GreyNoise Awarded Production Contract with a $30 Million Ceiling by the United States Department of Defense

GreyNoise Intelligence, the anti threat intelligence company, today announced that it has been awarded a production contract with a $30 million ceiling by the United States Department of Defense (U.S. DoD). This new contract stems from GreyNoise’s initial prototype with the U.S. DoD’s Defense Innovation Unit (DIU), announced earlier in 2021, to help the Department identify and understand internet-wide scan and attack activity.

“We're deeply thrilled to be able to call the DoD a full customer, and honored to support their mission,” said Andrew Morris, Founder and CEO, GreyNoise Intelligence. “GreyNoise has become the ‘go-to’ authority on the scan and attack traffic that absolutely all internet-dependent organizations are subject to, because of our unique ability to monitor and analyze internet noise at global scale. This visibility has become more and more important as malicious actors leverage automation to scale their attacks. GreyNoise will enhance cyber threat detection and intelligence-gathering capabilities across the DoD and other branches of the US government, and enable security analysts to focus their valuable time and energy on legitimate threats.”

Analyzing Internet Noise

Every machine connected to the internet is exposed to a barrage of unsolicited communications from tens of thousands of unique IP addresses per day—a phenomenon that many people call internet background noise. A percentage of these communications are malicious attacks and web crawls; some are non-malicious scans and pings; some are legitimate business services; and others still are unknown, but hitting everyone on the internet. This massive volume of unsolicited traffic is a challenge for security organizations, because it triggers security tools to generate thousands of events to be analyzed, with little context on the potential threats. Every day, security analysts struggle to differentiate between targeted cyber attacks and false positives created from internet background noise.

GreyNoise collects, categorizes, and contextualizes data on internet background noise via a network of thousands of passive sensors around the world. Once collected, the traffic is automatically enriched, analyzed, tagged, and summarized to provide context and intent. This allows security practitioners to de-prioritize insignificant threats, so that they can redirect their time and energy toward addressing targeted threats on the perimeter.

Helping Security Teams

GreyNoise offers two value propositions for security analysts and SOC teams:

1. Increase analyst capacity

GreyNoise helps SOC teams recognize events not worth their attention. Indicators in GreyNoise are likely associated with opportunistic internet scanning or common business services, not targeted threats. This context helps the SOC in a few ways:

  • Suppress/de-prioritize noisy alerts. Security engineering teams can automatically enrich SIEM or SOAR events, and suppress or deprioritize alerts generated by common business services or benign IPs.
  • Reduce false positives. Cyber threat intelligence teams can enrich indicators in their Threat Intelligence Platform to reduce false positives in downstream security systems.
  • Accelerate triage/faster time to verdict. SOC analysts can manually triage noisy alerts much more quickly with GreyNoise context data, freeing up time for higher priority work.

On average, prospects who trial GreyNoise see that 20-40% of their alert traffic is noise, and GreyNoise customers are seeing alert volume reductions of 25% or more.

2. See emerging threats faster

GreyNoise helps organizations reduce the risk and costs of compromise by seeing emerging threats faster and more clearly, in three basic ways:

  • Decreased time to verdict. Instead of spending time researching harmless scanners, false positives, and common business services that trigger alerts, GreyNoise gives analysts this time back to focus on what matters.
  • Identify compromised devices. GreyNoise will flag activity that indicates a possible compromise.
  • Identify CVEs being exploited in the wild, at scale. GreyNoise provides unique, early visibility into vulnerability checking and exploit attempts against newly announced CVEs, providing IR teams with the necessary lead time to mitigate risk, and vulnerability management teams with the data to prioritize patching.

GreyNoise in the DoD

This production contract with a $30 million ceiling will allow GreyNoise’s platform to be purchased and utilized by all DoD organizations over a 5 year period. It is a result of GreyNoise’s partnership with the Defense Innovation Unit (DIU), an organization within the U.S. DoD focused on identifying and scaling commercial technology solutions and deploying them rapidly across the U.S. military to strengthen the nation’s security.

GreyNoise has created an ordering guide that makes it easy for DoD organizations to scope and purchase the GreyNoise platform for their specific requirements. To access the ordering guide for GreyNoise products associated with this contract, please email To create a free account to use GreyNoise’s community products, please visit

About GreyNoise Intelligence

GreyNoise is THE source for understanding internet noise. We collect, analyze and label data on IPs that saturate security tools with noise. This unique perspective helps analysts waste less time on irrelevant or harmless activity, and spend more time focused on targeted and emerging threats. GreyNoise is trusted by Global 2000 enterprises, government organizations, top security vendors and tens of thousands of threat researchers. For more information, please visit, and follow us on Twitter and LinkedIn.