Risky Business Risky Biz Soap Box: Greynoise knows when bad bugs are coming
16 snips
Nov 20, 2025 Andrew Morris, the founder of GreyNoise, joins the discussion to unveil how their technology can predict serious vulnerabilities up to 90 days in advance. He shares insights on the coordinated mass scanning activities that often precede big security disclosures. Andrew explains strategies for organizations to use early warning signals effectively, like auditing configurations and adopting a zero-trust mindset. He also touches on the challenges posed by residential proxies and IPv6 while advocating for tailored scanning methods to enhance security.
AI Snips
Chapters
Transcript
Episode notes
Scanning Spikes Predict Big Vulnerabilities
- GreyNoise correlates mass scanning spikes with high‑severity vulnerabilities that are publicly disclosed within ~30–90 days.
- The pattern is consistent enough to give meaningful early warning of major disclosures.
Mass Scans Reveal Single Well‑Resourced Actors
- Large, tightly coordinated scans often originate from a single actor operating thousands of IPs, indicating significant resources.
- That scale implies either leased IP ranges or access to many compromised devices.
Act Now On Early Warning Signals
- When GreyNoise signals a likely upcoming exploit, audit edge device configs and logs immediately and assume compromise is possible.
- Use eyeballs and simple actions (reboots, config checks) rather than waiting for alerts you may not have.