GreyNoise Helps Organizations Defend Against Opportunistic Scan-and-Exploit Attacks in Real Time with Investigate 4.0

Vulnerability exploitation used for 34% of security incidents in 2021

Washington, DC – March 14, 2021 – GreyNoise Intelligencethe anti-threat intelligence company, today introduced Investigate 4.0, a cybersecurity tool that helps security analysts identify and respond to opportunistic “scan-and-exploit” attacks in real time.


“Combating internet-wide opportunistic exploitation is a complex problem, with new vulnerabilities being weaponized at an alarming rate,” explained Andrew Morris, Founder and CEO, GreyNoise Intelligence.   “Investigate 4.0 enables security teams to quickly see exploit attacks as they emerge, identify and block opportunistic attackers, hunt for compromised systems, and prioritize patching.  It offers security teams a better way to stay ahead of large opportunistic attacks such as Log4J.”

According to a recent report by IBM, severe vulnerabilities in internet-facing enterprise software are being exploited and weaponized at a higher frequency, at massive scale:

·        Opportunistic “scan-and-exploit” attacks are quickly approaching phishing as the most-used cyber attack vector, with 34% of attacks in 2021 used vulnerability exploitation, compared to 41% of attacks leveraging phishing. 

·        Vulnerability exploit attacks grew 33% in 2021 from 2020, indicating this attack vector’s strong hold in threat actors’ arsenals.

Furthermore, the amount of time between disclosure of a new vulnerability and the start of active exploitation has been reduced to a matter of hours, leaving defenders with less time to react and respond. 


GreyNoise Investigate Delivers Real-Time Visibility and Blocking of Exploit Attacks


GreyNoise Investigate helps security analysts identify and respond to opportunistic “scan-and-exploit” attacks, providing context about the behavior and intent of IP addresses scanning the internet. Investigate allows security teams to:

·        Quickly triage alerts based on malicious, benign, or targeted classifications

·        Identify trending internet attacks targeting specific vulnerabilities and CVEs

·        Block and hunt for IP addresses opportunistically attacking a specific vulnerability


With the release of Investigate 4.0, GreyNoise has created a new Trends Page that helps security analysts identify and respond to internet attacks targeting specific vulnerabilities. This new page provides two key capabilities:

·        Attack Visibility. The Trends graph shows the number of IP addresses targeting a specific vulnerability or CVE over time. This unique visualization allows security teams to identify and prioritize internet threats based on how actively a vulnerability is being exploited in the wild. 

·        Dynamic IP Lists. The new Trends page provides several ways for analysts to access a dynamic list of IP addresses actively scanning for a vulnerability in the past 24 hours. This data can be used to provide near-term protection by blocking attacks at the firewall or WAF, as well as providing indicators of compromise to use to hunt for potentially compromised systems. 


Taken together, this new Trends functionality allows security teams to quickly understand if a vulnerability is relevant to their organization, and to buy them the time they need to put security defenses in place. 


The new Trends Attack Visibility graph is included for members of the free GreyNoise community. In addition, for severe vulnerabilities with global impact, GreyNoise will selectively make the full functionality of the paid Trends page available to anyone who needs it for defense purposes, including both attack visibility and IP downloads. 


GreyNoise Products


GreyNoise helps security teams deal with the problems of internet noise, by collecting, analyzing and labeling data on noisy IP addresses that scan and attack the entire internet. Rather than saturating security teams with alerts, GreyNoise helps them to focus on the threats that really matter, and ignore the ones that don’t. 


GreyNoise offers two plans for enterprise customers:

·        GreyNoise Investigate helps security analysts identify and respond to opportunistic “scan-and-exploit” attacks. With Investigate, analysts can quickly triage alerts based on malicious or benign classifications, identify trending internet attacks, and quickly react to these attacks with blocking and hunting strategies.

·        GreyNoise Automate helps SOC teams reduce the time they spend on harmless or irrelevant events, saving analyst time and increasing SOC capacity 20-40%. With Automate, security teams can automatically suppress noisy alerts generated by their SIEM and SOAR systems, and accelerate security event research and investigations.


In addition to its enterprise plans, GreyNoise is committed to supporting the broader security community via its free Community plan, which currently serves over 20,000 individual security analysts. 


To learn more about GreyNoise products or create a free Community account, please visit  


About GreyNoise Intelligence

GreyNoise is THE source for understanding internet noise. We collect, analyze and label data on IPs that saturate security tools with noise. This unique perspective helps analysts waste less time on irrelevant or harmless activity, and spend more time focused on targeted and emerging threats. GreyNoise is trusted by Global 2000 enterprises, governments, top security vendors and tens of thousands of threat researchers. For more information, please visit, and follow us on Twitter and LinkedIn.



No posts to display