The Department of Defense recently awarded GreyNoise Intelligence a potential 5-year $30 million contract to help the agency identify and understand internet-wide scan and attack activity. The contract extends the work GreyNoise has already been doing with the Defense Innovation Unit since March.
Considering every machine on the Internet is bombarded by network requests and other types of communication activity, the Internet is a noisy place. However, only some of the traffic would be considered legitimately part of a transaction or in response to some kind of application activity. That doesn’t mean the rest of the traffic is bad — most of it is just junk, actually.
Threat actors may be scanning the internet to discover what ports are open or what services may be running. Or it could be a routine scan by a business application. Either junk or malicious, the security tools flag them to indicate there is something unusual, leaving security analysts with the challenging task of…