I started GreyNoise in 2018 by myself in an apartment in Arlington, Virginia to bring visibility into what scanners and attackers were up to on the Internet. My theory at the time was that the edge telemetry from a single internet-exposed device or sensor was not useful or interesting, but the edge telemetry of a large, diverse set of internet-exposed devices or sensors would tell really interesting stories in aggregate. Better yet, I figured if this feed of data was enriched and analyzed properly and was directly integrated into the tools being used by security analysts around the world, they would have more context on the threats they were responsible for defending their organizations against. 

The first pain point this approach solved for customers was alert fatigue: Security analysts could now easily “subtract” all the internet noise, automated attacks, and benign scanners from the attacks targeting their networks, giving them a cleaner signal of which targeted attacks to focus on. I closed a handful of customers for this use-case, raised some money, and hired a small team of incredibly talented people. Since then, GreyNoise has launched community and enterprise products that are trusted by tens of thousands of security practitioners, our customer-base includes over 150 of the most advanced organizations in the world, and our team has grown to over 50 of the smartest people I’ve ever known. We’re integrated into the most widely deployed security products and are cited by government intelligence agencies and news media on a near weekly basis.

As we continued to refine the security efficiency use-case at GreyNoise, a second use-case started to emerge:  Every time a critical software vulnerability was disclosed, security analysts were left in the dark about whether attackers were actually exploiting it in the wild or not. Simultaneously, many of the times this would happen, we would start to see interesting new shapes and patterns show up in our raw sensor data. At first, this happened a few times per year. Now this happens every week. 

Initially, we would detect in-the-wild exploitation by luck. But this use-case quickly became the most frequently asked by customers, as it was something they were not getting fast enough or clearly enough from their other vendors. So, at GreyNoise we started investing in new approaches that would enable us to consistently detect in-the-wild exploitation of software vulnerabilities within minutes. Not once, or twice, but every single time. We re-invented our core sensor and data processing architecture, deployed sensors to hard-to-reach places, and partnered with other security companies to get further and further ahead of attackers. 

Entering 2024, a few things feel different:

  • Our business and employee-base is bigger now than I have imagined in 2018.
  • Critical vulnerabilities in widely-deployed software are being disclosed faster than ever.
  • A critical mass of our customers are asking for our help to keep their networks safe, not just make their security teams more efficient.
  • AI changes the equation in ways we don’t yet fully understand.

These are all really hard problems. As such, last year I started looking for a partner to take over the business so I could focus on the things I’m uniquely passionate about. I found that partner in Ash Devata.

Ash is relentlessly customer and employee-focused. His reputation in the security industry is phenomenal, and his experience at the intersection of technology and business is unbeatable. I could not be more grateful or excited to partner with him to continue growing GreyNoise. I’ve spent the last few months getting to know Ash and, after every conversation or dinner we’ve had, I am more and more impressed with his outlook and thoughtfulness. Ash is joining us from Cisco where he was Vice President and General Manager for the Duo and Zero Trust business. He joined Cisco by way of acquisition from Duo where he built and ran a world-class Product organization since the early days of Duo. Ash’s brain and my brain are very different, but our hearts are very much the same. 

Moving forward, I’ll be stepping into the role of Chief Architect at GreyNoise. My job will be to drive technical innovation specifically to stay ahead of cyber attackers, evangelize our products to the security community, set and implement our AI strategy, trawl through our data to document and understand attacker tactics, and be the first and most critical user and customer of our own products. It’s literally my dream job. 

My ask to all of our customers, users, partners, and followers is that you greet Ash as warmly as you have always greeted me. 

I have never been as excited as I am now about the future of GreyNoise and serving the broader security community. 


Andrew Morris

Founder, Chief Architect


This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
GreyNoise Labs logo
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account