“We’re deeply thrilled to be able to call the DoD a full customer, and honored to support their mission,” said Andrew Morris, Founder and CEO, GreyNoise Intelligence. “GreyNoise has become the ‘go-to’ authority on the scan and attack traffic that absolutely all internet-dependent organizations are subject to, because of our unique ability to monitor and analyze internet noise at global scale. This visibility has become more and more important as malicious actors leverage automation to scale their attacks. GreyNoise will enhance cyber threat detection and intelligence-gathering capabilities across the DoD and other branches of the US government, and enable security analysts to focus their valuable time and energy on legitimate threats.”

Analyzing Internet Noise

Every machine connected to the internet is exposed to a barrage of unsolicited communications from tens of thousands of unique IP addresses per day—a phenomenon that many people call internet background noise. A percentage of these communications are malicious attacks and web crawls; some are non-malicious scans and pings; some are legitimate business services; and others still are unknown, but hitting everyone on the internet. This massive volume of unsolicited traffic is a challenge for security organizations, because it triggers security tools to generate thousands of events to be analyzed, with little context on the potential threats. Every day, security analysts struggle to differentiate between targeted cyber attacks and false positives created from internet background noise.

GreyNoise collects, categorizes, and contextualizes data on internet background noise via a network of thousands of passive sensors around the world. Once collected, the traffic is automatically enriched, analyzed, tagged, and summarized to provide context and intent. This allows security practitioners to de-prioritize insignificant threats, so that they can redirect their time and energy toward addressing targeted threats on the perimeter.

Helping Security Teams

GreyNoise offers two value propositions for security analysts and SOC teams:

1. Increase analyst capacity
GreyNoise helps SOC teams recognize events not worth their attention. Indicators in GreyNoise are likely associated with opportunistic internet scanning or common business services, not targeted threats. This context helps the SOC in a few ways:

  • Suppress/de-prioritize noisy alerts. Security engineering teams can automatically enrich SIEM or SOAR events, and suppress or deprioritize alerts generated by common business services or benign IPs.
  • Reduce false positives. Cyber threat intelligence teams can enrich indicators in their Threat Intelligence Platform to reduce false positives in downstream security systems.
  • Accelerate triage/faster time to verdict. SOC analysts can manually triage noisy alerts much more quickly with GreyNoise context data, freeing up time for higher priority work.

On average, prospects who trial GreyNoise see that 20-40% of their alert traffic is noise, and GreyNoise customers are seeing alert volume reductions of 25% or more.

2. See emerging threats faster
GreyNoise helps organizations reduce the risk and costs of compromise by seeing emerging threats faster and more clearly, in three basic ways:

  • Decreased time to verdict. Instead of spending time researching harmless scanners, false positives, and common business services that trigger alerts, GreyNoise gives analysts this time back to focus on what matters.
  • Identify compromised devices. GreyNoise will flag activity that indicates a possible compromise.
  • Identify CVEs being exploited in the wild, at scale. GreyNoise provides unique, early visibility into vulnerability checking and exploit attempts against newly announced CVEs, providing IR teams with the necessary lead time to mitigate risk, and vulnerability management teams with the data to prioritize patching.

GreyNoise in the DoD

This production contract with a $30 million ceiling will allow GreyNoise’s platform to be purchased and utilized by all DoD organizations over a 5 year period. It is a result of GreyNoise’s partnership with the Defense Innovation Unit (DIU), an organization within the U.S. DoD focused on identifying and scaling commercial technology solutions and deploying them rapidly across the U.S. military to strengthen the nation’s security.

GreyNoise has created an ordering guide that makes it easy for DoD organizations to scope and purchase the GreyNoise platform for their specific requirements. To access the ordering guide for GreyNoise products associated with this contract, please email sales@greynoise.io. To create a free account to use GreyNoise’s community products, please visit https://www.greynoise.io/.


GreyNoise helps security analysts save time by revealing which events and alerts they can ignore. By curating data on IPs that saturate security tools with noise, GreyNoise helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats. GreyNoise is trusted by Fortune 500 enterprises, governments, top security vendors and thousands of threat researchers. For more information, please visit https://www.greynoise.io/, and follow us on Twitter and LinkedIn.


Paladin Capital Group was founded in 2001 and has offices in Washington DC, New York, London, Luxembourg, and Silicon Valley. As a multi-stage investor, Paladin focuses on companies with technologies, products, and services that meet the challenging global cyber security and digital infrastructure resilience needs for commercial and government customers. Follow the firm on Twitter @Paladincap and visit www.paladincapgroup.com.