Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

New GreyNoise Service Alerts Organizations of Compromised Networks

GreyNoise Intelligence has introduced a new service that provides alerts on possible network intrusions.

The cyber-security firm analyzes scan and attack activity across the Internet, filtering noise generated by mass scanners, search engines, bots, worms, and crawlers.

GreyNoise Intelligence has introduced a new service that provides alerts on possible network intrusions.

The cyber-security firm analyzes scan and attack activity across the Internet, filtering noise generated by mass scanners, search engines, bots, worms, and crawlers.

Such activity reaches all servers and computers connected to the web, and GreyNoise looks into it and labels it in an effort to help filter untargeted scans and identify malicious attacks.

This week, GreyNoise introduced GreyNoise Alerts, a free service that alerts organizations when suspicious activity is identified on their network.

With servers deployed around the world, the security company continuously monitors the scan traffic and looks for signals coming from devices within a specific organization’s environment, issuing alerts when malicious artifacts are observed in this traffic.

The service, the company says, is pretty straightforward: “Get an email if GreyNoise observes any Internet scan and attack traffic originating from networks that belong to you. It’s that simple.”

To take advantage of the service, which is currently in beta, an organization would simply need to create a free account with GreyNoise, then enter the IP ranges within their organization.

Advertisement. Scroll to continue reading.

“If GreyNoise observes any devices within those ranges become compromised or start scanning the Internet, we send you an email,” the company explains.

Customers can input their Classless Inter-Domain Routing (CIDR) blocks, configure names and scanning intervals, and then provide an email address to receive the warnings. The email alerts include information on the IPs that match the query.

The free service, GreyNoise says, is expected to help organizations easily distinguish between targeted and untargeted attacks, reduce false positives, identify compromised devices, filter known-good scanners, identify emerging threats, and find out whether a specific port is being targeted.

For users of Standard and Enterprise subscriptions, the service provides optional file attachment (JSON, CSV) with full query results, monitoring of an unlimited amount of networks, alerts in realtime or hourly intervals (free users get notified within one day), and notifications by webhook or Slack.

Related: Hackers Scanning for Apache Tomcat Servers Vulnerable to Ghostcat Attacks

Related: Cloudflare Open-Sources Network Vulnerability Scanner

Related: Kaspersky Open Sources Internal Distributed YARA Scanner

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.