HP Banner

In The Boardroom With...

Mr. Scott B. Suhy
Chief Executive Officer



Updated June 1, 2017

Scott Suhy, CEO, NetWatcher, told us,

"On May 12th, 2017 the WanaCry (or WCry, WannaCry, WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) ransomware was unleashed and caused over 75,000 attacks in 99 countries.


How Does the WanaCry Ransomware Work?

The Ransomware initially entered organizations via a phishing email message and then exploited a vulnerability (MS17-010) in Windows to spread within a network locking down computers and asking victims to pay $300 via Bitcoin.  The Windows vulnerability was leaked as part of the NSA Shadow Brokers hack and Microsoft soon after released a patch however many computers were not yet updated at the time of the attack.

What Should I do?  What do NetWatcher Customers do?

  1. Customer’s first need to ensure they are not vulnerable to the attack:   NetWatcher Managed Detection & Response customers leverage a built-in vulnerability scanner that periodically scans their environment for vulnerabilities.   If the customer was vulnerable to the new ransomware they would have seen the vulnerability titled “SMBv1 Unspecified Remote Code Execution (Shadow Brokers)” show up in their reports as a high severity issue and warned that they needed to patch the Windows asset.
  2. Customer’s need to continuously monitor their network: NetWatcher customers leverage a Network Intrusion Detection System (NIDS) that  continuously monitors their internet bound network traffic in case an issue like this is ever seen in the future.

NetWatcher’s NIDS uses many rulesets.   Some of the best indicators are from the ProofPoint/Emerging Threats Open NIDS ruleset and are used as a correlation vector to detect a WanaCry ransomware attack.  Example signatures are as follows:


·   ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Request (set)

·   ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response

·   ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray

The NetWatcher’s cloud correlation service leverages these events (and many others) and creates Alarms when a threat like WanaCry worm is detected.   Most NetWatcher customers set themselves up to receive High Security Alarms via SMS so they never miss a critical Alarm.  If WanaCry is detected a customer would see an email or SMS titled: “WanaCry (or WannaCry, WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) ransomware has been detected on XYZ asset!”

  1. Ensure your monitoring your endpoints: NetWatcher’s endpoint Host Intrusion Detection (HIDS) and LOGS modules also add a high degree of value in producing events when ransomware is detected. The HIDS file integrity monitoring, rootkit detection and process monitoring events (as well as Windows security event log events) all aid the cloud correlation engine to determine what’s been exploited, how bad is the exploit and is it spreading.   Any asset that not on the corporate network and running NetWatcher’s Sensor-in-the-Cloud™ endpoint could even be tracked remotely.
  2. Respond quickly:  Isolate any infected assets to prevent the malware from spreading.

What is NetWatcher?

NetWatcher is a 24x7 network and endpoint security monitoring service designed specifically for ease of use, accuracy and affordability. With NetWatcher you can reduce risk and support regulatory compliance security requirements. You get: § An advanced, tightly integrated, security platform that only the Fortune 5000 could afford in the past § Actionable threat intelligence on what malware exists in your enterprise and remediation guidance § Visibility into the unintentional insider threat -- what your employees are doing on the network that is exposing the organization to exploit § A Secure Operation Center with security analysts monitoring your data and reaching out to your team when necessary § Easy to use customer portal designed for managers and IT, not for those hard to find security analysts, however you can go deep if you want… § Real time scores for today’s security situational awareness picture and the risk of exploit in the future


NetWatcher includes: § Host Intrusion Detection System (HIDS) Endpoint Agents § Network Intrusion Detection System (NIDS) § Security Information & Event Management System (SIEM) § Vulnerability Scanner § Net-flow Analysis § Actionable Threat Intelligence Use Cases: § Monitor Corporate Network and Assets for Security Exploits and Hygiene Issues § Monitor AWS, Azure or Google Cloud Servers § Monitor Off Network Assets (via Sensor-in-the-Cloud™) § Regulatory Compliance-as-a-Service support for HIPAA, FINRA, NIST 800-171, PCIDSS, GLBA, NYCRR 500, etc.)

Updated May 16, 2017

You now have the option to deploy the NetWatcher NetAgent on AWS, Azure and Google Cloud Cloud Servers and take the HIDS/Logs directly to the NetWatcher cloud for correlation. More here

Updated March 1st, 2017

Scott Suhy, CEO, NetWatcher, told us,

“Our MSP partners are beta testing a version of the OpenVAS active security scanner we’ve incorporated into the base NetWatcher platform.  

