Latest NewsTechnology

Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams

GreyNoise Intelligence, the anti-threat intelligence company, is helping security operations center (SOC) teams improve analyst efficiency, identify compromised devices and understand emerging threats by giving them unique visibility into “internet noise.”

“Security analysts are overwhelmed with alerts,” said GreyNoise founder and CEO Andrew Morris. “Every machine connected to the internet is exposed to a constant barrage of scans, web crawls, probes, and attacks from tens of thousands of unique IP addresses per day. This ‘internet noise’ is generated by both good guys and bad guys, and it triggers security tools to generate thousands of events to be analyzed, with little context on the potential threats. Analysts waste hours differentiating between targeted attack traffic and background noise alerts.”

GreyNoise helps security teams prioritize security alerts by giving them unique context on internet noise. This context comes from GreyNoise’s internet-wide sensor network, which passively collects packets from hundreds of thousands of IPs seen scanning the internet every day, as well as the monitoring of common internet business services. Over the past 90 days, GreyNoise has analyzed almost 3 million IP addresses opportunistically scanning the internet, with the majority identified as benign or unknown, and only 10,000 identified as malicious.

The GreyNoise Community has grown in the past year to over 12,000 accounts and more than 1,000 active daily users of the company’s free version of its service. This community version gives analysts and researchers access to basic internet noise data via the GreyNoise Visualizer and Community API, as well as a limited number of alerts and bulk analyses. The company recently held its first quarterly Open Forum for Community users on May 6, 2021, to introduce the GreyNoise team, answer Community questions and discuss future product direction.

Commercial versions of the GreyNoise service are used by enterprises, governments, ISPs, and security firms to support automated usage of GreyNoise data, including turnkey integration into SIEM, SOAR, and TIP platforms. GreyNoise has grown commercial customers and ARR by more than 100% over the past 12 months, including new customers such as Airbus, Lumen, and the Defense Innovation Unit (DIU) of the U.S. Department of Defense.

“Using GreyNoise Intelligence helps the Hurricane Labs team eliminate background noise and focus on the most actionable and relevant alerts for our customers,” said Steve McMaster, Director of Managed Services at Hurricane Labs. “Rather than presenting our analysts with even more data to investigate, GreyNoise has allowed us to reduce the volume of alerts that are triggered by 25% – which makes for a happier and more effective SOC team.”

ITN
Today we live in a T-shaped world. While broad knowledge across the ecosystems is critical, deep insights and expertise of Subject Matter Experts help organizations leapfrog. At IndiaTechnologyNews, we cover much more than news, views and analysis, and we feature SMEs to help translate their knowledge to wider audiences. Reach me at editor@indiatechnologynews.in

You may also like

More in Latest News