Company

Tenable partnership improves threat intelligence data quality for the entire cybersecurity industry

Today, Tenable announced its new Research Alliance Program to share vulnerability information prior to public disclosure. GreyNoise is proud to be an inaugural member of this program, which aims to reduce the window of opportunity for threat actors seeking to exploit newly discovered vulnerabilities.

At a high level, cyber threat intelligence is the craft of predicting what villains and miscreants are going to do on the internet—including how, why, and where they will do it. Unfortunately, most threat intelligence solutions have not delivered on this promise. Within the wider cybersecurity community, threat intelligence is often viewed as a commodity that brings unquantifiable business value and uncertain security value. Over time, this dynamic has caused the security community to lose faith in the entire concept. 

Closing a gap in traditional threat intel

Here is the root of the problem: while many threat intelligence providers are great at cybersecurity, they are bad at providing data in a way that is useful for their customers. Generally speaking, the data provided by most threat intelligence solutions is of poor quality, because it is based on inaccurate assumptions. Some solutions even lack the conviction to provide guidance on how to make automated block decisions based on their data. And if a machine can’t use the data, how useful can it be?

As an industry, cybersecurity needs to get better at sharing information about threats–including what organizations are encountering and what they are doing to defend themselves. To compare with the airline industry, plane crash investigations are an enormous collaborative effort involving input from dozens of governmental organizations and industry partners. Their collaboration creates insights that improve flight safety for everyone, long into the future; cybersecurity can learn much from this approach.

Why data-sharing matters 

As the primary source for understanding internet noise, GreyNoise believes that sharing data about threat intelligence with other industry partners will improve data quality for the entire industry. The combination of Tenable vulnerability data with the real-time mass exploit awareness that GreyNoise provides will help our mutual customers and industry partners to respond faster (and more accurately) to newly emerging vulnerabilities.

“Whenever a vulnerability is disclosed, the dinner bell sounds for good and bad actors alike, meaning organizations are already on their back foot,” explains Robert Huber, Tenable Chief Security Officer and Head of Research. “We know threat actors are monitoring disclosure programs in the same way we are, looking for newly announced vulnerabilities, studying all available information such as proof of concepts, but they’re looking to utilize the flaw. By giving our customers the tools to address these weaknesses when they’re publicly announced, we reduce that intelligence gap and hand the advantage back to the good guys.”

For more information about how to partner with GreyNoise, please visit https://www.greynoise.io/partners.

My summer as a GreyNoise intern

For approximately 12 weeks this summer, I got to work as an intern on the GreyNoise Intelligence research team. During my time in the GreyNoise internship program, I did great things with amazing people while learning a lot about the workplace (as well as myself).

GreyNoise intern team project - IoT vulnerability research

Given an arsenal of ideas, the intern team decided to centralize the primary goal of our summer internship project around finding a vulnerability in an Internet of Things (IoT) device, release a proof of concept, disclose the vulnerability, and then track the lifecycle of the vulnerability using the GreyNoise dataset. While we did not end up locating a vulnerability, the experience of attempting to achieve this task taught me many non-technical skills.

Walking into this program, I did not have prior work experience. Having previously done contracting, the process of working with a team – let alone communicating with a group – was a whole new experience for me. I had many opportunities to hone my communication skills (which I learned is an area that will always need improvement) and to grow relationships with the research team. Looking back, one of my favorite experiences was observing how everyone on the research team interacted both inside and outside of the office and how they supported each other throughout the day.

When I assisted the research team (and didn’t work on the internship project), I was able to contribute to a company mission that I feel passionate about, which isn’t a luxury that many people have. Working alongside the researchers gave me the opportunity to meet people from other departments (e.g., engineering, data science, sales), and I enjoyed seeing how the various teams interacted and how well everyone meshed together.

As related to the job function, I was able to learn about how the research team produces content for blogs, writes tags, and interacts with customers. I learned how to answer a customer’s request for technical support, and I researched the (now deprecated) EternalBlue tag to better understand what customers were experiencing.

In terms of personal betterment, I learned that while I used to be good at time management, I can easily unlearn that skill. I realized the importance of working on communication with others, staying focused, setting realistic expectations for myself and the speed at which I can work, and setting a structured schedule for when things need to be completed. In hindsight, I think the reason I was able to get other things done (like school assignments) was the fear factor, but I know that’s not practical in any setting and that milestones for progress should be set on my end without stressing myself out.

