GreyNoise Introduces New “Triple Threat” Suite of Cybersecurity Features

GreyNoise Intelligence, the cybersecurity company analyzing internet scanning traffic to separate threats from background noise, today announced a new suite of cybersecurity features designed to provide advanced intelligence on unknown Internet Protocol (IP) addresses.

Internet noise triggers thousands of threat alerts that need to be investigated by security teams on a daily basis. Most of these alerts stem from unknown IP addresses attempting to contact an organization’s server. While some of these addresses may be malicious, the majority consist of harmless events that are irrelevant to the particular organization. Unfortunately, the information provided by most threat intelligence solutions is incomplete, and does not provide enough context to make a determination or take action. Given the volume of incoming activity, there simply isn’t enough time for security teams to investigate each IP address manually. Alert fatigue not only causes productivity issues, it also results in missed threats.

GreyNoise approaches this problem in a different way by reducing the “noise” for SOC teams. Using a global network of passive sensors, GreyNoise identifies IP addresses that are mass scanning and crawling the internet, and classifies them based on intent. Rather than barraging security teams with alerts, GreyNoise helps to eliminate harmless activity. This unique approach helps security teams waste less time on irrelevant alerts and focus instead on targeted and emerging threats.

The GreyNoise suite includes three new features that address this issue by digging deeper into anomalies in internet scanning traffic:

  • IP Geo Destination provides geographic information to help identify the destination, in addition to source data. With first-hand destination data built upon GreyNoise’s vast global sensor network, IP Geo Destination enables security teams to better understand how cyberattacks impact different geographic regions. This feature is designed for cyber defenders to connect geopolitical motivations with scan-and-attack traffic and help responders quickly prioritize and triage alerts.
  • IP Timeline shows the history of the IP’s behavior in the past 60 days. Using this data, responders can better understand when each IP address was active and how it was being used. Threat hunters can correlate this with historical activity in their environments to determine whether the IP was acting suspiciously at a particular point in time.
  • IP Similarity. In the process of collecting, analyzing, and labeling internet background noise, GreyNoise has come to identify patterns among scanners and background noise traffic. Often, a group of IPs demonstrate similar behavior patterns that can provide important context when discerning intent or identifying actor’s infrastructure.

“GreyNoise is always looking for new ways to bring as much value as possible to the SOC, and to help security teams focus their time and attention on meaningful, strategic security work,” said Andrew Morris, Founder and CEO, GreyNoise Intelligence. “When security teams are working at capacity in a completely reactive manner, that becomes impossible. Providing better quality and context around IP intelligence will not only help reduce the number of alerts coming in, it will also enable security teams to do a better job of defending against malicious threats at scale.”

For more information about GreyNoise, please visit

About GreyNoise Intelligence

GreyNoise is THE source for understanding internet noise. We collect, analyze and label data on IPs that saturate security tools with noise. This unique perspective helps analysts waste less time on irrelevant or harmless activity, and spend more time focused on targeted and emerging threats. GreyNoise is trusted by Global 2000 enterprises, government organizations, top security vendors and tens of thousands of threat researchers. For more information, please visit, and follow us on Twitter and LinkedIn.