theDocumentId => 1341431 Internet Noise Contributing to Unnecessary Alert ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

6/29/2021
11:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams

WASHINGTON, June 29, 2021 /PRNewswire/ -- GreyNoise Intelligence, the anti-threat intelligence company, is helping security operations center (SOC) teams improve analyst efficiency, identify compromised devices and understand emerging threats by giving them unique visibility into "internet noise."

"Security analysts are overwhelmed with alerts," said GreyNoise founder and CEO Andrew Morris. "Every machine connected to the internet is exposed to a constant barrage of scans, web crawls, probes and attacks from tens of thousands of unique IP addresses per day. This 'internet noise' is generated by both good guys and bad guys, and it triggers security tools to generate thousands of events to be analyzed, with little context on the potential threats. Analysts waste hours differentiating between targeted attack traffic and background noise alerts."

GreyNoise helps security teams prioritize security alerts by giving them unique context on internet noise. This context comes from GreyNoise's internet-wide sensor network, which passively collects packets from hundreds of thousands of IPs seen scanning the internet every day, as well as the monitoring of common internet business services. Over the past 90 days, GreyNoise has analyzed almost 3 million IP addresses opportunistically scanning the internet, with the majority identified as benign or unknown, and only 10,000 identified as malicious.

User and Customer Growth
The GreyNoise Community has grown in the past year to over 12,000 accounts and more than 1,000 active daily users of the company's free version of its service. This community version gives analysts and researchers access to basic internet noise data via the GreyNoise Visualizer and Community API, as well as a limited number of alerts and bulk analyses. The company recently held its first quarterly Open Forum for Community users on May 6, 2021, to introduce the GreyNoise team, answer Community questions and discuss future product direction. To find out more, join the GreyNoise Community here.

Commercial versions of the GreyNoise service are used by enterprises, governments, ISPs and security firms to support automated usage of GreyNoise data, including turnkey integration into SIEM, SOAR and TIP platforms. GreyNoise has grown commercial customers and ARR by more than 100% over the past 12 months, including new customers such as Airbus, Lumen and the Defense Innovation Unit (DIU) of the U.S. Department of Defense.

"Using GreyNoise Intelligence helps the Hurricane Labs team eliminate background noise and focus on the most actionable and relevant alerts for our customers," said Steve McMaster, Director of Managed Services at Hurricane Labs. "Rather than presenting our analysts with even more data to investigate, GreyNoise has allowed us to reduce the volume of alerts that are triggered by 25% – which makes for a happier and more effective SOC team."

Additional Investment
During 2020, GreyNoise previously announced a $4.8 million seed investment led by CRV with participation from Paladin Capital Group and several individual tech executive investors. In-Q-Tel has recently joined as an additional strategic partner and investor. The new partnership with In-Q-Tel will allow GreyNoise to deliver its product roadmap faster.

"Government security teams struggle with the same kind of alert fatigue that commercial enterprises face," said Grant Whiting, Principal, In-Q-Tel. "GreyNoise's technology provides a unique solution to this problem that we believe can provide value to our intelligence and defense community partners. We are glad to welcome them to the portfolio."

Integration and Partner Traction
Integration, distribution and strategic partners continue to play a key role in GreyNoise's market expansion and growth. In the past 12 months, GreyNoise has worked with leading SOC security control vendors to deliver or improve a number of turnkey integrations, including Splunk ESSplunk PhantomPalo Alto Networks XSOARMicrosoft Azure SentinelSiemplifySwimlaneTinesRecorded FuturePolarityMISP and Anomali ThreatStream. These integrations enable security teams to scale the use of GreyNoise intelligence to reduce alert volumes and provide SOC-wide visibility into suspected threats. In addition to these supported commercial integrations, the GreyNoise community has built out integrations with a number of other security and data tools, including MaltegoFluent BitrstatsGreyWatch (TCP connection monitor), GreyNoisePS (Powershell integration), Machinae (OSINT collector) and many more.

To learn more about GreyNoise and get a free account to use the GreyNoise Visualizer technology, please visit:  https://viz.greynoise.io.

About GreyNoise
GreyNoise helps security analysts save time by revealing which events and alerts they can ignore. We do this by curating data on IPs that saturate security tools with noise. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats. This data is delivered through our SIEM, SOAR and TIP integrations, API, command-line tool, bulk data and visualizer. GreyNoise is trusted by Fortune 500 enterprises, governments, top security vendors and thousands of threat researchers. For more information, please visit Photo - https://viz.greynoise.io., and follow us on Twitter and LinkedIn.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...
CVE-2021-25808
PUBLISHED: 2021-07-23
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.