GreyNoise Intelligence, a cyber security company that analyzes Internet scanning traffic to separate threats from background noise, today introduced Investigate 4.0, a threat intelligence tool that helps security analysts identify and respond to opportunistic “scan-and-exploit” attacks in real time.
“Combating internet-wide opportunistic exploitation is a complex problem, with new vulnerabilities being weaponized at an alarming rate,” explained Andrew Morris, Founder and CEO, GreyNoise Intelligence. “Investigate 4.0 enables security teams to quickly see exploit attacks as they emerge, identify and block opportunistic attackers, hunt for compromised systems, and prioritize patching. It offers security teams a better way to stay ahead of large opportunistic attacks such as Log4J.”
According to a recent report by IBM, severe vulnerabilities in internet-facing enterprise software are being exploited and weaponized at a higher frequency, at massive scale:
- Opportunistic “scan-and-exploit” attacks are quickly approaching phishing as the most-used cyber attack vector, with 34% of attacks in 2021 used vulnerability exploitation, compared to 41% of attacks leveraging phishing.
- Vulnerability exploit attacks grew 33% in 2021 from 2020, indicating this attack vector’s strong hold in threat actors’ arsenals.
Furthermore, the amount of time between disclosure of a new vulnerability and the start of active exploitation has been reduced to a matter of hours, leaving defenders with less time to react and respond.
GreyNoise Investigate Delivers Real-Time Visibility and Blocking of Exploit Attacks
GreyNoise Investigate helps security analysts identify and respond to opportunistic “scan-and-exploit” attacks, providing context about the behavior and intent of IP addresses scanning the internet. Investigate allows security teams to:
- Quickly triage alerts based on malicious, benign, or targeted classifications
- Identify trending internet attacks targeting specific vulnerabilities and CVEs
- Block and hunt for IP addresses opportunistically attacking a specific vulnerability
With the release of Investigate 4.0, GreyNoise has created a new Trends Page that helps security analysts identify and respond to internet attacks targeting specific vulnerabilities. This new page provides two key capabilities:
- Attack Visibility. The Trends graph shows the number of IP addresses targeting a specific vulnerability or CVE over time. This unique visualization allows security teams to identify and prioritize internet threats based on how actively a vulnerability is being exploited in the wild.
- Dynamic IP Lists. The new Trends page provides several ways for analysts to access a dynamic list of IP addresses actively scanning for a vulnerability in the past 24 hours. This data can be used to provide near-term protection by blocking attacks at the firewall or WAF, as well as providing indicators of compromise to use to hunt for potentially compromised systems.
Taken together, this new Trends functionality allows security teams to quickly understand if a vulnerability is relevant to their organization, and to buy them the time they need to put security defenses in place.
For further information, please see the GreyNoise blog.
GreyNoise Products
GreyNoise helps security teams deal with the problems of internet noise, by collecting, analyzing and labeling data on noisy IP addresses that scan and attack the entire internet. Rather than saturating security teams with alerts, GreyNoise helps them to focus on the threats that really matter, and ignore the ones that don’t.
GreyNoise offers two plans for enterprise customers:
- GreyNoise Investigate helps security analysts identify and respond to opportunistic “scan-and-exploit” attacks. With Investigate, analysts can quickly triage alerts based on malicious or benign classifications, identify trending internet attacks, and quickly react to these attacks with blocking and hunting strategies.
- GreyNoise Automate helps SOC teams reduce the time they spend on harmless or irrelevant events, saving analyst time and increasing SOC capacity 20-40%. With Automate, security teams can automatically suppress noisy alerts generated by their SIEM and SOAR systems, and accelerate security event research and investigations.
In addition to its enterprise plans, GreyNoise is committed to supporting the broader security community via its free Community plan, which currently serves over 20,000 individual security analysts.
To learn more about GreyNoise products or create a free Community account, please visit https://www.greynoise.io/.
About GreyNoise Intelligence
GreyNoise empowers the security teams of enterprises and global governments to act with speed and confidence by providing real-time, verifiable perimeter-based threat intelligence. This allows security teams to reduce noise in security operations, perform in-depth threat hunting campaigns, and focus on the most critical threats to their network. Our patented sensor technology enables us to collect and analyze unique threat data at-scale that no one else can. We provide the most actionable threat intelligence against mass internet scanning and exploitation, so that no attack works twice. For more information, please visit https://www.greynoise.io/, and follow us on Twitter, Mastodon and LinkedIn.