Key takeaways from my GreyNoise internship

Below are some of the key takeaways I’ve gleaned from my experiences during the summer internship program:

The intern program was a fantastic experience overall.

• I had the chance to discover more about GreyNoise from an internal point of view.
• I was able to learn about what each team does and how they do it.
• The biggest challenge was time management; different factors ended up shortening the amount of time that was allocated to actually completing work.

The internship allowed me to grow as an individual, both technically and personally.

Technical growth:

• I learned much about the project, how research functions, and how engineering operates. 
• I got to experience deep-diving into different rabbit holes (both research and non-research related) to see how those areas relate to the main product.

Personal growth:

• I learned more about how I operate in a work environment, as well as an understanding of what I need to improve in order to successfully complete tasks within a timeline.
• I experienced growth in my communication skills by interacting with the research team and participating in work-related social events (I tend to be either super-introverted or super-extroverted, so it was good to find a balance between these two traits).
• I adapted skills from advice and mentorship that assisted me in communicating thoughts and opinions both inside and outside of the workplace.

Overall, I learned a great deal both technically and professionally from interning with the GreyNoise research team this summer. I discovered that I deeply enjoy conducting all sorts of research, then writing about the research. I obtained valuable workplace skills and realized that I have a lot more to learn about working in the real world. I’m extremely grateful to have had the experience of working at GreyNoise this summer, and I’m excited to see how the company grows – and I have absolutely loved being involved.

Announcing Our Series A Fundraise

Today, I am thrilled to announce that GreyNoise has closed its Series A round fundraise. Led by Radian Capital, we secured $15M to help security teams de-prioritize noise and block mass exploitation.

I started GreyNoise in 2017 to help security teams around the world defend their organizations and spend less time paralyzed by alert fatigue. From personal experience, I knew that security teams suffer from an insane volume of alert fatigue and information overload. My vision: to build a global sensor network that would allow us to collect and analyze scanning data across the internet. 

Now, five years later, GreyNoise has become the leading source of truth that enables security teams to increase their velocity by accelerating time-to-verdict. Because GreyNoise separates irrelevant internet noise from emerging threats, security teams can quickly eliminate noisy security alerts from the SOC, identify and block mass exploit attacks, hunt for compromised systems, and prioritize patching. 

We currently serve more than 2,000 organizations in our community. Outside of our community product, we serve over 100 enterprise customers across every vertical and continent–as well as many government and non-profit organizations.

Boosting Analyst Efficiency

With this investment, we will continue to improve the efficiency of security teams by eliminating noisy alerts, as well as bring new products to market that prevent mass-exploitation traffic altogether. Anyone with a computer can scan 4.2 billion IP addresses on the IPv4 space in 5 minutes–then exploit all of them in hours–therefore every internet-connected machine gets exposed to reconnaissance and attack traffic from tens of thousands of distinct devices each day. This has created two urgent problems:

• Mass exploitation - Vulnerabilities in software and devices are being weaponized at an alarming rate. The time between disclosure of a new vulnerability and the start of active exploitation across the internet has been reduced to a matter of hours, leaving security teams with less time to react and respond. Traditional security products are simply unable to keep up. 
• Alert overload - Every server and device on the internet receives a massive volume of unsolicited scan-and-attack traffic, triggering security tools to generate thousands of alerts that need to be triaged by human analysts—with little context on the potential threats. Every day, security analysts struggle to differentiate between meaningful cyberattacks and pointless, noisy alerts created from internet background noise.

Ask any SOC analyst, and they will tell you that traditional network security products aren’t cutting it. Security tools generate thousands of alerts from harmless events that need to be investigated, and alert fatigue causes missed threats and productivity issues. Our research and customer feedback have demonstrated that this is a largely solvable problem, which is why we offer security teams a better way to stay ahead of large opportunistic attacks.

We could not have achieved this on our own without our world-class team, incredible network of customers and partners, and energized and excited user community. Your feedback enables us to become better at what we do every day. The GreyNoise team thanks you for your support, and we are honored by your continued trust in us. 

I am beyond proud of the work our team at GreyNoise is doing to make your experience the best in the industry because we’re the first place you go to find out more about an alert, a suspicious connection, or a perceived threat. GreyNoise is using our Series A fundraise to do some exciting things this year, and we’re deeply pleased to have you along on our journey to a quieter internet.

