2026 GreyNoise State of the Edge Report: Where Attacks Concentrate and Defenses Fall Short

GreyNoise released its 2026 State of the Edge Report, analyzing 2.97 billion malicious sessions across 162 days to identify concentration points in cyber attacks. The research challenges existing assumptions regarding the effectiveness of current edge defenses. Key findings highlight significant targeting of VPN infrastructure and concentrated attacks on specific network edges. Attackers are observed rapidly rotating through fresh IP addresses to evade detection and maintain persistence. This telemetry quantifies critical gaps in defensive postures, indicating that traditional perimeter security may be insufficient against high-volume, distributed scanning and exploitation attempts. The report emphasizes the need for updated mitigation strategies to address infrastructure concentration and IP rotation tactics. Organizations are advised to review edge security configurations and monitor for anomalous session patterns to better defend against these widespread malicious activities targeting network boundaries.

GreyNoise analyzed 2.97 billion malicious sessions over 162 days — and the patterns challenge assumptions about where edge defenses are strongest. From VPN targeting to infrastructure concentration to attackers rapidly rotating through fresh IPs, new research quantifies where the gaps are and what to do about it. Read the full findings.

GreyNoise released its 2026 State of the Edge Report, analyzing 2.97 billion malicious sessions across 162 days to identify concentration points in cyber attacks. The research challenges existing assumptions regarding the effectiveness of current edge defenses. Key findings highlight significant targeting of VPN infrastructure and concentrated attacks on specific network edges. Attackers are observed rapidly rotating through fresh IP addresses to evade detection and maintain persistence. This telemetry quantifies critical gaps in defensive postures, indicating that traditional perimeter security may be insufficient against high-volume, distributed scanning and exploitation attempts. The report emphasizes the need for updated mitigation strategies to address infrastructure concentration and IP rotation tactics. Organizations are advised to review edge security configurations and monitor for anomalous session patterns to better defend against these widespread malicious activities targeting network boundaries. GreyNoise analyzed 2.97 billion malicious sessions over 162 days — and the patterns challenge assumptions about where edge defenses are strongest. From VPN targeting to infrastructure concentration to attackers rapidly rotating through fresh IPs, new research quantifies where the gaps are and what to do about it. Read the full findings. GreyNoise analyzed 2.97 billion malicious sessions over 162 days — and the patterns challenge assumptions about where edge defenses are strongest. From VPN targeting to infrastructure concentration to attackers rapidly rotating through fresh IPs, new research quantifies where the gaps are and what to do about it. Read the full findings.