These soap box podcasts are wholly sponsored – that means everyone you hear in one of these editions paid to be here. Today’s guest is Andrew Morris, the founder and CEO of Greynoise.
Greynoise is one of those companies that has a brief that sounds simple but is actually quite hard to execute on. They detect malicious mass scanning on the Internet so their customers can plug that data into their SOC to see if the IP they just got an alert on is something targeting them or something targeting the whole internet.
You don’t even need to be a customer to get some use out of Greynoise. If you want to know about an IP you’ve seen an alert for just head over to greynoise.io and drop it into the search box – magic awaits.
Greynoise makes its money by selling API access to its service, basically, and its customers mostly use it for SIEM enrichment. But as you’ll hear, Andrew says the company is looking at moving toward actually blocking this type of mass scanning from hitting customer environments, and is even looking at working with telcos to scrub the most egregious stuff from the internet entirely. His rationale is actually pretty simple – he wants to narrow the aperture through which mass scanning can fit through. He wants to make it harder.
But this interview isn’t just about what Greynoise doing, it’s also about the current state of mass scanning.