GreyNoise and Panther help security teams cope with threat overload
By Brad LaPorte, Gartner Veteran & Strategic Advisor to GreyNoise and Panther Labs
My two best friends just became BFFs. Before I can talk about how awesome this is, I need to start at the beginning…
Let's rewind back to July 8, 2019, when I slid into Andrew Morris’s DMs to learn more about what GreyNoise was all about. Little did I know that this initial conversation would evolve into the bromance that thrives today. At the time, the team was tackling a very serious problem that had been plaguing security teams since the dawn of the SIEM in 2006 - alert fatigue as well as spending over 50% of their time and resources dealing with useless false positives. To this point, no one had really tackled this problem. Somehow this crack team of fewer than 5 people was able to make a dent which has had a ripple effect throughout the market. Being the research analyst that I was, I dug in like an Alabama tick. In every conversation we had, I needed to learn more…
Flash forward to May 2020 - I had the honor of acting as lead author of the Cool Vendors report as a research analyst at Gartner. The bar is extremely high for vendors that have the rare opportunity to be selected for this report, but GreyNoise was an easy selection. They exceeded all marks across customer feedback, inquiries, and the benchmark criteria that Gartner sets for inclusion.
Punch it into lightspeed - a year ago, I teamed up with my business partner, Dan Schoenbaum, to act as an independent consultant with High Tide Advisors. I rekindled my relationship with Andrew and formed an official business agreement to aid them in their Go-To-Market Strategy.
Simultaneously I was introduced to Jack Nagileri, CEO and Founder of Panther Labs, who was making a rather HUGE splash in the SIEM space. With a new and innovative approach to alleviating the pain of traditional SIEM via detection-as-code, a robust security data lake, and huge scalability with zero-ops, Panther currently has a $1.4 billion valuation. They are addressing the same root problems I had dealt with for many years while working in the US Department of Defense, Dell SecureWorks, IBM, as well as other security teams throughout my 20-year career.
Over the past few months, I have had the pleasure of writing several content pieces and hosting webinars on very hot topics in the market for both companies. I have grown so much with both organizations, professionally and personally. It is a true pleasure to see the union of them operating together - like finding that last puzzle piece that completes a picture.
In order to fully understand and appreciate this union, it is important to capture what exactly is happening in the industry…
State of the Industry (TL;DR - Things are getting much worse)
Every day, cybercriminals are plotting new methods of cracking through the infrastructures of organizations, and their activity continues to ramp up. Just looking at Common Vulnerabilities and Exposures (CVE) alone, we saw 50 new CVEs introduced per day on average in 2021, a record 18,376 for the year, and a trend that has continued into 2022.
Security teams are tasked with safeguarding their organizations from these CVEs but are overwhelmed by the sheer volume. While regulators have set an expected response time of 48 hours or less from the time a threat is detected, the reality is that most organizations don’t come anywhere close to meeting that timeframe. “Cybersecurity teams inside large organizations take over three months (96 days) to develop the skills necessary to defend against breaking cyber threats,” according to a recent report by the cybersecurity training organization Immersive Labs.
Part of the problem lies in inadequate staffing levels. In 2021, the shortage of skilled cybersecurity workers worldwide totaled 2.72 million, which may be underselling the problem, according to some analysis. But the other part is that security tools have become so hyper-vigilant about perceived – and often false -- threats that they are in constant alert mode, resulting in alarm fatigue for the understaffed security team.
I expand more on this in this Panther Labs Ebook.
The fundamentals of cybersecurity responsibilities
A (VERY) oversimplified breakdown of basic cybersecurity responsibilities can be categorized into two phases:
- Monitoring threats
- Remediating breaches
What teams need are tools that provide highly refined automation to point them only to those threats that are a danger, and then steer them to prioritized remediation actions for their infrastructures.
That’s exactly what GreyNoise and Panther are now offering through a new collaboration between the two cybersecurity vendors. GreyNoise gets rid of the noise of false or irrelevant threats, while Panther helps teams address those that are significant and need attention.
ELI5 - The analogy of a water filtration system
To understand how the two platforms work in tandem, think of the task of ensuring the water in a home is safe to use. You could let all the water in and then apply filters on every pipe in the house, or you could start with one large filter that blocks hazardous substances before they enter the rest of the plumbing.
That first filtration method is what GreyNoise is now offering their customers for free – a tool that collects, analyzes, and labels data on IPs that scan the internet and generate noise that amounts to irrelevant or harmless activity. In the filtration analogy, it’s lessening the amount of work that filters further down the line would have to perform. This level of filtration is GreyNoise’s Basic level of service.
GreyNoise also offers subscription services that add two key features:
- Alerts that show where in the infrastructure an organization likely has a compromised device and
- Identification of new CVE or internet attack activity, including tagging of IPs actively exploiting those vulnerabilities in the wild.
In the water analogy, these services provide guidance about potentially harmful substances that have seeped through and where they may be located.
From there, Panther’s tools provide further refinement and actions. To begin with, it can sort through dangers produced by individual sources and locations: cloud, hybrid, SaaS, application, network, and more. Those threats are further analyzed and investigated, then prioritized into alert levels: low, medium, high, and critical.
Working together, the two platforms curb the din of alerts that security teams are subject to, then help them zone in on real threats that require their attention.
Simply Said - These two solutions together pack one hell of a big PUNCH!
New solutions, but already trusted by organizations worldwide
Both GreyNoise and Panther are relatively recent additions to the cybersecurity market, but they’ve already made their mark. GreyNoise is trusted by the U.S. Department of Defense, Fortune 500 enterprises, top security vendors, and tens of thousands of threat researchers. Panther has been embraced by customers such as Dropbox, Zapier, Snowflake, and more. They both provide organizations the ability to scale their use rapidly with absolutely no penalty in performance.