If you would like to participate in the beta let us know by filling out the form here: 


Updated January 3, 2017

SecuritySolutionsWatch.com: The massive Yahoo breach affecting over 1 billion people, the Amazon hack, concerns over cyber war with foreign governments, and other daily headlines, unfortunately remind us just how vulnerable we are in today’s constant threat environment.  What are best practices for governments, utilities, and enterprises of all kinds, to be followed with this backdrop in mind?

Scott Suhy: Every company large or small has the same issue, the unintentional insider threat—employees (or contractors) inside the network doing things that open the network up for exploit (running risky/vulnerable software, sending data unencrypted over the internet, leaving holes in the firewall etc). If you lower the amount of security hygiene issues your organization has then you lower your risk of a serious breach. NetWatcher is a low cost way of doing the continuous monitoring necessary to not only meet compliance demands but to also lower an organizations vulnerability of an unintentional insider threat.

NetWatcher opened up it’s FREE Managed Detection & Response (MDR) Platform from 1 user to 5 and turned on most of its features (including all of the widgets).  

This is a great MDR solution for small offices and home networks.

·        Secure VPN for all your internet traffic

o   When you connect to an insecure network/WIFI all traffic is encrypted.

·        Intrusion Detection in the Cloud

o   When you connect to an insecure network/WIFI Intrusion Detection is active using the NetWatcher Cloud sensor.

·        Active Threat Intelligence

o   NetWatcher lets you know if you are being attacked and what to do to protect yourself—receive notifications (email) if your computer is under attack.

·        Cyber Promiscuity Score

o   NetWatcher warns you of any unintentionally risky online behavior that will lead to costly and time consuming intrusions, ransomware and cyber theft.

Download the FREE NetWatcher Cloud Endpoint Service Here.

Updated December 1, 2016

SecuritySolutionsWatch.com: Any new developments at NetWatcher, or recent headlines (Dyn, OVH?) you’d like to talk about ?

NetWatcher listens to customers and pushes it’s NetWatcher “Score” down to all employees connecting to a customer’s network.    At the end of the day security is an employee behavior issue—employees have to take responsibility to ensure their company is not exploited.  Most employees are allowed to install software, run outdated software, click on phishing messages, go to nefarious websites and send personally identifiable information (PII) over the internet in clear text.  These behaviors and many more result in companies getting exploited by bad actors that want to exploit the organization.   NetWatcher has been doing a great job providing its customers with a real time score that shows how an organization is doing from a security perspective (an algorithm that takes into account how many assets have malware, how many users have poor security hygiene and how long those issues are allowed to exist)—now NetWatcher is pushing down the hygiene score to each individual on the network and calling it the user’s “promiscuity score ™ ”.  If you want to test out the NetWatcher platform you can easily download their free endpoint from their https://netwatcher.com website and score your own behavior—do it now before your behavior leads to your company getting exploited because of your activities.

Updated September 15, 2016

Scott Suhy, CEO, NetWatcher, told us, "We just launched into beta an endpoint that both works with locally deployed sensors when the user is on-premise as well as and with our cloud sensor when the user is at home or at the coffee shop.   We agree that all security is moving to the cloud but we also believe that there is a transition period.  Our architecture supports detection and response locally for on-premise users and IOT devices and it also supports the mobile workforce when they are not local.  Most SIEM/security providers only support on-premise. What is unique with the NetWatcher Cloud Endpoint? 2 big things.  The one I already mentioned – it can work without local on-premise security infrastructure.  The second area – We are offering a free version of the endpoint that anyone can download and use for no cost."

SecuritySolutionsWatch.com: Thank you for joining us today, Scott. Before discussing NetWatcher Solutions in greater detail, please tell us about your background.

Scott Suhy: Over the past 20 years I have had many amazing experiences that are contributing to my vision and plan for Netwatcher. Early in my career at Microsoft I rose from engineer to general manager of a large P&L. Afterwards I caught the entrepreneurial bug and started a company called PointAbout which we successfully sold to an international software development firm. These experiences provided me the skills to help grow Greenline into a profitable software company that we sold to an international defense contractor in 2013. Fast forward to today, where we have assembled a world-class team of security engineers to focus on one of the biggest market opportunities that is currently being ignored; how to protect small and medium sized enterprises, who are clearly in the sights of hackers, for a reasonable cost with a solution that is easy to use at a cost they can afford.

