GreyNoise Intelligence, a Washington D.C.-based cybersecurity startup that analyses internet scanning traffic to help organizations separate threats from internet “background noise,” has landed $15 million in Series A funding to expand its threat collection capabilities and help protect organizations from emerging vulnerabilities.

GreyNoise is a self-styled “anti-threat intelligence” company that provides essentially a spam filter for internet threat alerts. Just as inboxes are bombarded with unwanted emails and unsolicited junk, security operations analysts are assaulted by endless, often pointless alerts. While many of these can be the signs of a targeted cyberattack, most are false positives created from internet background noise, such as benign scanning done by security firms, researchers, and academics. However, all of these alerts require manual triage that can often lead to missed threats and productivity issues.

The startup looks to solve this problem by filtering out benign security alerts, leaving security professionals to deal with the ones that matter. It does this through its network of 5,000 passive sensors that sit in data centers across the world, collecting, analyzing, and labeling data on IPs that scan the internet.

Andrew Morris, GreyNoise founder and CEO, tells TechCrunch that organizations using the product see on average a 25% reduction in security alerts. “Most alerts are malicious, it’s just what we refer to everywhere malicious — it’s not targeted,” Morris, who previously worked in research and development at endpoint security startup Endgame, says. “It’s kind of like the guy walking down the street trying to open every car door. Are they ill-intentioned? Yes. Are they coming after you? No.”

The startup has had a busy couple of years since its $4.8 million seed investment in April 2020: it has grown its headcount from 7 to 50 employees, and has more than 100 paying customers — including the U.S. Department of Defense. GreyNoise also claims to be the first organization to detect broad exploitation of the Log4Shell vulnerability, which led to Morris testifying in front of the Department of Homeland Security — and inspiring new functionality to its product that enables companies to block emerging threats before they land on their network.

GreyNoise plans to further build out its product with its $15 million Series A investment, which was led by Radian Capital with participation from CRV, Inner Loop, Stone Mill Ventures and Paladin Capital, and tells TechCrunch it plans to “drastically” expand the size and scope of data collection efforts.

Morris adds that while the startup doesn’t have immediate plans to further grow its headcount, it’s playing a tactical game of wait-and-see in the hopes of picking up talent as a result of mass layoffs at other organizations.

“We don’t have to scale back super hard like a lot of other companies are afraid that they have to,” Morris says. “A big part of our game plan is to sit around and wait for fantastic talent to become available from either buying laid off from other companies or from resigning.”