are adhered to, and that the right customer or prospect is always presented with the right content.
These are just a few of the ways that IP data can be deployed; there are many others.
Tip #4: Determine breadth and depth of the datasets needed
IP data is highly varied and provides you with many options. The breadth and depth of the datasets you’ll need will be driven by your business needs. Some of your available options include:
VPN & Proxy Identification
This data helps you to detect and prevent malicious IP address masking, and enables greater control over the distribution of your digital content.
Carrier Data
This data enables stronger targeting of mobile users based on ISP, mobile carrier, mobile country code, and mobile network code information.
Additional Insights from Extended Databases
These datasets provide a wealth of insight into users, and their likely interest in a product at a specific moment in time. For instance, a user may have little interest in a CPG product while at the office, but a keen interest while at home.
These extended databases include:
Autonomous System Number (i.e. routing prefixes)
Demographics
Language
Time Zone
Domain Name
Organization Name
SIC/NAICS Codes
Home/Business types
Core Based Statistical Area (CBSA)
Location Data
Location data helps you make strategic decisions in the online world. For example, it affects the way you price and promote your products; it shapes the way you reach out to your target audiences; it is used to analyze the attributes of consumers within a particular area; and it places restrictions on the way you conduct business due to laws and regulations in a given area.
Tip # 5: Evaluate whether or not you need to bring in a data partner
The best way to assess whether or not you need a data partner is to ask yourself very specific questions:
Do you have access to the full range of data that you’ll need to:
Deliver highly localized content
Verify ad spend
Optimize advertising yield
Perform robust analytics
Ensure legal compliance
Prevent fraud and enhance security
Network routing to optimize content delivery
And more…
Does your team understand all of the use cases and potential applications of the data?
If you’ve answered no to any of these questions, it’s likely you will need a data partner.
Tip #6: Conduct due diligence on data partner in terms of data quality, accuracy, reliability, updates, customer support, and ease of deployment
The goal of due diligence is to whittle down potential vendors to consider. You can conduct quite a bit of your due diligence prior to contacting any vendors.
Ultimately, you want a partner who is an established industry leader, deploys unparalleled data collection practices, excellent methodologies for classifications, and has formed strategic partnerships with external or third-party data providers to enhance the data.
When conducting due diligence, ask:
What industry firsts (i.e. innovations) can the company claim? You want a data provider that’s a pioneer in the industry, and can respond to emerging trends and opportunities in time to provide you with a competitive advantage.
Do they have defensible methodology? Patents or other breakthroughs are a sign that the company has a culture of innovation, and it means you’ll get access to high-quality, trusted data
What is the breadth of the data? Is it global? Digital Element is the industry-leading provider that has accurate, global postcode-level coverage, as well as zip+4 in the U.S. The benefit of digital targeting is that it allows you to home in on your entire audience, but you can’t do that without access to accurate data on a global scale.
Is this company the “gold standard” of its sector? You want to partner with the best quality, most forward-thinking data provider as you move forward in the privacy-centric world.
Tip #7: Vet vendors
At the end of your due diligence process you’ll have a list of vendors under consideration. Now it’s time to vet them so that you can make the best decision for your needs.
Proper vetting requires you to ask very specific questions, as the results of your initiatives will only be as good as the quality of the data you use.
Specific questions to ask include:
How do you collect data? Is it anonymous and inherently privacy compliant? Do you collect PII data that must ultimately be scrubbed out? Do you store personal data?
How often is your data refreshed? There’s no sense in targeting users who’ve already converted or sent signals they’re not interested in an advertised product or service. For this reason, Digital Element’s data is updated 24/7 and released weekly.
How is your data validated?
How accurate is your data in terms of percentage of audience?
How easily can your data be deployed? Will my company be able to integrate it into our systems quickly and easily?
Are you willing to collaborate with us? Answer questions for our clients?
The world of data is changing for marketers, but in many ways, it is changing for the better. With the right partner, and the right datasets, marketers can thrive and win new customers in the emerging privacy-centric environment.
Frequently Asked Questions About Using IP Data in Marketing
How does IP data replace third-party cookies?
IP data provides contextual insights that can support privacy-first targeting and analytics when used responsibly.
Can IP data tell if a user is at home or at work?
Yes. Connection type, ISP data, and network ownership help distinguish residential, corporate, and mobile environments.
Is IP-based targeting privacy compliant?
When used responsibly and at an aggregate level, IP intelligence supports privacy-first marketing strategies.
Learn How IP Data Strengthens Modern Marketing Strategies
As marketers adapt to a privacy-first, post–third-party cookie landscape, IP intelligence offers a reliable way to understand audience context, protect ad spend, and deliver more relevant experiences without relying on individual-level tracking.
Our Digital Element team provides accurate, privacy-compliant IP data that helps marketing teams improve targeting, detect fraudulent activity, drive in-store engagement, and manage location-based content with confidence.
