Want all of the data behind our APIs? Our downloadable IP address databases deliver insights into millions of IPs

Learn more
Cogility🔓 Cybersecurity

Cogility delivers continuous intelligence on 100,000+ threat actors with IPinfo

Cogility specializes in the most advanced continuous intelligence solution, delivering actionable intelligence in time-sensitive cybersecurity use cases. Discover how Cogility uses IPinfo in its solution.

📈 Market position

About Cogility

Cogility has been developing and applying Hierarchical Complex Event Processing (HCEP) that empowers analysts to be more efficient at analyzing data for more than ten years. Cogynt, the Continuous Intelligence Platform from Cogility, offers a no-code user interface, allowing analysts to interact directly with high-velocity streaming data. Analysts can then access analytics without needing programming skills.

  • twitter
  • linkedin
  • website
  • Client
    Cyber Threat & Risk Team
  • Customer Since
    February 2023
  • Company
    Cogility
  • Datasets Used
    IP Whois and RIR Whois Downloads
🤔 The problem

Misattribution decreases customer confidence in threat intelligence

Cogynt, Cogility’s Continuous Intelligence Platform, combines multiple data sources to map potential customers' and adversary assets. Cogynt updates threat intelligence in near-real time to account for continuous changes in threat actor infrastructure and allow customers to detect connections between adversary assets and business networks. Cogility required many contextualized IP address datasets to provide scalable and complete coverage for its solution. Inaccurate data poses significant challenges for continuous intelligence solutions. Migrating to IPinfo provided Cogynt with a high level of IP data accuracy that is thoroughly vetted and validated, unlike open-source IP data.. “We want to ensure the highest level of data accuracy to provide meaningful predictive insights to our customers for actionable decision-making. We've found that using public IP information via RIR or data from other IP data providers can introduce issues with accuracy. Bad data ultimately degrades the level of continuous intelligence our customers demand,” says Jeremy Turner, Head of Cyber and Risk.

Cogility required many contextualized IP address datasets to provide scalable and complete coverage for its solution. Inaccurate data poses significant challenges for continuous intelligence solutions. Migrating to IPinfo provided Cogynt with a high level of IP data accuracy that is thoroughly vetted and validated, unlike open-source IP data..

⏳ The process

Finding the right IP address data partner

Cogility needed to eliminate faulty conclusions, misattribution, and decreased customer confidence in its solution that arises from faulty IP data. Cogility's team experimented with producing its own IP address data and recognized the financial cost and long-term reduction in team efficiency associated with maintaining and improving its own database. IPinfo’s data accuracy met Cogility requirements for daily updates and data validation systems. According to Jeremy Turner, Head of Cyber and Risk, “I can infer that IPinfo is doing much more than just taking at face value what public registries are providing. For example, they’re looking at domain name ownership within those IP ranges to infer asset ownership. This is the same way I’d approach this problem.”

🔬 The solution

Updating threat intelligence in near-real time

Cogility updates threat intelligence data in near-real time to monitor security targets and adversarial infrastructure, mapping assets, connections, and attacks over long periods of time. According to Jeremy Turner, Head of Cyber and Risk, “Because our whole system is built around those principles of identification and attribution, we can’t use public information via RIR or other providers. Developing this caliber of data takes a lot of thought and intentional improvement. It’s really quite difficult. There’s a lot of value in having IP data delivered as a service.” With IPinfo, Cogility is focused on providing continuous intelligence rather than spending valuable time and resources developing accurate IP data for its intelligence solutions.

🎉 The result

Improving customer confidence in security models.

Cogility implements IPinfo’s data to continuously monitor infrastructure changes for hundreds of thousands of threat actor assets and over 20 million entities continuously. Accurate IP address data has enabled Cogynt to better monitor actions between threat actors and the targeted victims. “Many entity enumeration methods like active and passive DNS have stale states and suffer greatly with false positives and gaps in enumeration. It's evident that IPinfo takes data quality very seriously, employing many methods for both attribution and validation. Doing entity enumeration at the scales that we are demands the precision and time resolution that IPinfo delivers,” says Jeremy Turner, Head of Cyber and Risk. By partnering with an IP address provider that specializes in accurate IP data, Cogility conserves resources and team efficiency to focus on developing better solutions to the challenges its customers face. With IPinfo’s regularly updating datasets, Cogility anticipates continuing to improve customer confidence in its leading continuous intelligence solution.

Related Customer Stories

  • Graylog
    🔓 Cybersecurity

    Graylog realized they had an opportunity to further enrich their customers’ data. Learn how they leveraged IP data to enrich intel.

  • GreyNoise
    🔓 Cybersecurity

    Since using IPinfo, GreyNoise has become recognized as the go-to Anti-Threat Intelligence source.

Get started with IPinfo

Sign up for freeGet a quote