Home / Industry

How IP Geolocation Lookups Help Thwart Cyber Attacks

Cyber attacks can hit any organization and even derail its operation on a grand scale. Just recently, ISS World, a facility management service provider with clients in more than 70 countries worldwide, released a statement where it mentions being the victim of a malware attack. ISS World also claims to have contained the attack and identified the root cause of the threat.

All in all, ISS World is lucky in that it was able to address the issue rather quickly. In some cases, it can take weeks or more for affected organizations to thwart sophisticated attacks. Often, the incidents have already jeopardized the victims’ entire operations for a while before threat sources are found.

That is primarily the reason why cybersecurity experts stress the importance of proactive defense. Companies not only need to safeguard their operations but their customers and employees as well from the damaging effects of cyber attacks. One way to ensure smooth and unencumbered operations is by scrutinizing every connecting IP address before it’s allowed access to one’s network with solutions like IP Geolocation API.

How Can IP Address Blocking Help Users Protect Against Cyber Attacks?

Running a global company means that anyone from anywhere in the world can communicate with the employees on its network. But not all so-called “global organizations” engage in business transactions in every country. That said, security teams can restrict access coming from and going to countries where they don’t do business.

For instance, a company that only operates in Asia/Pacific, Europe, and the U.S. can avoid threats originating from the Middle East by, at the very least, scrutinizing contact with IP addresses from that area.

Blocking access to entire IP ranges assigned to certain countries is also an option but it can be very limiting for an organization. The company may be missing out on potential partnerships, for example. What if a Middle Eastern-based organization is trying to contact the company for a partnership deal? It may be best then to block IP addresses individually as these are proven guilty of malicious doings. Find out how in the next section.

Case Study: IP Geolocation for Threat Protection

While using an IP geolocation API or lookup is not a cure-all, the product can still reduce an organization’s chances of succumbing to a debilitating cyber-attack. For instance, its use can limit unwanted traffic flowing in and out of a user’s network.

Your security team members, for example, can begin by identifying the source of a threat, such as an IP address, by looking at your organization’s network logs. Say they come across 91[.]214[.]124[.]25 (a malicious IP address as this post will later show) that doesn’t coincide with the usual IP addresses found.

Running it through our IP geolocation lookup revealed that the IP address is actually Ukraine-based:

Since your organization, in this hypothetical scenario, doesn’t provide services to customers in Ukraine, your team should pay closer attention to it. In fact, while a Ukrainian IP address can access your network non-maliciously, this particular IP address was explicitly cited as an indicator of compromise (IoC) for a CLOP ransomware attack and so needs to be blocked.

* * *

Protecting against cyber attacks requires security teams to analyze and filter traffic that flows through their networks. They should particularly pay attention to suspicious IP addresses and make sure with the help of IP geolocation lookups that every visitor or user is authenticated before being granted access to network-connected files and systems.

By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider

Whois API, Inc. (WhoisXML API) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.

Visit Page

Filed Under


Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC


Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com