IP addresses have been traditionally considered an unreliable method for attack detection. The unreliability is attributed to the use of web proxies, NAT and non-static IP addresses for end-stations. This session will demonstrate how information derived from IP addresses can in fact be used to dramatically improve attack detection capabilities. The presentation will discuss attributes such as Geo Location, Reverse DNS Lookup, Anonymous Proxy lists and more. We discuss how IP intelligence can be used to increase detection effectiveness (ratio of false positives to false negatives) by "ruling" on otherwise indecisive anomalies. We also discuss certain scenarios in which IP intelligence is crucial for even detecting anomalies. The presentation is supported by corroborative evidence derived from actual log data and demonstrates some of the tools that can be used for analysis.