Tracking Internet Noise to Reduce Alerts and Focus on Trending Exploits

with Andrew Morris of GreyNoise Intelligence

Wednesday, February 9
1 pm ET
Presentation Slides


Every machine connected to the internet gets slammed with unsolicited communications from tens of thousands of IP addresses every day. This massive volume of “internet noise” triggers security tools to generate thousands of events that SOC teams must analyze, even though much of the traffic is harmless scanning, opportunistic “commodity” attacks, and even traffic from common business services.

At GreyNoise, we listen to internet-wide scan traffic, and categorize it based on behavior and intent. This allows us to determine what traffic is malicious, unknown, or benign. Working with our customers, we’ve found that 20-40% of security alerts are generated by “internet noise” that could be safely de-prioritized or ignored. And we’ve also seen a storm of opportunistic attacks spin up with each new CVE announced by Apache.

Join GreyNoise founder and CEO Andrew Morris to learn how GreyNoise data can be used to reduce alert fatigue and detect emerging threats. Specifically:

  • The challenges of internet noise
  • GreyNoise’s internet-wide sensor network
  • How GreyNoise customers are reducing their alert loads by 25% or more
  • How GreyNoise customers are defending against opportunistic attacks like we’ve seen with the Apache Log4j vulnerability
  • And check out a live demo of the FREE GreyNoise service

Any question regarding this TechBurst? Pleace contact Supriya Mazudmar, GreyNoise Community Manager.

Speaker: Andrew Morris, Founder and CEO of GreyNoise

Andrew Morris is founder and CEO of GreyNoise Intelligence, a cyber security company based in Washington DC that analyzes Internet scanning traffic to separate threats from background noise. Andrew has a strong background in offensive cyber operations and security research. Before starting GreyNoise, Andrew worked in R&D at Endgame (military grade endpoint protection), security engineering at Intrepidus Group (mobile app security), and penetration testing at Knowledge Consulting Group.

Access Techburst

This recording is open to the public, as well as designated representatives of REN-ISAC member institutions. Information is classified TLP:WHITE (REN-ISAC:PUBLIC).