GreyNoise and Panther help security teams cope with threat overload

By Brad LaPorte, Gartner Veteran & Strategic Advisor to GreyNoise and Panther Labs

My two best friends just became BFFs. Before I can talk about how awesome this is, I need to start at the beginning…

Let's rewind back to July 8, 2019, when I slid into Andrew Morris’s DMs to learn more about what GreyNoise was all about. Little did I know that this initial conversation would evolve into the bromance that thrives today. At the time, the team was tackling a very serious problem that had been plaguing security teams since the dawn of the SIEM in 2006 - alert fatigue as well as spending over 50% of their time and resources dealing with useless false positives. To this point, no one had really tackled this problem. Somehow this crack team of fewer than 5 people was able to make a dent which has had a ripple effect throughout the market. Being the research analyst that I was, I dug in like an Alabama tick. In every conversation we had, I needed to learn more…

Flash forward to May 2020 - I had the honor of acting as lead author of the Cool Vendors report as a research analyst at Gartner. The bar is extremely high for vendors that have the rare opportunity to be selected for this report, but GreyNoise was an easy selection. They exceeded all marks across customer feedback, inquiries, and the benchmark criteria that Gartner sets for inclusion.

Punch it into lightspeed - a year ago, I teamed up with my business partner, Dan Schoenbaum, to act as an independent consultant with High Tide Advisors. I rekindled my relationship with Andrew and formed an official business agreement to aid them in their Go-To-Market Strategy.

Simultaneously I was introduced to Jack Nagileri, CEO and Founder of Panther Labs, who was making a rather HUGE splash in the SIEM space. With a new and innovative approach to alleviating the pain of traditional SIEM via detection-as-code, a robust security data lake, and huge scalability with zero-ops, Panther currently has a $1.4 billion valuation. They are addressing the same root problems I had dealt with for many years while working in the US Department of Defense, Dell SecureWorks, IBM, as well as other security teams throughout my 20-year career.

Over the past few months, I have had the pleasure of writing several content pieces and hosting webinars on very hot topics in the market for both companies. I have grown so much with both organizations, professionally and personally. It is a true pleasure to see the union of them operating together - like finding that last puzzle piece that completes a picture.

In order to fully understand and appreciate this union, it is important to capture what exactly is happening in the industry…

State of the Industry (TL;DR - Things are getting much worse)

Every day, cybercriminals are plotting new methods of cracking through the infrastructures of organizations, and their activity continues to ramp up. Just looking at Common Vulnerabilities and Exposures (CVE) alone, we saw 50 new CVEs introduced per day on average in 2021, a record 18,376 for the year, and a trend that has continued into 2022.

Security teams are tasked with safeguarding their organizations from these CVEs but are overwhelmed by the sheer volume. While regulators have set an expected response time of 48 hours or less from the time a threat is detected, the reality is that most organizations don’t come anywhere close to meeting that timeframe. “Cybersecurity teams inside large organizations take over three months (96 days) to develop the skills necessary to defend against breaking cyber threats,” according to a recent report by the cybersecurity training organization Immersive Labs.

Part of the problem lies in inadequate staffing levels. In 2021, the shortage of skilled cybersecurity workers worldwide totaled 2.72 million, which may be underselling the problem, according to some analysis. But the other part is that security tools have become so hyper-vigilant about perceived – and often false -- threats that they are in constant alert mode, resulting in alarm fatigue for the understaffed security team.

The fundamentals of cybersecurity responsibilities

A (VERY) oversimplified breakdown of basic cybersecurity responsibilities can be categorized into two phases:

1. Monitoring threats
2. Remediating breaches

What teams need are tools that provide highly refined automation to point them only to those threats that are a danger, and then steer them to prioritized remediation actions for their infrastructures.

That’s exactly what GreyNoise and Panther are now offering through a new collaboration between the two cybersecurity vendors. GreyNoise gets rid of the noise of false or irrelevant threats, while Panther helps teams address those that are significant and need attention.

ELI5 - The analogy of a water filtration system

To understand how the two platforms work in tandem, think of the task of ensuring the water in a home is safe to use. You could let all the water in and then apply filters on every pipe in the house, or you could start with one large filter that blocks hazardous substances before they enter the rest of the plumbing.

