At Spur, we process petabytes of data and conduct numerous human-led investigations daily to deliver the most in-depth and accurate IP intelligence data available. Today, we’re expanding our market leadership with the introduction of our enhanced geolocation data.
While Spur has always included geographic location in our API and Monocle responses, this data was previously sourced from a legacy geolocation provider. We frequently encountered customer inquiries regarding accuracy and identified inconsistencies during our own research.
This experience has driven the development of Next Generation IP Geo, a new product currently in beta, specifically designed to provide security professionals with the precise and actionable location intelligence they need.
The Critical Role of Geo in Security
Originally intended for basic functions like delivering relevant weather information or directing users to nearby download servers, IP geolocation was initially considered a “best-effort” solution where some level of inaccuracy was acceptable.
However, as the digital landscape has evolved, geographic information has become a crucial security control. Inaccurate data can significantly impact your organization’s security posture when preventing simultaneous logins from disparate locations, enforcing sanctions compliance, or identifying correlations in attack patterns.
The increasing reliance on IP geolocation has not gone unnoticed by malicious actors. Recognizing the potential to circumvent these controls, they actively employ techniques such as VPNs and proxies to spoof their location, masking their true origin. Furthermore, the operators of these services manipulate commonly used geolocation databases, either directly or indirectly, to propagate inaccurate location data. This manipulation allows them to bypass geographic restrictions, obfuscate their activities, and establish a false sense of legitimacy, ultimately undermining the effectiveness of security protocols that depend on accurate location intelligence.
Architecting for Security: A Ground-Up Approach
Note: We will delve into the trust issues we’ve uncovered with existing geolocation data in an upcoming series of blog posts.
Recognizing the limitations of current solutions, we developed Next Generation IP Geo based on these core principles:
- Data Integrity: Traditional geolocation providers often cater to both end consumers and a network of IP leasing companies, brokers, and network operators. This can lead to biased data, as we discovered instances where IP owners directly influenced location updates through sales channels.
Our geolocation results are grounded in technical analysis and hard data, not end-user or network operator “corrections.” While we welcome feedback on data quality and edge cases, this information will inform algorithmic adjustments, not direct result modifications. This approach mirrors how search engines balance user satisfaction with unbiased ranking. - Prioritizing Privacy: Every input to our geolocation database is mapped to approximately two million global hexagons, each roughly the size of a large metropolitan area, and further refined to cities based on population density. This approach prevents excessive precision that could be used to identify individuals or households when combined with other data.
- Designing for Security Utility: Our privacy mapping offers a secondary benefit: nearby IP addresses cleanly map to the same grid cells. This enables simple string comparisons to determine if a user logged in from home and then moved to a nearby location, eliminating the need for complex distance calculations or city mapping.
Getting Started
Beta customers can now download geolocation data in the standard MMDB format, allowing for seamless integration with existing systems. API customers will receive the new, high-accuracy data in the coming weeks.
If you are not yet a Spur customer or would like to discuss specific use cases, please contact us. We are eager to receive your feedback and continue refining our product to meet the evolving needs of the security community.