SecuritySolutionsWatch.com: One will read about NetWatcher that, “Through continuous network security monitoring, NetWatcher serves as a 24/7 watchdog for your data and network. Our team of cyber security experts monitor your network and provide the managed security services you need to grow your business.” Please give us an overview of the solution NetWatcher delivers.

Scott Suhy:  Executive staff of companies, board members and those with confidential company (and government) data use smartphones, tablets and laptops that go between work, home networks and public Wi-Fi, leaving their company data as a prime target. Bad actors know this and are using this soft underbelly to exploit infrastructure of larger companies via their supply chain.

For the last ten plus years Fortune 5000 organizations have been installing security software, creating governance models and hiring security professionals to fend off cyber related attacks on their companies. However, companies in the Small to Medium Enterprise market (SME) have been doing almost nothing to defend their infrastructure from malicious bad actors. In general, they can’t afford the protection (security products are expensive), they can’t hire the cyber security talent and their executives do not understand the problem or make it a company priority. 

We built NetWatcher from the ground up to solve the problem of the SME who need a tool that is

  • Easy to install and use;
  • Accurate (drastically minimize false positives and noise); and
  • Affordable.

If we solved these key goals, we would be able to accomplish the mission of bringing enterprise security to the millions of businesses beyond the Fortune 5000. NetWatcher tightly couples Intrusion detection, netflow monitoring, active scanning, end point protection and event management with an advanced correlation engine that both detects malicious exploits and also highlights what users are doing that has opened the company up to exploit.

SecuritySolutionsWatch.com:  We understand that small and medium Enterprises (“SME’s”) with under 1000 employees is your key target market. What is your perspective, Scott, regarding the unique value proposition that NetWatcher delivers in this space.

Scott Suhy: When we designed NetWatcher we designed it for the small to medium enterprise market but we wanted to be able to scale it to any size network over time. NetWatcher today can work in any size network, however, there is so much need for us in the SME market that it is where we are focused at the moment. SMEs can’t afford the technologies being used by the Fortune 5000 and if they could, they can’t afford to hire the security analysts to run these complex tools. NetWatcher is easy to use, easy to install, easy to understand and highly-accurate so users are not dealing with a lot of nonsense alerts. We only tell the business what they want to know…where are my problems and what do I do to fix them.

SecuritySolutionsWatch.com:  You mentioned a couple of times that NetWatcher is very easy to use.   Most security tools are designed for technical people, can you give us an example of how you are making security easy for anyone to use?

ScottSuhy: One example is our iPhone application.  The app provides businesses with a real time snapshot of their overall network security, allowing them to access their user portal on-the-go. The app also features an overview of the user’s NetWatcher Score, which shows real-time vulnerability levels and how susceptible their company is to an attack. Based on the score the app recommends if action needs to be taken to secure the network and enables companies to resolve issues before a breach even occurs.

SecuritySolutionsWatch.com:  Beyond SMEs, how could large enterprises benefit from NetWatcher?

Scott Suhy:  We see two areas of the enterprise that would be ideal candidates to deploy NetWatcher – branch offices and franchises. In regards to branch offices, most CIO/CISO’s of large organizations have many buildings to cover across different geographies. While they often focus on the headquarters, they often don’t have the resources or budget to support branch offices. NetWatcher is a very cost effective option for providing enterprise level security to all those offices.  In regards to franchises, most franchise cannot afford more than a firewall and antivirus software. We offer a low cost / high value option to put enterprise security in each of those locations that can be either managed individually or all as one.

SecuritySolutionsWatch.com: We read with great interest this compelling feedback from one of your customers, "NetWatcher gives us peace of mind with regular monitoring of outside threats. This lets me focus on our customers and development priorities instead of trying to figure out every possible security threat.”  This is indeed quite impressive from the CEO at Avizia, Mr. Mike Baird. Care to elaborate on this and any other of your success stories?

Scott Suhy: Security is an expense much like liability insurance. It is necessary but it’s not going to make your company more money. It may save your business or your job, but it’s not a profit center. Our customers like us because we offer an affordable solution for the SME market that is easy to use and offers all the elements of an advanced Fortune 5000 solution. Before NetWatcher, the only thing these companies could afford was Anti-Virus software and a Firewall. Now they have access to a real-time continuous monitoring solution operating 24 hours a day, 7 days a week. This provides peace of mind to allow them to focus on operating their business.

SecuritySolutionsWatch.com:  Can we discuss the IoT environment for a moment? The daily headlines tell us that the bad guys are always looking for the weakest link into the network.  What does NetWatcher offer to the company leveraging IoT solutions?

