Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

6/29/2021
11:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams

WASHINGTON, June 29, 2021 /PRNewswire/ -- GreyNoise Intelligence, the anti-threat intelligence company, is helping security operations center (SOC) teams improve analyst efficiency, identify compromised devices and understand emerging threats by giving them unique visibility into "internet noise."

"Security analysts are overwhelmed with alerts," said GreyNoise founder and CEO Andrew Morris. "Every machine connected to the internet is exposed to a constant barrage of scans, web crawls, probes and attacks from tens of thousands of unique IP addresses per day. This 'internet noise' is generated by both good guys and bad guys, and it triggers security tools to generate thousands of events to be analyzed, with little context on the potential threats. Analysts waste hours differentiating between targeted attack traffic and background noise alerts."

GreyNoise helps security teams prioritize security alerts by giving them unique context on internet noise. This context comes from GreyNoise's internet-wide sensor network, which passively collects packets from hundreds of thousands of IPs seen scanning the internet every day, as well as the monitoring of common internet business services. Over the past 90 days, GreyNoise has analyzed almost 3 million IP addresses opportunistically scanning the internet, with the majority identified as benign or unknown, and only 10,000 identified as malicious.

User and Customer Growth
The GreyNoise Community has grown in the past year to over 12,000 accounts and more than 1,000 active daily users of the company's free version of its service. This community version gives analysts and researchers access to basic internet noise data via the GreyNoise Visualizer and Community API, as well as a limited number of alerts and bulk analyses. The company recently held its first quarterly Open Forum for Community users on May 6, 2021, to introduce the GreyNoise team, answer Community questions and discuss future product direction. To find out more, join the GreyNoise Community here.

Commercial versions of the GreyNoise service are used by enterprises, governments, ISPs and security firms to support automated usage of GreyNoise data, including turnkey integration into SIEM, SOAR and TIP platforms. GreyNoise has grown commercial customers and ARR by more than 100% over the past 12 months, including new customers such as Airbus, Lumen and the Defense Innovation Unit (DIU) of the U.S. Department of Defense.

"Using GreyNoise Intelligence helps the Hurricane Labs team eliminate background noise and focus on the most actionable and relevant alerts for our customers," said Steve McMaster, Director of Managed Services at Hurricane Labs. "Rather than presenting our analysts with even more data to investigate, GreyNoise has allowed us to reduce the volume of alerts that are triggered by 25% – which makes for a happier and more effective SOC team."

Additional Investment
During 2020, GreyNoise previously announced a $4.8 million seed investment led by CRV with participation from Paladin Capital Group and several individual tech executive investors. In-Q-Tel has recently joined as an additional strategic partner and investor. The new partnership with In-Q-Tel will allow GreyNoise to deliver its product roadmap faster.

"Government security teams struggle with the same kind of alert fatigue that commercial enterprises face," said Grant Whiting, Principal, In-Q-Tel. "GreyNoise's technology provides a unique solution to this problem that we believe can provide value to our intelligence and defense community partners. We are glad to welcome them to the portfolio."

Integration and Partner Traction
Integration, distribution and strategic partners continue to play a key role in GreyNoise's market expansion and growth. In the past 12 months, GreyNoise has worked with leading SOC security control vendors to deliver or improve a number of turnkey integrations, including Splunk ESSplunk PhantomPalo Alto Networks XSOARMicrosoft Azure SentinelSiemplifySwimlaneTinesRecorded FuturePolarityMISP and Anomali ThreatStream. These integrations enable security teams to scale the use of GreyNoise intelligence to reduce alert volumes and provide SOC-wide visibility into suspected threats. In addition to these supported commercial integrations, the GreyNoise community has built out integrations with a number of other security and data tools, including MaltegoFluent BitrstatsGreyWatch (TCP connection monitor), GreyNoisePS (Powershell integration), Machinae (OSINT collector) and many more.

To learn more about GreyNoise and get a free account to use the GreyNoise Visualizer technology, please visit:  https://viz.greynoise.io.

About GreyNoise
GreyNoise helps security analysts save time by revealing which events and alerts they can ignore. We do this by curating data on IPs that saturate security tools with noise. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats. This data is delivered through our SIEM, SOAR and TIP integrations, API, command-line tool, bulk data and visualizer. GreyNoise is trusted by Fortune 500 enterprises, governments, top security vendors and thousands of threat researchers. For more information, please visit Photo - https://viz.greynoise.io., and follow us on Twitter and LinkedIn.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38095
PUBLISHED: 2021-08-05
The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request.
CVE-2021-32598
PUBLISHED: 2021-08-05
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting...
CVE-2021-32603
PUBLISHED: 2021-08-05
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafte...
CVE-2021-3539
PUBLISHED: 2021-08-04
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
CVE-2021-36801
PUBLISHED: 2021-08-04
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product.