GreyNoise Reduces Noise with Advanced Intelligence on Unknown IP Addresses

GreyNoise Reduces Noise with Advanced Intelligence on Unknown IP Addresses

By Greg Tavarez

Internet noise, or irrelevant information or data that is disruptive, triggers threat alerts originating from unknown IP addresses attempting to contact an organization’s server; these need to be investigated by security teams daily.

When unknown IP addresses come into play, of course the first thought is that these are malicious. The reality is the majority consist of harmless events that are irrelevant to the organization. The issue, however, is that the information provided by most threat intelligence solutions is incomplete and does not provide enough context to decide or act. And there simply isn’t enough time for security teams to investigate each IP address manually.

The result is alert fatigue, which causes productivity issues and results in missed threats.

GreyNoise, a cybersecurity company that scans and analyzes traffic to separate threats from background noise, is taking a different approach to this problem. GreyNoise is reducing the “noise” for SOC teams with a new suite of cybersecurity features designed to provide advanced intelligence on unknown IP addresses.

The GreyNoise suite includes three new features:

IP Geo Destination provides geographic information to help identify the destination, in addition to source data. This feature is designed for cyber defenders to connect geopolitical motivations with scan-and-attack traffic and help responders quickly prioritize and triage alerts.

IP Timeline shows the history of the IP’s behavior in the past 60 days. This data allows responders to better understand when each IP address was active and how it was being used. Threat hunters then correlate this with historical activity in their environments to determine whether the IP was acting suspiciously at a particular point in time.

IP Similarity is the third feature. In the process of collecting, analyzing and labeling internet background noise, GreyNoise identifies patterns among scanners and background noise traffic. Often, a group of IPs demonstrates similar behavior patterns that can provide important context when discerning intent or identifying actor’s infrastructure.

“GreyNoise is always looking to help security teams focus their time and attention on meaningful, strategic security work,” said Andrew Morris, founder and CEO, GreyNoise. “Providing better quality and context around IP intelligence will not only help reduce the number of alerts coming in, it will also enable security teams to do a better job of defending against malicious threats at scale.”

Rather than barraging security teams with an endless number of alerts, GreyNoise helps eliminate harmless activity. The reason for this approach is to help security teams waste less time on irrelevant alerts and focus instead on targeted and emerging threats.




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

TD SYNNEX Invests in Brazilian Cloud Future with IPsense Acquisition

By: Greg Tavarez    9/18/2024

TD SYNNEX, a global technology distributor, recently announced the acquisition of IPsense Cloud Migration, a cloud solutions provider based in Brazil.

Read More

Embedded AI Security Comes to Lenovo PCs, Powered by SentinelOne

By: Greg Tavarez    9/18/2024

Lenovo, along with SentinelOne, announced a multi-year collaboration to bring AI-powered endpoint security to millions of Lenovo devices across the gl…

Read More

CrowdStrike and 1Password: A Powerful Duo for SMB Cybersecurity

By: Greg Tavarez    9/18/2024

CrowdStrike expanded its partnership with 1Password to simplify security for 150,000 customers, with a focus on SMBs in particular.

Read More

MSP Expo Silver Sponsor Granite to Cut Ribbon on New HQ as it Looks Forward to 'Granite 2.0'

By: Greg Tavarez    9/17/2024

Granite announced that it will officially open its new headquarters on September 20 at 1 Heritage Drive, Quincy, Massachusetts.

Read More

EasyDMARC Secures $20M, Vows to Strengthen Email Security Solutions and Global Channel Partner Ecosystem

By: Alex Passett    9/16/2024

Earlier this morning, email security company EasyDMARC announced that it successfully closed its $20 million Series A funding round, led by Radian Cap…

Read More