What Is GreyNoise? And How They Approach Threat Intelligence

In the current state of cybersecurity, any business dealing in sensitive information should not be in the dark about any threat lurking against them. Threat intelligence is the most vital information any business should be privy to.

Threat intelligence as a practice has gained popularity among organizations. Research shows that a larger percentage of users take advantage of threat intelligence to monitor their networks. Grey Noises is one of the market leaders in threat intelligence.

Companies must watch around every corner for the risk of impending doom creeping at their heels. This guard knows it, and that’s why we’ll always reference threat intelligence best as a 360-degree approach to threat management.

Let’s take a brief look at the approach of GreyNoise intelligence towards threat intelligence and its offerings. Read on to discover more about them, cybersecurity investing, and decide if they’ll benefit your organization.

About GreyNoise

GreyNoise Intelligence is a Washington DC-based tech security company. They were founded in 2017 by Andrew Morris, who remains acting as the company’s CEO.

In June of 2021, GreyNoise announced an investment worth an undisclosed seven-figure amount from In-Q-Tel. Supported by the CIA, In-Q-Tel is a strategic intelligence investor. More on GreyNoise and the role in Department of Defense security shortly.

Four rounds of cybersecurity venture capital fundraising have brought in $5.4 million in funding for the small cybersecurity firm. The most recent of GreyNoise’s nine investors include In-Q-Tel and Paladin Capital Group.

While the company is relatively small, they have a big reach. GreyNoise has their sensors around the globe scanning. When learning about this company, you’ll often hear the phrase internet noise, which is what GreyNoise looks at with activity on the internet.

The GreyNoise Financial Picture

Touting itself as the source that monitors internet noise, the company has stayed solid and had continued growth as a privately held company using four rounds of investor funding since its start in 2017.

The company now has 30 employees based in DC. They have applications and grants for five products and have had two patents approved.

What Is the GreyNoise Product?

GreyNoise Intelligence uses its sensors placed around the globe on its cybersecurity platform to collect and analyze Internet-wide scan and attack traffic.

GreyNoise takes the data they collect and uses it to:

  • Identify behaviors
  • Methods
  • Search intent

It can then take the information and help analysts know what’s noise and what they should pay attention to while watching the internet.

Data coming at IPS can overload and saturate security tools that are in place. By analyzing data, the company can decipher what is just noise and what an analyst should really be watching.

This way, government, and company analysts don’t waste time and energy on harmless or irrelevant internet activity.

When they don’t have to focus their energy on nonessential internet noise, they can instead focus their energy on emerging and targeted potential threats.

GreyNoise helps the analysts eliminate the internet noise that isn’t worth noting. Sometimes, noise is just noise but not a real threat.

The company will use its sensors to monitor what your devices are doing. For example, if a device is found scanning the internet, it’s likely already compromised, which GreyNoise would inform you about.

The company uses something they call GreyNoise Query Language (GNQL) to watch for IPs out there, hoping to exploit a vulnerability in the system.

How Is GreyNoise Different?

Andres Morris of GreyNoise recently did an interview where he discussed how GreyNoise is different from other cybersecurity companies.

A company and competitor like Shodan use search engines to look at open internet ports and services. GreyNoise, on the other hand, looks at people scanning the internet.

The goal at GreyNoise Morris explains is to help companies and enterprises tell the difference between targeted and omnidirectional scanning. This allows them to be better equipped to defend against those attacks.

Morris explains that some scanners don’t pose a threat to your system. If you know which scanners don’t appear to be a threat, you can remove them and the noise they make.

Once removed, you’re better equipped to focus on scanners that pose a risk for you as a company.

How Does GreyNoise Work?

It’s an interesting idea. GreyNoise focuses on what they call internet noise. The concept of noise translates to activity or bursts of activity. So, how do they decide which noise is just noise and which needs your cybersecurity team’s attention?