That first filtration method is what GreyNoise is now offering their customers for free – a tool that collects, analyzes, and labels data on IPs that scan the internet and generate noise that amounts to irrelevant or harmless activity. In the filtration analogy, it’s lessening the amount of work that filters further down the line would have to perform. This level of filtration is GreyNoise’s Basic level of service.

GreyNoise also offers subscription services that add two key features:

1. Alerts that show where in the infrastructure an organization likely has a compromised device and
2. Identification of new CVE or internet attack activity, including tagging of IPs actively exploiting those vulnerabilities in the wild.

In the water analogy, these services provide guidance about potentially harmful substances that have seeped through and where they may be located.

From there, Panther’s tools provide further refinement and actions. To begin with, it can sort through dangers produced by individual sources and locations: cloud, hybrid, SaaS, application, network, and more. Those threats are further analyzed and investigated, then prioritized into alert levels: low, medium, high, and critical.

Working together, the two platforms curb the din of alerts that security teams are subject to, then help them zone in on real threats that require their attention.

Simply Said - These two solutions together pack one hell of a big PUNCH!

New solutions, but already trusted by organizations worldwide

Both GreyNoise and Panther are relatively recent additions to the cybersecurity market, but they’ve already made their mark. GreyNoise is trusted by the U.S. Department of Defense, Fortune 500 enterprises, top security vendors, and tens of thousands of threat researchers. Panther has been embraced by customers such as Dropbox, Zapier, Snowflake, and more. They both provide organizations the ability to scale their use rapidly with absolutely no penalty in performance.

GreyNoise gives organizations an opportunity to see its benefits by signing up for a free account. Panther’s value can be seen by registering for a demo.

Learn More:

• Webcast: How to Reduce Alert Fatigue with Panther and GreyNoise
• Demo video

‍

TL;DR

Starting today, all Panther customers have out-of-the-box access to GreyNoise to improve their detection fidelity.

SOC teams are overwhelmed

SOC teams are slammed today, and alert overload is a huge part of the problem. Too many security tools simply produce large quantities of data to be analyzed–without contextualizing potential threats–and false positive rates up to 50% are the norm. This puts a huge burden on analysts tasked with researching or investigating every alert that gets generated. What’s driving this situation for SOC teams? A couple of thoughts:

The SIEM is struggling

A SIEM platform is one of the primary tools detection and response teams use to secure enterprise environments. But traditional SIEM solutions make it complex and difficult to create detections that deliver high-fidelity alerts. Faced with an unending volume of low-quality and false alerts, many SOC teams end up getting behind, taking shortcuts, and often simply purging un-reviewed alerts. On the human side, alert fatigue sets in, effectiveness falls dramatically, and the analyst team starts to churn, making an already challenging talent situation worse.

Threat intelligence says “the sky is falling”

The traditional approach to threat intelligence is to identify more and more (and yet more!) threat indicators that are “suspicious.” Often, these threat indicators are low fidelity and come with very little context for a security analyst. The result - too many false positives and alerts about events that turn out to be harmless or irrelevant to the organization.

Internet background noise is driving alert storms

Every machine connected to the internet is exposed to scans and attacks from hundreds of thousands of unique IP addresses per day - we call this “internet background noise.” Some of this traffic is from malicious attackers driving automated, internet-wide exploit attacks. And some of the traffic is benign activity from security researchers, common bots, and business services. And some of it is just unknown. But taken together, this noise triggers thousands of events requiring human analysis.

Helping SOC teams spend less time on noisy alerts, and more time on emerging threats

To address this challenge, Panther and GreyNoise have partnered to provide integrated, out-of-the-box threat intelligence in the Panther threat detection platform that helps teams intelligently reduce the number of alerts in the SOC while prioritizing emerging threats.

Unlike other threat intelligence vendors, GreyNoise is solely focused on providing high-fidelity data on IPs that are actively scanning, crawling, and attacking the internet. By classifying each IP by intent (benign, malicious, or unknown), GreyNoise and Panther help SOC teams craft detection and alerting logic that intelligently rules out internet background noise, and prioritizes mass exploit and targeted activity.

How does it work? What are the use cases?

