GreyNoise utilizes a unique technology which uses a data-driven approach to sort through Internet background noise and tell customers, not what threats are dangerous, but which are not, and can be safely ignored.
GreyNoise Intelligence, a 2017 startup, has announced a strategic partnership with the Defense Innovation Unit (DIU) to optimize the investigations of the U.S. Department of Defense. It’s a significant win for the young company, both on its own terms because of the revenues involved, and because the U.S. Department of Defense’s willingness to entrust a key security role to a startup is a powerful validation of their technology.
“In my opinion, it’s a very big deal that an organization like the Department of Defense will work with an organization of our size and maturity is exciting, and that’s both very exciting and, I believe, very rare,” said Andrew Morris, CEO of GreyNoise Intelligence.
GreyNoise’s differentiation is their ability to sort through and eliminate internet background noise, thus reducing alert fatigue in SOCs.
“There are enough security companies to tell you what to worry about,” Morris said. “We tell you what NOT to worry about.”
Morris differentiated GreyNoise from companies who reduce pressure on the SOC by triaging Level One SOC work in an automated fashion.
“We make the SOC as efficient as possible by giving them further context around pointless alerts so they can deprioritize those,” he said. “The way we do it is different though, from any other company that I’m aware of. We go out and collect data on the Internet and compare it to what our users are seeing. It’s a data-driven approach, around what we call Internet background noise. We analyze that data and make our analysis available to the security products our customers are using, so their alerts are enriched against our data. With this, we can tell them to ignore benign events or malicious ones which are not targeted at them.”
Much of the data used for this is collected by GreyNoise themselves. Morris said they also receive a lot from integrations with data sharing partners, specifically SIEMs, SOARs and TIPs, who are willing to share subsets with them.
“The key though is that we analyze it in a way that’s different from everyone else,” he stated.
While the new announcement is around the U.S. Defense Department, and is focused on reducing alert fatigue and increasing analyst by scaling across the organization, GreyNoise’s addressable market is much broader than the government sector.
“Any company that has a SOC, or MSSPs who provide them to others, are a potential customer,” Morris indicated. “We are completely agnostic. We have customers in every vertical and we have a lot of commercial customers other than government. If you have a security team with a SIEM, you can get value from us.”
GreyNoise closed their first customer in 2018, have been selling for about two years, and are still primarily in the direct selling stage, but the plans are in place to go beyond that.
“Right now, we are still focused on direct so we can have close relationships with customers, but we have completed quite a few channel transactions where it makes more sense,” Morris said. “We have an almost completely repeatable sales process, but we are not quite there yet. As soon as we get there, we will build out a channel program We are almost at that point.”
They also have several strategic partners, but these are not yet public information.
GreyNoise has a free offering as well, which Morris described as a slimmed down version of what their enterprise customers get.
“They just have to use our web interface,” he said. “We just released our free public API last week.”