GreyNoise Intelligence, the cybersecurity company analyzing internet scanning traffic to separate threats from background noise, today announced a new suite of cybersecurity features designed to provide advanced intelligence on unknown Internet Protocol (IP) addresses.
Internet noise triggers thousands of threat alerts that need to be investigated by security teams on a daily basis. Most of these alerts stem from unknown IP addresses attempting to contact an organization’s server. While some of these addresses may be malicious, the majority consist of harmless events that are irrelevant to the particular organization. Unfortunately, the information provided by most threat intelligence solutions is incomplete, and does not provide enough context to make a determination or take action. Given the volume of incoming activity, there simply isn’t enough time for security teams to investigate each IP address manually. Alert fatigue not only causes productivity issues, it also results in missed threats.
GreyNoise approaches this problem in a different way by reducing the “noise” for SOC teams. Using a global network of passive sensors, GreyNoise identifies IP addresses that are mass scanning and crawling the internet, and classifies them based on intent. Rather than barraging security teams with alerts, GreyNoise helps to eliminate harmless activity. This unique approach helps security teams waste less time on irrelevant alerts and focus instead on targeted and emerging threats.
The GreyNoise suite includes three new features that address this issue by digging deeper into anomalies in internet scanning traffic:
- IP Geo Destination provides geographic information to help identify the destination, in addition to source data. With first-hand destination data built upon GreyNoise’s vast global sensor network, IP Geo Destination enables security teams to better understand how cyberattacks impact different geographic regions. This feature is designed for cyber defenders to connect geopolitical motivations with scan-and-attack traffic and help responders quickly prioritize and triage alerts.
- IP Timeline shows the history of the IP’s behavior in the past 60 days. Using this data, responders can better understand when each IP address was active and how it was being used. Threat hunters can correlate this with historical activity in their environments to determine whether the IP was acting suspiciously at a particular point in time.
- IP Similarity. In the process of collecting, analyzing, and labeling internet background noise, GreyNoise has come to identify patterns among scanners and background noise traffic. Often, a group of IPs demonstrate similar behavior patterns that can provide important context when discerning intent or identifying actor’s infrastructure.
“GreyNoise is always looking for new ways to bring as much value as possible to the SOC, and to help security teams focus their time and attention on meaningful, strategic security work,” said Andrew Morris, Founder and CEO, GreyNoise Intelligence. “When security teams are working at capacity in a completely reactive manner, that becomes impossible. Providing better quality and context around IP intelligence will not only help reduce the number of alerts coming in, it will also enable security teams to do a better job of defending against malicious threats at scale.”
For more information about GreyNoise, please visit https://www.greynoise.io/.
About GreyNoise Intelligence
GreyNoise empowers the security teams of enterprises and global governments to act with speed and confidence by providing real-time, verifiable perimeter-based threat intelligence. This allows security teams to reduce noise in security operations, perform in-depth threat hunting campaigns, and focus on the most critical threats to their network. Our patented sensor technology enables us to collect and analyze unique threat data at-scale that no one else can. We provide the most actionable threat intelligence against mass internet scanning and exploitation, so that no attack works twice. For more information, please visit https://www.greynoise.io/, and follow us on Twitter, Mastodon and LinkedIn.