The Panther-GreyNoise integration provides Panther customers with a free, out-of-the-box integration of GreyNoise data sets. All alerts in Panther are enriched with GreyNoise IP data, and detections can be quickly and easily written using the GreyNoise python library.

There are several key use cases for leveraging GreyNoise enrichment data within Panther:

Reduce noisy alerts

GreyNoise provides context on noisy IP addresses that scan the internet. Panther customers can build detections that evaluate the “intent” of a scanner IP address (benign, malicious, unknown) and then simply suppress or de-prioritize the alert. Using this approach, GreyNoise customers have been able to reduce their alert volumes by 25% or more.

Accelerate investigations

One of the key first steps a security analyst often takes in triaging an alert is to research the IP address to determine if it is malicious. With GreyNoise data enriching the IP addresses associated with an alert, the analyst can quickly “rule out” IP addresses that are known to be benign or from common business services like Microsoft Update, Slack, or Zoom. This can save significant time on manual research. In addition, GreyNoise provides valuable context on known malicious internet-wide scanners that help speed up the triage process. One GreyNoise customer is saving one day per analyst per week, giving their team 20% more capacity to focus on true threats.

Identify and prioritize activity from mass exploitation attacks

Mass scanning and exploitation attacks have surpassed phishing attacks as the top attack vector, and SOC teams are often struggling to respond. Huge “celebrity” vulnerabilities like Log4j/Log4Shell, OMIGOD, and ProxyShell have forced security teams to scramble to block attacks, identify vulnerable systems, do emergency patching, and hunt for compromised systems while “under the gun.” With GreyNoise data, organizations have real-time visibility into all the mass exploitation IPs targeting a specific vulnerability, providing critical actionable data during an active attack.

How can I use GreyNoise in my Panther detections?

Packages

GreyNoise Basic is natively integrated at no extra charge for all Panther customers, and includes a subset of the GreyNoise NOISE and RIOT data sets. This means Panther customers can quickly and programmatically identify the following:

• IPs that are “internet background noise” - IPs that scan, crawl and attack the entire internet (NOISE dataset)
• IPs that are associated with common business services - dynamic IPs associated with common internet services like Microsoft Update, Slack, and Zoom (RIOT dataset)
• Intent - whether each IP is showing behavior that is benign, malicious, or unknown
• Name - name of the organization that owns the IP address
• Last-Seen - date of the last observed behavior on the GreyNoise Sensor Network

GreyNoise Advanced provides full context details from the NOISE and RIOT datasets, supporting advanced detections, richer investigation context, and faster threat hunting. The data includes tags, CVEs, geo-data, first-seen/last-seen dates, ports and protocols scanned, web paths, user agents, and more. GreyNoise Advanced requires an additional license - please contact your Panther or GreyNoise representative for more information.

The GreyNoise data sets are included as Lookup Tables in the Panther platform, and GreyNoise NOISE Basic and GreyNoise RIOT Basic are accessible by default.

Python Library

GreyNoise and Panther have developed a python library for GreyNoise data to simplify writing detections. This library makes it quick and easy to add detection logic for GreyNoise data, so you can add detections like greynoise.is_noise to evaluate IP behavior.

Check it out!

We are extremely excited about this integration between GreyNoise and Panther. We’ve had numerous customers and prospects ask us when we would be able to deliver this, and the answer is NOW. To get additional information about the integration, check out these resources:

• Webcast: How to Reduce Alert Fatigue with Panther and GreyNoise
• Demo video
• Request a personal demo
• Panther documentation
• GreyNoise documentation
• Joint press release

GreyNoise is proud to announce a production contract with a $30M USD ceiling awarded to GreyNoise by the United States Department of Defense (U.S. DoD). This new contract stems from GreyNoise’s initial prototype with the U.S. DoD’s Defense Innovation Unit (DIU) announced earlier in 2021 to help the Department diagnose internet-wide scan-and-attack activity.

U.S. Department of Defense Contract to Help Identify Internet Scanners and Attackers

Our CEO and Founder, Andrew Morris, says it best: “We're deeply thrilled to be able to call the DoD a full customer, and honored to support their mission…we have become the ‘go-to’ authority on the scan-and-attack traffic that absolutely all internet-dependent organizations are subject to, because of our unique ability to monitor and analyze internet noise at global scale. This visibility has become more and more important as malicious actors leverage automation to scale their attacks. GreyNoise will enhance cyber threat detection and intelligence-gathering capabilities across the DoD and other branches of the U.S. government, and enable security analysts to focus their valuable time and energy on legitimate threats.”

