GreyNoise is proud to announce a production contract with a $30M USD ceiling awarded to GreyNoise by the United States Department of Defense (U.S. DoD). This new contract stems from GreyNoise’s initial prototype with the U.S. DoD’s Defense Innovation Unit (DIU) announced earlier in 2021 to help the Department diagnose internet-wide scan-and-attack activity.

U.S. Department of Defense Contract to Help Identify Internet Scanners and Attackers

Our CEO and Founder, Andrew Morris, says it best: “We're deeply thrilled to be able to call the DoD a full customer, and honored to support their mission…we have become the ‘go-to’ authority on the scan-and-attack traffic that absolutely all internet-dependent organizations are subject to, because of our unique ability to monitor and analyze internet noise at global scale. This visibility has become more and more important as malicious actors leverage automation to scale their attacks. GreyNoise will enhance cyber threat detection and intelligence-gathering capabilities across the DoD and other branches of the U.S. government, and enable security analysts to focus their valuable time and energy on legitimate threats.”

Filtering Internet Noise

Every machine connected to the internet is exposed to a barrage of unsolicited communications from tens of thousands of unique IP addresses per day—a phenomenon we call internet background noise. A percentage of these communications are malicious attacks and web crawls; some are non-malicious scans and pings; some are legitimate business services; and others still are unknown, but hitting everyone on the internet. GreyNoise solves the challenge of diagnosing and filtering this massive volume of traffic for security analysts and teams.

GreyNoise offers two value propositions for security analysts and SOC teams:

Increasing analyst capacity

We help SOC teams recognize events not worth their attention. On average, prospects who trial GreyNoise see that 20-40% of their alert traffic is noise, and GreyNoise customers are seeing alert volume reductions of 25% or more.

Indicators in GreyNoise are likely associated with opportunistic internet scanning or common business services, not targeted threats. This context helps the SOC in a few ways:

  • Suppress/deprioritize noisy alerts. Security engineering teams can automatically enrich SIEM or SOAR events and suppress or deprioritize alerts generated by common business services or benign IPs.
  • Reduce false positives. Cyber threat intelligence teams can enrich indicators in their Threat Intelligence Platform to reduce false positives in downstream security systems.
  • Accelerate triage. SOC analysts can manually triage noisy alerts much more quickly with GreyNoise context data, freeing up time for higher priority work.
Seeing emerging threats faster

GreyNoise helps organizations reduce the risk and costs of compromise by seeing emerging threats faster and more clearly, in three basic ways:

  • Decreased time to verdict. Instead of spending time researching harmless scanners, false positives, and common business services that trigger alerts, GreyNoise gives analysts this time back to focus on what matters.
  • Identify compromised devices. GreyNoise will flag activity that indicates a possible compromise.
  • Identify CVEs being exploited in the wild, at scale. GreyNoise provides unique, early visibility into vulnerability checking and exploit attempts against newly announced CVEs, providing IR teams with the necessary lead time to mitigate risk, and vulnerability management teams with the data to prioritize patching.

GreyNoise in the Department of Defense

This production contract allows the GreyNoise platform to be purchased and utilized by all DoD organizations over a 5-year period. Resulting from our partnership with the Defense Innovation Unit (DIU), the collaboration helps the DoD focus on identifying and scaling commercial technology solutions while deploying them rapidly across the U.S. military to strengthen the nation’s security.

We’ve got an ordering guide that makes it easy for DoD organizations to scope and purchase the GreyNoise platform for their specific requirements. To access the ordering guide for GreyNoise products associated with this contract, please email

Get Started With GreyNoise for Free
This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
GreyNoise Labs logo
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account