In cybersecurity, identifying and blocking malicious IP addresses is essential — yet traditional methods have limitations. Most conventional approaches rely heavily on past attack signals: if an IP address has been seen attacking elsewhere, it’s likely to be flagged as a threat again. The same logic is often applied when attempting to identify anonymisers such as VPNs or proxies.
The problem is twofold:
- Incomplete detection — By their very nature, many VPNs, proxies, and malicious services are designed to conceal their presence, making it impossible to identify them all.
- Reactive limitation — This approach primarily works after an attacker has exposed themselves through malicious behaviour. Until then, they remain undetected and free to act.
How Our Approach is Different
At BigDataCloud, we take a proactive approach — designed to identify potential threats before they act. Rather than focusing solely on historical attack data, we analyse IP address networks to determine the likelihood they are part of a hosting environment — networks that are unlikely to have a human “eyeball” behind the device.
We monitor these networks for signs of non-human activity. When a network meets our criteria, we classify it as hosting. This means that even if a specific IP address within that network has never been recorded engaging in malicious activity, we can still recognise its potential to be used in an attack in the future.
This capability is particularly important for defending against zero-day attacks, where waiting for evidence of malicious behaviour is simply too late.
The Hosting Likelihood Score
Our technology processes global IP addresses and assigns each a hostingLikelihood score from 0 to 10, indicating the probability it belongs to a hosting environment. We also provide an indicator showing whether the Autonomous System (AS) announcing the network appears associated with a hosting provider.
The hostingLikelihood and related indicators are part of the broader Hazard Report. For integration details, see the Hazard Report API.
- Proactively filter out high-risk, non-human connections
- Protect e-commerce, comment systems, and user platforms from automated abuse
- Strengthen security against both known threats and emerging vectors
By pairing proactive detection with reactive evidence, your organisation can stay ahead of evolving cyber threats and reduce the time to mitigation.