GreyNoise Intelligence, the cybersecurity company analyzing internet scanning traffic to separate threats from background noise, announced that it has achieved SOC 2 Type II compliance, also known as SSAE 18, in accordance with American Institute of Certified Public Accountants (AICPA) standards for Systems and Organizational Controls (SOC). Achieving this standard with an unqualified opinion serves as third-party industry validation that GreyNoise provides best-in-class enterprise-level security for its customers’ data.
“Although GreyNoise has always maintained a strong commitment to information security and data integrity, the rigorous process of the SOC 2 Type II audit helped us further codify and strengthen our security and data protection practices,” Reid Huyssen, Director of IT & Security Manager, GreyNoise Intelligence. “Rather than just doing the minimum to pass the audit, we chose to approach it as an opportunity to learn all we could from it and find ways to further enhance our platform. The SOC 2 Type II Compliance designation will signal to our customers that the claims we make about implementing best-in-class practices to keep their data safe are grounded in truth.”
SOC 2 is an auditing procedure that ensures 3rd party service providers are securely managing data to protect the interests of customers and the privacy of their clients. SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy. The SOC 2 Type II audit report details the operational effectiveness of a vendor’s systems and certifies that they meet relevant trust principles. An unqualified opinion on a SOC 2 Type II audit report demonstrates to GreyNoise’s current and future customers that they manage their data with the highest standard of security and compliance.
Using a global network of passive sensors, GreyNoise collects, analyzes, and labels data on IPs that scan and attack the internet, saturating security tools with noise. GreyNoise data provides security teams with an early warning system for mass exploitation attacks on the internet, real-time IP block lists they can use to defend themselves, and context to quickly eliminate noisy alerts.