GreyNoise listens for that internet activity using what they call honeypots. They have placed honeypots in all regions and all cloud providers. Consider this; they have honeypots with:

  • 15 AWS zones
  • 11 DigitalOcean regions
  • 36 Google regions
  • 15 Vultr regions
  • Nine Linode regions

The Grey Noise Visualizer works with the honeypots that monitor these regions. They watch hundreds of thousands of IP addresses daily. They watch millions of logins per day.

The caveat is that they need to decide which of these is normal noise and which is problematic.

Again, the ultimate goal is to tell your system which things aren’t a problem, so you can focus on where there might be an issue.

Ultimately, the GreyNoise insight is delivered using API, integrations, and visualizer from two datasets.

These datasets include Internet Background Noise and RIOT (Common Business Services).

Let’s consider background noise first. Many competitors for GreyNoise, or even those who work in conjunction with them, look for malicious intent and system vulnerabilities. That’s the focus of their scans.

With GreyNoise, they scan differently. They gather data to identify behavior, methods, and intent. This gives analysts the context they need to address potential issues.

The RIOT addresses those common business services from sources like  Microsoft O365, Google Workspace, and Slack. When these applications are running, their IPS are unpublished or nondynamic IPs.

This is a challenge to monitor and can create an unnecessary distraction for security teams. So, GreyNoise helps to decipher this harmless activity so that the focus can go other places.

How GreyNoise Is Addressing IoT Devices

Internet of things or IoT devices is an issue in cybersecurity. These IoT devices are intended to use sensors, software, and other technologies to communicate and exchange data with other devices.

Yet, they can make a whole lot of noise on the internet. These IoT devices are anything from ordinary household objects to sophisticated industrial tools, think coffee pots, refrigerators, and web cameras.

GreyNoise has done significant work on the impact of these IoT devices and has published extensively about it. They’ve discussed the potential bots and automated worms that can infect a system coming from these kinds of IoT devices.

Testing GreyNoise

GreyNoise offers their product in three tiers of pricing, depending on your size and specific needs. Large enterprises will pay around $3,000 per month for services. Smaller companies can get services for $500 per month.

One thing that GreyNoise has consistently done since its onset is offer a limited free API to test out the product.

If you’re a candidate for the free API, it’s smart to consider your own needs. Be sure to test the product in your system to see that it does what you need.

While some might question the access to the free GreyNoise API key, it has also provided meaningful feedback for the company and worked as a powerful marketing tool, too.

While the CEO, Andrew Morris has been reluctant to go outside for capital resources, that has changed more as they have grown. He remains transparent in only seeking help from investors who share his vision and will allow him to maintain firm control of the direction of the company.

GreyNoise and the Department of Defense

In 2020, GreyNoise formed an important alliance with Q-Tel, who became a strategic partner and investor in GreyNoise. The goal was to better serve their intelligence customers.

Morris mentions the unique feature of working with intelligence clients is their limited ability to provide feedback because so much of what they do is highly classified and secret.

In March of 2021, GreyNoise announced a partnership with the Defense Innovation Unit (DIU). This alliance has the goal of being better able to serve the intelligence community that GreyNoise services.

In working with the DUI, GreyNoise hopes to help analysts from the Department of Defense improve their investigative skills. Morris believes that many intelligence analysts face unnecessary fatigue because of the internet noise they must work through.

By working with DUI and the DoD, they hope to help intelligence analysts work to avoid the noise that holds no threat. In doing this, the company can help with security analyst alert fatigue, employee turnover, and lost productivity.

In both cases, the partnerships aim to help intelligence clients and DoD intelligence analysts focus on what matters most. They can learn which alerts to focus their investigations on and also work to triage those that are acting as background noise.

GreyNoise Intelligence

GreyNoise has a slightly different approach in helping companies with their cybersecurity needs. Their ideas and products have been successful in helping security teams identify what might be a real threat and what’s just internet noise.

If you’re interested in learning more about GreyNoise or other cybersecurity venture capital opportunities, we can help. Contact us to set up a time where we can discuss your investing goals.

Share

You Might Also Like...