By teaming up with Kasada, GreyNoise Intelligence will be able to provide users with an improved understanding of their security environment and more accurate information about which potential threats demand their attention.
Kasada detects malicious automation and bot networks, seeing billions of bot interactions every month.
GreyNoise collects, analyzes and labels data about IP addresses that scan the internet and saturate security tools with “noise”.
GreyNoise has enriched its IP data with Kasada’s intelligence on persistent bot traffic, allowing users to quickly identify and triage emerging bot activity.
This information will be available to security organizations and the public for free here.
“Kasada’s approach to bot mitigation not only identifies bots that others miss, but halts them in their tracks, from the start,” said Andrew Morris, founder and CEO of GreyNoise Intelligence.
“I’m excited about how well our technologies complement each other in this first-of-its-kind partnership. The combination of their expertise and ours provides powerful insight and context to our users.”
Kasada estimates that 30% of all Internet traffic is generated by bots. Malicious bot-driven events occur every day, and the majority of login attempts across industries are fake, passing by mostly unnoticed as well-disguised traffic that looks and acts “human.”
By enriching GreyNoise’s IP scan and attack data with Kasada bot intelligence, the companies will give security analysts a clearer understanding of which potential threats to be worried about, helping them apply their limited time and resources to those attacks targeted towards their businesses.
“GreyNoise delivers a unique understanding of Internet background noise, and by combining that with our real-time bot information, countless companies will be able to differentiate true threats from noise faster than ever before,” added Sam Crowther, founder and CEO of Kasada.
“The ability to quickly focus efforts on the most troubling attacks without worrying that something critical was missed is of tremendous value.”
For any IP address in the GreyNoise Visualizer identified as a bot by Kasada, security analysts get detailed insights about the IP’s attributes and behavior.
With this level of data, analysts can determine whether the bot activity associated with this IP address represents a threat that requires further investigation or one that can be deprioritized.
The detailed insights include:
- Bot – Kasada’s bot intelligence is overlaid with GreyNoise’s to expose IPs that GreyNoise has seen scanning the internet that Kasada has also seen engaging in bot activity.
- Classification – the IP’s intent– is it malicious, benign, or unknown.
- Common vulnerabilities and exposures (CVEs) – Users immediately gain insight into which security vulnerabilities the IP is probing for or exploiting.
- Metadata – When was the first and last time this IP was seen scanning the Internet? Users can also learn what operating system (OS) it’s running, what its geographic location is, and other information such as ports and paths, JA3 fingerprinting, if a user-agent is being used, and more.
- Tags – Tags quickly tell users what behavior the IP address is exhibiting.
“For too long, security analysts have been forced to struggle through a never-ending onslaught of alerts, hoping they’re using their limited time on what’s most important.
“The sheer volume of events makes it impossible to address every issue,” said Joseph Krull, Senior Cybersecurity Analyst at Aite Group.
“The pairing of Kasada and GreyNoise will help to highlight the most critical events and attacks, empowering users to protect their organization by using their valuable time and resources more effectively.”