Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams
Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams
June 29, 2021
PRESS RELEASE
WASHINGTON, June 29, 2021 /PRNewswire/ -- GreyNoise Intelligence, the anti-threat intelligence company, is helping security operations center (SOC) teams improve analyst efficiency, identify compromised devices and understand emerging threats by giving them unique visibility into "internet noise."
"Security analysts are overwhelmed with alerts," said GreyNoise founder and CEO Andrew Morris. "Every machine connected to the internet is exposed to a constant barrage of scans, web crawls, probes and attacks from tens of thousands of unique IP addresses per day. This 'internet noise' is generated by both good guys and bad guys, and it triggers security tools to generate thousands of events to be analyzed, with little context on the potential threats. Analysts waste hours differentiating between targeted attack traffic and background noise alerts."
GreyNoise helps security teams prioritize security alerts by giving them unique context on internet noise. This context comes from GreyNoise's internet-wide sensor network, which passively collects packets from hundreds of thousands of IPs seen scanning the internet every day, as well as the monitoring of common internet business services. Over the past 90 days, GreyNoise has analyzed almost 3 million IP addresses opportunistically scanning the internet, with the majority identified as benign or unknown, and only 10,000 identified as malicious.
User and Customer Growth
The GreyNoise Community has grown in the past year to over 12,000 accounts and more than 1,000 active daily users of the company's free version of its service. This community version gives analysts and researchers access to basic internet noise data via the GreyNoise Visualizer and Community API, as well as a limited number of alerts and bulk analyses. The company recently held its first quarterly Open Forum for Community users on May 6, 2021, to introduce the GreyNoise team, answer Community questions and discuss future product direction. To find out more, join the GreyNoise Community here.
Commercial versions of the GreyNoise service are used by enterprises, governments, ISPs and security firms to support automated usage of GreyNoise data, including turnkey integration into SIEM, SOAR and TIP platforms. GreyNoise has grown commercial customers and ARR by more than 100% over the past 12 months, including new customers such as Airbus, Lumen and the Defense Innovation Unit (DIU) of the U.S. Department of Defense.
"Using GreyNoise Intelligence helps the Hurricane Labs team eliminate background noise and focus on the most actionable and relevant alerts for our customers," said Steve McMaster, Director of Managed Services at Hurricane Labs. "Rather than presenting our analysts with even more data to investigate, GreyNoise has allowed us to reduce the volume of alerts that are triggered by 25% – which makes for a happier and more effective SOC team."
Additional Investment
During 2020, GreyNoise previously announced a $4.8 million seed investment led by CRV with participation from Paladin Capital Group and several individual tech executive investors. In-Q-Tel has recently joined as an additional strategic partner and investor. The new partnership with In-Q-Tel will allow GreyNoise to deliver its product roadmap faster.
"Government security teams struggle with the same kind of alert fatigue that commercial enterprises face," said Grant Whiting, Principal, In-Q-Tel. "GreyNoise's technology provides a unique solution to this problem that we believe can provide value to our intelligence and defense community partners. We are glad to welcome them to the portfolio."
Integration and Partner Traction
Integration, distribution and strategic partners continue to play a key role in GreyNoise's market expansion and growth. In the past 12 months, GreyNoise has worked with leading SOC security control vendors to deliver or improve a number of turnkey integrations, including Splunk ES, Splunk Phantom, Palo Alto Networks XSOAR, Microsoft Azure Sentinel, Siemplify, Swimlane, Tines, Recorded Future, Polarity, MISP and Anomali ThreatStream. These integrations enable security teams to scale the use of GreyNoise intelligence to reduce alert volumes and provide SOC-wide visibility into suspected threats. In addition to these supported commercial integrations, the GreyNoise community has built out integrations with a number of other security and data tools, including Maltego, Fluent Bit, rstats, GreyWatch (TCP connection monitor), GreyNoisePS (Powershell integration), Machinae (OSINT collector) and many more.
To learn more about GreyNoise and get a free account to use the GreyNoise Visualizer technology, please visit: https://viz.greynoise.io.
About GreyNoise
GreyNoise helps security analysts save time by revealing which events and alerts they can ignore. We do this by curating data on IPs that saturate security tools with noise. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats. This data is delivered through our SIEM, SOAR and TIP integrations, API, command-line tool, bulk data and visualizer. GreyNoise is trusted by Fortune 500 enterprises, governments, top security vendors and thousands of threat researchers. For more information, please visit Photo - https://viz.greynoise.io., and follow us on Twitter and LinkedIn.
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024