Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/16/2021
12:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Kasada and GreyNoise Team up to Identify Which Potential Threats Demand Immediate Attention

Collaboration Brings Together Leading Internet Noise Detection and Bot Mitigation Companies, Providing Free Access to Real-Time Scanner, Attack and Bot Threat Information

NEW YORK, NY and WASHINGTON, D.C. -- April 14, 2021 -- Kasada, provider of the most effective and easiest way to defend against advanced persistent bot attacks, today announced a partnership with GreyNoise Intelligence, the leader in internet background noise insight and security analyst efficiency. By teaming up with Kasada, GreyNoise will be able to provide users with an improved understanding of their security environment and more accurate information about which potential threats demand their attention.

Kasada detects malicious automation and bot networks, seeing billions of bot interactions every month. GreyNoise collects, analyzes and labels data about IP addresses that scan the internet and saturate security tools with “noise”. GreyNoise has enriched its IP data with Kasada’s intelligence on persistent bot traffic, allowing users to quickly identify and triage emerging bot activity. This information will be available to security organizations and the public for free here

“Kasada’s approach to bot mitigation not only identifies bots that others miss, but halts them in their tracks, from the start,” said Andrew Morris, founder and CEO of GreyNoise Intelligence. “I’m excited about how well our technologies complement each other in this first-of-its-kind partnership. The combination of their expertise and ours provides powerful insight and context to our users.” 

Kasada estimates that 30% of all Internet traffic is generated by bots. Malicious bot-driven events occur every day, and the majority of login attempts across industries are fake, passing by mostly unnoticed as well-disguised traffic that looks and acts “human.” By enriching GreyNoise’s IP scan and attack data with Kasada bot intelligence, the companies will give security analysts a clearer understanding of which potential threats to be worried about, helping them apply their limited time and resources to those attacks targeted towards their businesses. 

“GreyNoise delivers a unique understanding of Internet background noise, and by combining that with our real-time bot information, countless companies will be able to differentiate true threats from noise faster than ever before,” added Sam Crowther, founder and CEO of Kasada. “The ability to quickly focus efforts on the most troubling attacks without worrying that something critical was missed is of tremendous value.”

For any IP address in the GreyNoise Visualizer identified as a bot by Kasada, security analysts get detailed insights about the IP’s attributes and behavior. With this level of data, analysts can determine whether the bot activity associated with this IP address represents a threat that requires further investigation or one that can be deprioritized. The detailed insights include:

  • Bot - Kasada’s bot intelligence is overlaid with GreyNoise’s to expose IPs that GreyNoise has seen scanning the internet that Kasada has also seen engaging in bot activity.

 

  • Classification - the IP’s intent-- is it malicious, benign, or unknown.

 

 

  • Metadata - When was the first and last time this IP was seen scanning the Internet? Users can also learn what operating system (OS) it’s running, what its geographic location is, and other information such as ports and paths, JA3 fingerprinting, if a user-agent is being used, and more.

 

  • Tags - Tags quickly tell users what behavior the IP address is exhibiting.

 

“For too long, security analysts have been forced to struggle through a never-ending onslaught of alerts, hoping they’re using their limited time on what’s most important. The sheer volume of events makes it impossible to address every issue,” said Joseph Krull, Senior Cybersecurity Analyst at Aite Group. “The pairing of Kasada and GreyNoise will help to highlight the most critical events and attacks, empowering users to protect their organization by using their valuable time and resources more effectively.”

To learn more, watch the demo video and check out the GreyNoise Visualizer.

About GreyNoise

GreyNoise is the only security company that tells security teams what NOT to worry about. By collecting and analyzing data on internet scanner IPs that saturate security tools with noise, GreyNoise allows security analysts to confidently ignore irrelevant or harmless activity, and create more time to uncover and investigate true threats. GreyNoise data is delivered through a web-based visualizer, APIs, integrations with SIEM, SOAR and TIP tools, a command-line tool, and as bulk data. The company is trusted by enterprises, government agencies, top security vendors, and threat researchers around the world to increase analyst efficiency, uncover compromised devices, and identify emerging threats. GreyNoise was founded in 2017 and is backed by leading venture firms including CRV, StoneMill Ventures, Paladin Capital, and Inner Loop Capital. For more information, please visit greynoise.io, and follow us on Twitter and LinkedIn

 

About Kasada

Kasada is the most effective and easiest way to defend against advanced persistent bot attacks across web, mobile, and API channels. With Kasada, trust in the Internet is restored by foiling even the stealthiest cyber threats, from credential abuse to data scraping. The solution invisibly stops automated threats while inflicting financial damage to attackers, destroying their ROI. With the ability to onboard in minutes, Kasada ensures immediate and long-lasting protection while empowering enterprises with optimal online activity. Kasada is based in New York and Sydney, with offices in Melbourne, San Francisco, and London. For more information, please visit www.kasada.io and follow on Twitter, LinkedIn, and Facebook.

 

# # #

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.
CVE-2020-24119
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVE-2020-27833
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...