Filtering Internet Noise

Every machine connected to the internet is exposed to a barrage of unsolicited communications from tens of thousands of unique IP addresses per day—a phenomenon we call internet background noise. A percentage of these communications are malicious attacks and web crawls; some are non-malicious scans and pings; some are legitimate business services; and others still are unknown, but hitting everyone on the internet. GreyNoise solves the challenge of diagnosing and filtering this massive volume of traffic for security analysts and teams.

GreyNoise offers two value propositions for security analysts and SOC teams:

Increasing analyst capacity

We help SOC teams recognize events not worth their attention. On average, prospects who trial GreyNoise see that 20-40% of their alert traffic is noise, and GreyNoise customers are seeing alert volume reductions of 25% or more.

Indicators in GreyNoise are likely associated with opportunistic internet scanning or common business services, not targeted threats. This context helps the SOC in a few ways:

• Suppress/deprioritize noisy alerts. Security engineering teams can automatically enrich SIEM or SOAR events and suppress or deprioritize alerts generated by common business services or benign IPs.
• Reduce false positives. Cyber threat intelligence teams can enrich indicators in their Threat Intelligence Platform to reduce false positives in downstream security systems.
• Accelerate triage. SOC analysts can manually triage noisy alerts much more quickly with GreyNoise context data, freeing up time for higher priority work.

Seeing emerging threats faster

GreyNoise helps organizations reduce the risk and costs of compromise by seeing emerging threats faster and more clearly, in three basic ways:

• Decreased time to verdict. Instead of spending time researching harmless scanners, false positives, and common business services that trigger alerts, GreyNoise gives analysts this time back to focus on what matters.
• Identify compromised devices. GreyNoise will flag activity that indicates a possible compromise.
• Identify CVEs being exploited in the wild, at scale. GreyNoise provides unique, early visibility into vulnerability checking and exploit attempts against newly announced CVEs, providing IR teams with the necessary lead time to mitigate risk, and vulnerability management teams with the data to prioritize patching.

GreyNoise in the Department of Defense

This production contract allows the GreyNoise platform to be purchased and utilized by all DoD organizations over a 5-year period. Resulting from our partnership with the Defense Innovation Unit (DIU), the collaboration helps the DoD focus on identifying and scaling commercial technology solutions while deploying them rapidly across the U.S. military to strengthen the nation’s security.

We’ve got an ordering guide that makes it easy for DoD organizations to scope and purchase the GreyNoise platform for their specific requirements. To access the ordering guide for GreyNoise products associated with this contract, please email sales@greynoise.io.

‍

What Makes GreyNoise The Most Innovative Security Solution?

Today at GreyNoise, we’re thrilled to announce our selection as the Most Innovative Security Solution of 2021, as recognized by the Tech Ascension Awards. The awards are starting to pile up at GreyNoise, and our team's excitement grows after repeated confirmation from analysts and customers. As the name of the award implies, this honor is granted to those proving themselves innovative in the tech community around specific criteria. GreyNoise was selected from a pool of more than 500 applicants for excellence in technology innovation, market research, and unique competitive differentiators.

Our CEO and Founder, Andrew Morris, welcomes the industry compliment: “…we are honored by all of this validation, as it shows that we are making progress toward our ultimate mission—to solve the problem of alert fatigue and information overload in the cybersecurity arena. Every day, we see a staggering number of internet scans barraging internet-facing computers and software, and generating massive volumes of security alerts. Some of this activity is malicious, but a significant amount is not, and it’s getting to the point where it’s tough for security analysts to discern real threats from background noise. GreyNoise enables security teams to focus on the threats that really matter, rather than wasting their time investigating insignificant alerts. This is the heart of what makes GreyNoise an innovative security solution: we sift the haystack so you can pay attention to the needles."

It’s Not Just Any Award

Because the Tech Ascension Awards are innovation-centered, best-in-class vendors that receive recognition solve critical industry challenges differently. “The proliferation of ransomware, nation-state threats, and an uptick in cybercriminal activity due to COVID-19 are just some of the factors that have made a strong cybersecurity defense paramount for every business that touches sensitive data,” said David Campbell, CEO of Tech Ascension Awards. “We’re honored to recognize these industry leaders that have demonstrated their ability to defend organizations with unique approaches, innovative technology, and world-class talent.”

