Internet noise, or irrelevant information or data that is disruptive, triggers threat alerts originating from unknown IP addresses attempting to contact an organization’s server; these need to be investigated by security teams daily.
When unknown IP addresses come into play, of course the first thought is that these are malicious. The reality is the majority consist of harmless events that are irrelevant to the organization. The issue, however, is that the information provided by most threat intelligence solutions is incomplete and does not provide enough context to decide or act. And there simply isn’t enough time for security teams to investigate each IP address manually.
The result is alert fatigue, which causes productivity issues and results in missed threats.
GreyNoise, a cybersecurity company that scans and analyzes traffic to separate threats from background noise, is taking a different approach to this problem. GreyNoise is reducing the “noise” for SOC teams with a new suite of cybersecurity features designed to provide advanced intelligence on unknown IP addresses.
The GreyNoise suite includes three new features:
IP Geo Destination provides geographic information to help identify the destination, in addition to source data. This feature is designed for cyber defenders to connect geopolitical motivations with scan-and-attack traffic and help responders quickly prioritize and triage alerts.
IP Timeline shows the history of the IP’s behavior in the past 60 days. This data allows responders to better understand when each IP address was active and how it was being used. Threat hunters then correlate this with historical activity in their environments to determine whether the IP was acting suspiciously at a particular point in time.
IP Similarity is the third feature. In the process of collecting, analyzing and labeling internet background noise, GreyNoise identifies patterns among scanners and background noise traffic. Often, a group of IPs demonstrates similar behavior patterns that can provide important context when discerning intent or identifying actor’s infrastructure.
“GreyNoise is always looking to help security teams focus their time and attention on meaningful, strategic security work,” said Andrew Morris, founder and CEO, GreyNoise. “Providing better quality and context around IP intelligence will not only help reduce the number of alerts coming in, it will also enable security teams to do a better job of defending against malicious threats at scale.”
Rather than barraging security teams with an endless number of alerts, GreyNoise helps eliminate harmless activity. The reason for this approach is to help security teams waste less time on irrelevant alerts and focus instead on targeted and emerging threats.
Edited by Alex Passett