Scott Suhy:  Because of where NetWatcher sits behind the firewall, we see all the traffic going over a company’s internet connection. This allows us to monitor for issues on devices connected to the networking including smartphones, copiers, boardroom televisions, and cameras –essentially anything with a TCP/IP address.

Unintentional Insider Threats (UITs) seems to be a fast growing and major issue today as employees/users might innocently click on phishing messages, visit nefarious websites, run risky/outdated software, connect to an unsafe WIFI, or fall into any number of other traps.

SecuritySolutionsWatch.com: What are your thoughts Scott regarding “best practices” that should be followed in this environment?

Scott Suhy: The Unintentional Insider Threat (UIT) is the biggest security issue corporations face today. Users, sometimes knowingly but more often than not unknowingly, are putting their organization at risk through a variety of actions such as clicking on phishing messages, going to nefarious websites, running risky software (TOR/BitTorrent), running outdated software (Java, Flash), using “HTTP” versus “HTTPS”, connecting to unsafe WIFI’s, connecting personal assets like phones/tablets to the corporate WIFI, allowing children to play games like Minecraft on corporate assets (laptops), etc. NetWatcher helps organizations detect all of these hygiene issues that open an organization up for exploit.

SecuritySolutionsWatch.com:  Generally speaking….do CEO’s at SME’s “get it”? Are there some common misconceptions you have encountered when speaking to these CEO’s about the threat landscape?

Scott Suhy:  There are three distinct types of organizations that we are seeing. The first consists of those company CEOs who deal with regulatory compliance (FINRA, PCI-DSS, HIPAA etc...). These organizations contain those CEOs who are being pushed by their customers to have the same level of security as they do in order to keep their business. This group contains all the CEOs who have experienced a serious cyber-attack. This camp is looking for a solution like NetWatcher. 

The second type of organization is the law firms, accounting/tax firms and anyone that does business with a bank.  These organizations are being asked by their customers to get more secure and to invest in a continuous monitoring solution.  This camp is also looking for a solution like NetWatcher.

On the other side of the count we are seeing organizations that will eventually be exploited soon. These organizations don’t know it yet, but in the future they will be looking for a solution that is easy to use, accurate, and affordable like NetWatcher—it’s just a matter of time.

SecuritySolutionsWatch.com:  It seems to us that especially in today’s environment, with well-publicized breaches at Home Depot, JP Morgan, Target, and even at the IRS, that good cyber security is actually a good new business enabler as well.  Your thoughts, Scott?

Scott Suhy: If you take the time to ensure you have both the technology and the process to protect your company, you will be both a more successful and more secure, and that leads to less risk and more revenue opportunity.

SecuritySolutionsWatch.com:  The “Family Office” seems to present particularly vulnerable scenarios for the bad actors to get in? Would you agree?

Scott Suhy: In the fact that a “family office” represents a business with assets and networks of similar size as many small organizations, a family office is definitely vulnerable and therefore could benefit tremendously from Netwatcher. Beyond that, for corporate executives and board members, Netwatcher is well designed to protect their business and family information.

SecuritySolutionsWatch.com:  NETWORK ALLIANCE is quite an impressive strategic partner. Want to elaborate for us about them and any other NetWatcher strategic relationships?

Scott Suhy: Network Alliance is one of our best Managed Services Provider (MSP) partnerships as they can now serve their customers as an MSSP (Managed Security Services Provider). We have MSP partners all over the country and we are now starting to work with MSPs in Canada. If I had to call out one new relationship that would be with end-point provider Triumfant. We’ve tightly integrated Triumfant’s end-point events into our advanced correlation engine (which is a critical component of the Netwatcher service) and this is working out well for our MPS partners and their customers.

SecuritySolutionsWatch.com:  Thanks again for joining us today, Scott. Are there any other subjects you would like to discuss?

Scott Suhy: Executives need to take the time to educate themselves on the real threat. I think they are tired of hearing all the fear mongering and therefore are reluctant to take action. The reality is that there are tools available to anyone that can be very damaging to corporations. Let’s take Shodan as an example.  It is a search engine that lets the user find specific types of computers (routers, servers, etc.) connected to the internet. A quick search for “default password” reveals printers, servers and system control devices that use “admin” as their user name and “1234” as their password. Many more connected systems require no credentials, and all you need is a Web browser to connect to them. This is a hacker’s paradise. So if it’s this easy to find companies to exploit just because those companies did not update their firmware or change their default passwords, you can imagine how vulnerable the majority of organizations are.

HP Banner