Here are some of our most recent accolades:

• Forbes Cybersecurity Awards 2020 named GreyNoise as “Most Intriguing Newcomer” for its ability to filter distracting background noise alerts from legitimate threats.
• The CyberScoop 50 Awards shortlisted GreyNoise Founder and CEO Andrew Morris as “Most Inspiring Up and Comer,” a category that recognizes young leaders early in their careers who have done exceptional work and are on track to become the next generation of leaders in the cybersecurity industry.
• DCA Live’s 2021 list of Red Hot Cyber Companies. This is the 4th consecutive year that DCA Live has recognized the Washington, DC region’s fastest growing and most exciting cyber security companies. GreyNoise was selected from a very deep pool of great companies nominated by one or more leaders in the Washington tech/high-growth community.
• SINET16 Innovator Awards selected GreyNoise as one of the 16 most innovative and compelling companies from a pool of hundreds of emerging Cybersecurity companies from all over the world.

Try GreyNoise for free, and find out for yourself why we are the "Most Innovative Security Solution."

‍

You may have noticed that we have announced a couple of new relationships in the last several months with the US federal government. We announced our partnership with the Defense Innovation Unit (DIU) of the US Department of Defense (DoD) to help optimize their investigations, and recently announced our partnership with In-Q-Tel (IQT). I wanted to talk a bit about what this means for GreyNoise and why we’re excited about it.

First, I’m very excited about cracking the nut of working with the defense and intelligence communities of the US federal government. We already work with a number of intelligence and defense agencies around the world, as we have mentioned in the past, but these new relationships really serve to validate the value of our solution. Specifically, DIU helps us provide our existing product to DoD customers more quickly, and IQT facilitates feedback and helps us fast-track features that solve customer problems, which will ultimately benefit all federal and non-federal customers.

Second, while we work closely with our commercial customers to ensure that we have prioritized their needs, we’ve found it can be harder to get these requirements from government agencies because of the nature of their programs. In other words, government customers are harder to solicit product feedback from due to the classified nature of their work. DIU and In-Q-Tel help to bridge that gap.

And finally, I wanted to finish with a note on our security and privacy policies. We passively collect and analyze a massive amount of internet scan traffic as part of our solution, but we will NEVER share user account and customer data or usage data with anyone outside of our organization. Our customers’ and users’ trust is extremely important to what we do, and we don’t want to compromise that trust in any way. It is common for corporate entities to defer announcement of government customers to reduce the risk of entangling themselves in complex geopolitical dynamics, but we felt strongly that we should publicly acknowledge our relationships. Transparency isn’t a bumper sticker to us; it’s a way of being, and a core value of the company.

The reality is that both government and commercial organizations are struggling with the same pressures and challenges in areas like alert fatigue and analyst investigative efficiency. These new partnerships with DIU and IQT will help make GreyNoise better for ALL of our users and customers.

Onward.

--Andrew

Every company has a distinct culture and style of communicating information between itself and the rest of the world. At GreyNoise, we’ve relied heavily on our use of Twitter and other social media that are popular with our users. This has historically worked well, but it has limited us to only brief pulses of information. Now, I’m excited to announce the GreyNoise blog, where we will be able to convey more information and ideas with more opportunities for detail and nuance.

GreyNoise was founded in 2017 with a simple mission: Use data to make security teams more efficient, and provide answers and insights where there are none. Our flagship enterprise product contextualizes noisy alerts in the SOC that are generated by internet background noise and harmless online services. Our free web interface and community API provide insights to thousands of security professionals every day.

To provide these services, we collect lots of data from across the internet at a very large scale. We operate a really big network of passive collector sensors in hundreds of data centers around the world (kind of like honeypots) to analyze internet background noise. And we constantly enumerate the IP addresses and domains of common benign SaaS services to “rule out” harmless traffic from security products.

In building and scaling GreyNoise, we’ve learned a lot of interesting lessons and witnessed a lot of interesting phenomena. The GreyNoise blog will be another forum for us to share these lessons and phenomena with the rest of the world.

GreyNoise has made a tremendous amount of progress over the past three years, but we are still in the early days. I’m excited to share the journey with you here.

Onward.

– Andrew