GreyNoise Intelligence, the cyber security company analyzing internet scanning traffic to separate threats from background noise, today announced that it has raised a $15 Million round of Series A funding led by Radian Capital. With participation from CRV, Inner Loop, Stone Mill Ventures and Paladin Capital, this brings the total of funding raised to date to $21 million. With this funding, GreyNoise will accelerate the development and distribution of its unique threat intelligence data solution, which helps security teams waste less time on irrelevant or harmless activity, and spend more time focused on targeted and emerging threats.
“Ask any SOC analyst and they will tell you that existing network security products aren’t cutting it. Security tools generate thousands of alerts from harmless events that need to be investigated, and alert fatigue causes missed threats and productivity issues. Our research and customer feedback has demonstrated that this is a largely solvable problem” explained Andrew Morris, Founder and CEO, GreyNoise. “To address these issues, GreyNoise separates irrelevant internet noise from emerging threats. This enables security teams to quickly eliminate noisy security alerts from the SOC, identify and block mass exploit attacks, hunt for compromised systems, and prioritize patching. We offer security teams a better way to stay ahead of large opportunistic attacks such as Log4J.”
Using a global network of passive sensors, GreyNoise collects, analyzes, and labels data on IPs that scan and attack the internet, saturating security tools with noise. GreyNoise data provides security teams with an early warning system for mass exploitation attacks on the internet, real-time IP block lists they can use to defend themselves, and context to quickly eliminate noisy alerts.
“We’re thrilled to invest and partner with GreyNoise, a company that has taken an innovative approach to tackling the enormous issue of mass exploitation attacks and internet noise,” said Dave Sack, Principal, Radian Capital. “GreyNoise has created a category-defining new product that helps security teams to sort out irrelevant alerts and focus their time and energy on targeted and emerging threats. With applicability to almost any security organization, the market for this solution is enormous and growing quickly.”
GreyNoise is trusted by Global 2000 enterprises, governments, top security vendors and tens of thousands of threat researchers, including industry leaders such as Airbus, CenturyLink, The Intercontinental Exchange and multiple US and NATO Defense and Intelligence agencies. It is particularly valuable for enterprises that have a Security Operations Center and run a Security Information and Event Management (SIEM) or Security Operations Analytics and Reporting (SOAR) platform. GreyNoise is also committed to supporting the broader security community via its free Community plan, which currently serves security analysts at over 10,000 organizations.
The Challenges of Internet Noise - Mass Exploitation and Alert Overload
Mass internet scanning technologies have enabled anyone with a computer to scan the entire 4.2 billion IP addresses on the internet in 5-10 minutes. As a result, every machine connected to the internet is exposed to a barrage of communications from tens of thousands of unique IP addresses per day. This has created a number of problems:
- Mass exploitation - Vulnerabilities in internet-facing software and devices are being weaponized at an alarming rate. The amount of time between disclosure of a new vulnerability and the start of active exploitation across the internet has been reduced to a matter of hours, leaving security teams with less time to react and respond.
- Alert overload - Every computer on the internet receives a massive volume of unsolicited traffic, triggering security tools to generate thousands of events that need to be triaged by human analysts, with little context on the potential threats. Every day, security analysts struggle to differentiate between targeted cyber attacks and false positives created from internet background noise.
The GreyNoise Solution Using a global network of passive sensors, GreyNoise listens to the internet and identifies IP addresses that are mass scanning and crawling the internet. Processing billions of events every day, GreyNoise classifies and labels these IP addresses as malicious or benign based on behavior, actor and intent. GreyNoise’s data is used by security teams in two ways:
- Defend against emerging threats - with GreyNoise, security teams get an early warning about growing internet-wide attacks targeting newly announced CVEs, commonly misconfigured systems, and weakly-credentialed devices. And they can download lists of IP addresses taking part in these attacks, to proactively block them and hunt for compromises.
- Reduce noisy alerts - using GreyNoise data, organizations can identify alerts in their SIEM or SOAR that are harmless scanners. This allows them to suppress or deprioritize a significant percentage of alerts, reducing the burden on SOC analysts and increasing overall SOC capacity. One GreyNoise customer reduced their Splunk alert volume by 25%.
In 2022, GreyNoise ranked #2 on The Cyber Top 20 list for “Cyber Alert Reduction” and was recognized by the Cybersecurity Excellence Awards as one of the industry’s “Best Cyber Security Startups.” GreyNoise also earned a Fortress Cybersecurity Award, a gold Globee Cyber Security Global Excellence Award for “Advanced Threat Intelligence,” and a Golden Bridge Award in the cybersecurity category “Best Network Management and Intelligence Innovation Solution” for its Investigate 4.0 product. In 2021, GreyNoise was named “Most Innovative Security Solution” by the Tech Ascension Awards and chosen from a very deep pool of great companies for DCA Live’s 2021 list of Red Hot Cyber Companies. In addition, the SINET16 Innovator Awards named GreyNoise as one of the 16 most innovative and compelling companies of 2021.
About GreyNoise Intelligence
GreyNoise empowers the security teams of enterprises and global governments to act with speed and confidence by providing real-time, verifiable perimeter-based threat intelligence. This allows security teams to reduce noise in security operations, perform in-depth threat hunting campaigns, and focus on the most critical threats to their network. Our patented sensor technology enables us to collect and analyze unique threat data at-scale that no one else can. We provide the most actionable threat intelligence against mass internet scanning and exploitation, so that no attack works twice. For more information, please visit https://www.greynoise.io/, and follow us on Twitter, Mastodon and LinkedIn.