Security Solutions Watch Interviews NetWatcher CEO

Chief Executive Officer at NetWatcher
April 18, 2016

Nice article from SecuritySolutionsWatch found here. Thank you for joining us today, Scott. Before discussing NetWatcher Solutions in greater detail, please tell us about your background.

Scott Suhy: Over the past 20 years I have had many amazing experiences that are contributing to my vision and plan for Netwatcher. Early in my career at Microsoft I rose from engineer to general manager of a large P&L. Afterwards I caught the entrepreneurial bug and started a company called PointAbout which we successfully sold to an international software development firm. These experiences provided me the skills to help grow Greenline into a profitable software company that we sold to an international defense contractor in 2013. Fast forward to today, where we have assembled a world-class team of security engineers to focus on one of the biggest market opportunities that is currently being ignored; how to protect small and medium sized enterprises, who are clearly in the sights of hackers, for a reasonable cost with a solution that is easy to use at a cost they can afford. One will read about NetWatcher that, “Through continuous network security monitoring, NetWatcher serves as a 24/7 watchdog for your data and network. Our team of cyber security experts monitor your network and provide the managed security services you need to grow your business.” Please give us an overview of the solution NetWatcher delivers.

Scott Suhy:  Executive staff of companies, board members and those with confidential company (and government) data use smartphones, tablets and laptops that go between work, home networks and public Wi-Fi, leaving their company data as a prime target. Bad actors know this and are using this soft underbelly to exploit infrastructure of larger companies via their supply chain.

For the last ten plus years Fortune 5000 organizations have been installing security software, creating governance models and hiring security professionals to fend off cyber related attacks on their companies. However, companies in the Small to Medium Enterprise market (SME) have been doing almost nothing to defend their infrastructure from malicious bad actors. In general, they can’t afford the protection (security products are expensive), they can’t hire the cyber security talent and their executives do not understand the problem or make it a company priority.

We built NetWatcher from the ground up to solve the problem of the SME who need a tool that is

  • Easy to install and use;
  • Accurate (drastically minimize false positives and noise); and
  • Affordable.

If we solved these key goals, we would be able to accomplish the mission of bringing enterprise security to the millions of businesses beyond the Fortune 5000. NetWatcher tightly couples Intrusion detection, netflow monitoring, active scanning, end point protection and event management with an advanced correlation engine that both detects malicious exploits and also highlights what users are doing that has opened the company up to exploit.  We understand that small and medium Enterprises (“SME’s”) with under 1000 employees is your key target market. What is your perspective, Scott, regarding the unique value proposition that NetWatcher delivers in this space.

Scott Suhy: When we designed NetWatcher we designed it for the small to medium enterprise market but we wanted to be able to scale it to any size network over time. NetWatcher today can work in any size network, however, there is so much need for us in the SME market that it is where we are focused at the moment. SMEs can’t afford the technologies being used by the Fortune 5000 and if they could, they can’t afford to hire the security analysts to run these complex tools. NetWatcher is easy to use, easy to install, easy to understand and highly-accurate so users are not dealing with a lot of nonsense alerts. We only tell the business what they want to know…where are my problems and what do I do to fix them.  Beyond SMEs, how could large enterprises benefit from NetWatcher?

Scott Suhy:  We see two areas of the enterprise that would be ideal candidates to deploy NetWatcher – branch offices and franchises. In regards to branch offices, most CIO/CISO’s of large organizations have many buildings to cover across different geographies. While they often focus on the headquarters, they often don’t have the resources or budget to support branch offices. NetWatcher is a very cost effective option for providing enterprise level security to all those offices.  In regards to franchises, most franchise cannot afford more than a firewall and antivirus software. We offer a low cost / high value option to put enterprise security in each of those locations that can be either managed individually or all as one. We read with great interest this compelling feedback from one of your customers, “NetWatcher gives us peace of mind with regular monitoring of outside threats. This lets me focus on our customers and development priorities instead of trying to figure out every possible security threat.”  This is indeed quite impressive from the CEO at Avizia, Mr. Mike Baird. Care to elaborate on this and any other of your success stories?

Scott Suhy: Security is an expense much like liability insurance. It is necessary but it’s not going to make your company more money. It may save your business or your job, but it’s not a profit center. Our customers like us because we offer an affordable solution for the SME market that is easy to use and offers all the elements of an advanced Fortune 5000 solution. Before NetWatcher, the only thing these companies could afford was Anti-Virus software and a Firewall. Now they have access to a real-time continuous monitoring solution operating 24 hours a day, 7 days a week. This provides peace of mind to allow them to focus on operating their business.  Can we discuss the IoT environment for a moment? The daily headlines tell us that the bad guys are always looking for the weakest link into the network.  What does NetWatcher offer to the company leveraging IoT solutions?

