Virtualization Technology News and Information
Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams

GreyNoise Intelligence, the anti-threat intelligence company, is helping security operations center (SOC) teams improve analyst efficiency, identify compromised devices and understand emerging threats by giving them unique visibility into "internet noise."

"Security analysts are overwhelmed with alerts," said GreyNoise founder and CEO Andrew Morris. "Every machine connected to the internet is exposed to a constant barrage of scans, web crawls, probes and attacks from tens of thousands of unique IP addresses per day. This 'internet noise' is generated by both good guys and bad guys, and it triggers security tools to generate thousands of events to be analyzed, with little context on the potential threats. Analysts waste hours differentiating between targeted attack traffic and background noise alerts."

GreyNoise helps security teams prioritize security alerts by giving them unique context on internet noise. This context comes from GreyNoise's internet-wide sensor network, which passively collects packets from hundreds of thousands of IPs seen scanning the internet every day, as well as the monitoring of common internet business services. Over the past 90 days, GreyNoise has analyzed almost 3 million IP addresses opportunistically scanning the internet, with the majority identified as benign or unknown, and only 10,000 identified as malicious.

User and Customer Growth
The GreyNoise Community has grown in the past year to over 12,000 accounts and more than 1,000 active daily users of the company's free version of its service. This community version gives analysts and researchers access to basic internet noise data via the GreyNoise Visualizer and Community API, as well as a limited number of alerts and bulk analyses. The company recently held its first quarterly Open Forum for Community users on May 6, 2021, to introduce the GreyNoise team, answer Community questions and discuss future product direction. To find out more, join the GreyNoise Community.

Commercial versions of the GreyNoise service are used by enterprises, governments, ISPs and security firms to support automated usage of GreyNoise data, including turnkey integration into SIEM, SOAR and TIP platforms. GreyNoise has grown commercial customers and ARR by more than 100% over the past 12 months, including new customers such as Airbus, Lumen and the Defense Innovation Unit (DIU) of the U.S. Department of Defense.

"Using GreyNoise Intelligence helps the Hurricane Labs team eliminate background noise and focus on the most actionable and relevant alerts for our customers," said Steve McMaster, Director of Managed Services at Hurricane Labs. "Rather than presenting our analysts with even more data to investigate, GreyNoise has allowed us to reduce the volume of alerts that are triggered by 25% - which makes for a happier and more effective SOC team."

Additional Investment
During 2020, GreyNoise previously announced a $4.8 million seed investment led by CRV with participation from Paladin Capital Group and several individual tech executive investors. In-Q-Tel has recently joined as an additional strategic partner and investor. The new partnership with In-Q-Tel will allow GreyNoise to deliver its product roadmap faster.

"Government security teams struggle with the same kind of alert fatigue that commercial enterprises face," said Grant Whiting, Principal, In-Q-Tel. "GreyNoise's technology provides a unique solution to this problem that we believe can provide value to our intelligence and defense community partners. We are glad to welcome them to the portfolio."

To learn more about GreyNoise and get a free account to use the GreyNoise Visualizer technology, please visit:

Published Tuesday, June 29, 2021 12:14 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2021>