In our 1st episode of Storm Watch, the hosts discuss GreyNoise, a cybersecurity company that operates a large honeypot network to collect data on unsolicited internet traffic. By analyzing this data, GreyNoise can identify attackers, network scanners, and other malicious activities, helping users prioritize and make actionable decisions based on the findings.
The hosts also talk about CISA KEV, a known exploited vulnerabilities list that helps organizations prioritize remediation and mitigation efforts. CISA KEV updates are not on a scheduled basis but are added as new information becomes available. GreyNoise partners with SysiCav to provide valuable data for the list. The hosts emphasize the importance of prioritizing older vulnerabilities, as some of the recent additions to CISA KEV date back to 2004.
For those new to GreyNoise, the hosts recommend starting with the visualizer at viz.greynoise.io. Users can explore trends, view tags, and see the most recent malicious IPs detected. The hosts emphasize that even a small number of malicious IPs can be significant, given that GreyNoise sensors are unsolicited and the IPs are actively seeking out these assets.