Scott Suhy:  Because of where NetWatcher sits behind the firewall, we see all the traffic going over a company’s internet connection. This allows us to monitor for issues on devices connected to the networking including smartphones, copiers, boardroom televisions, and cameras –essentially anything with a TCP/IP address.

Unintentional Insider Threats (UITs) seems to be a fast growing and major issue today as employees/users might innocently click on phishing messages, visit nefarious websites, run risky/outdated software, connect to an unsafe WIFI, or fall into any number of other traps. What are your thoughts Scott regarding “best practices” that should be followed in this environment?

Scott Suhy: The Unintentional Insider Threat (UIT) is the biggest security issue corporations face today. Users, sometimes knowingly but more often than not unknowingly, are putting their organization at risk through a variety of actions such as clicking on phishing messages, going to nefarious websites, running risky software (TOR/BitTorrent), running outdated software (Java, Flash), using “HTTP” versus “HTTPS”, connecting to unsafe WIFI’s, connecting personal assets like phones/tablets to the corporate WIFI, allowing children to play games like Minecraft on corporate assets (laptops), etc. NetWatcher helps organizations detect all of these hygiene issues that open an organization up for exploit.  Generally speaking….do CEO’s at SME’s “get it”? Are there some common misconceptions you have encountered when speaking to these CEO’s about the threat landscape?

Scott Suhy:  There are three distinct types of organizations that we are seeing. The first consists of those company CEOs who deal with regulatory compliance (FINRA, PCI-DSS, HIPAA etc…). These organizations contain those CEOs who are being pushed by their customers to have the same level of security as they do in order to keep their business. This group contains all the CEOs who have experienced a serious cyber-attack. This camp is looking for a solution like NetWatcher.

The second type of organization is the law firms, accounting/tax firms and anyone that does business with a bank.  These organizations are being asked by their customers to get more secure and to invest in a continuous monitoring solution.  This camp is also looking for a solution like NetWatcher.

On the other side of the count we are seeing organizations that will eventually be exploited soon. These organizations don’t know it yet, but in the future they will be looking for a solution that is easy to use, accurate, and affordable like NetWatcher—it’s just a matter of time.  It seems to us that especially in today’s environment, with well-publicized breaches at Home Depot, JP Morgan, Target, and even at the IRS, that good cyber security is actually a good new business enabler as well.  Your thoughts, Scott?

Scott Suhy: If you take the time to ensure you have both the technology and the process to protect your company, you will be both a more successful and more secure, and that leads to less risk and more revenue opportunity.  The “Family Office” seems to present particularly vulnerable scenarios for the bad actors to get in? Would you agree?

Scott Suhy: In the fact that a “family office” represents a business with assets and networks of similar size as many small organizations, a family office is definitely vulnerable and therefore could benefit tremendously from Netwatcher. Beyond that, for corporate executives and board members, Netwatcher is well designed to protect their business and family information.  NETWORK ALLIANCE is quite an impressive strategic partner. Want to elaborate for us about them and any other NetWatcher strategic relationships?

Scott Suhy: Network Alliance is one of our best Managed Services Provider (MSP) partnerships as they can now serve their customers as an MSSP (Managed Security Services Provider). We have MSP partners all over the country and we are now starting to work with MSPs in Canada. If I had to call out one new relationship that would be with end-point provider Triumfant. We’ve tightly integrated Triumfant’s end-point events into our advanced correlation engine (which is a critical component of the Netwatcher service) and this is working out well for our MPS partners and their customers.  Thanks again for joining us today, Scott. Are there any other subjects you would like to discuss?

Scott Suhy: Executives need to take the time to educate themselves on the real threat. I think they are tired of hearing all the fear mongering and therefore are reluctant to take action. The reality is that there are tools available to anyone that can be very damaging to corporations. Let’s take Shodan as an example.  It is a search engine that lets the user find specific types of computers (routers, servers, etc.) connected to the internet. A quick search for “default password” reveals printers, servers and system control devices that use “admin” as their user name and “1234” as their password. Many more connected systems require no credentials, and all you need is a Web browser to connect to them. This is a hacker’s paradise. So if it’s this easy to find companies to exploit just because those companies did not update their firmware or change their default passwords, you can imagine how vulnerable the majority of organizations are.