Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams

19
Internet Noise Contributing to Unnecessary Alert Overload for SOC Teams

GreyNoise Intelligence, the anti-threat intelligence company, is helping security operations center (SOC) teams improve analyst efficiency, identify compromised devices and understand emerging threats by giving them unique visibility into “internet noise.”

“Security analysts are overwhelmed with alerts,” said GreyNoise founder and CEO Andrew Morris. “Every machine connected to the internet is exposed to a constant barrage of scans, web crawls, probes and attacks from tens of thousands of unique IP addresses per day.

This ‘internet noise’ is generated by both good guys and bad guys, and it triggers security tools to generate thousands of events to be analyzed, with little context on the potential threats. Analysts waste hours differentiating between targeted attack traffic and background noise alerts.”

Also Read: CISOs Are Focused on Augmenting and Re-Establishing the Overall Security Status

GreyNoise helps security teams prioritize security alerts by giving them unique context on internet noise. This context comes from GreyNoise’s internet-wide sensor network, which passively collects packets from hundreds of thousands of IPs seen scanning the internet every day, as well as the monitoring of common internet business services.

Over the past 90 days, GreyNoise has analyzed almost 3 million IP addresses opportunistically scanning the internet, with the majority identified as benign or unknown, and only 10,000 identified as malicious.

User and Customer Growth
The GreyNoise Community has grown in the past year to over 12,000 accounts and more than 1,000 active daily users of the company’s free version of its service. This community version gives analysts and researchers access to basic internet noise data via the GreyNoise Visualizer and Community API, as well as a limited number of alerts and bulk analyses.

The company recently held its first quarterly Open Forum for Community users on May 6, 2021, to introduce the GreyNoise team, answer Community questions and discuss future product direction.

Commercial versions of the GreyNoise service are used by enterprises, governments, ISPs and security firms to support automated usage of GreyNoise data, including turnkey integration into SIEM, SOAR and TIP platforms. GreyNoise has grown commercial customers and ARR by more than 100% over the past 12 months, including new customers such as Airbus, Lumen and the Defense Innovation Unit (DIU) of the U.S. Department of Defense.

“Using GreyNoise Intelligence helps the Hurricane Labs team eliminate background noise and focus on the most actionable and relevant alerts for our customers,” said Steve McMaster, Director of Managed Services at Hurricane Labs. “Rather than presenting our analysts with even more data to investigate, GreyNoise has allowed us to reduce the volume of alerts that are triggered by 25% – which makes for a happier and more effective SOC team.”

Also Check: Introducing the TOUGHBOOK S1 Developed to deliver all the features you want, and all the rugged you need

Additional Investment
During 2020, GreyNoise previously announced a $4.8 million seed investment led by CRV with participation from Paladin Capital Group and several individual tech executive investors. In-Q-Tel has recently joined as an additional strategic partner and investor. The new partnership with In-Q-Tel will allow GreyNoise to deliver its product roadmap faster.

“Government security teams struggle with the same kind of alert fatigue that commercial enterprises face,” said Grant Whiting, Principal, In-Q-Tel. “GreyNoise’s technology provides a unique solution to this problem that we believe can provide value to our intelligence and defense community partners. We are glad to welcome them to the portfolio.”

Integration and Partner Traction
Integration, distribution and strategic partners continue to play a key role in GreyNoise’s market expansion and growth. In the past 12 months, GreyNoise has worked with leading SOC security control vendors to deliver or improve a number of turnkey integrations, including Splunk ESSplunk PhantomPalo Alto Networks XSOARMicrosoft Azure SentinelSiemplifySwimlaneTinesRecorded FuturePolarityMISP and Anomali ThreatStream.

These integrations enable security teams to scale the use of GreyNoise intelligence to reduce alert volumes and provide SOC-wide visibility into suspected threats. In addition to these supported commercial integrations, the GreyNoise community has built out integrations with a number of other security and data tools, including MaltegoFluent BitrstatsGreyWatch (TCP connection monitor), GreyNoisePS (Powershell integration), Machinae (OSINT collector) and many more.

For more such updates follow us on Google News ITsecuritywire News