New Net Technologies Ltd.


CEOCFO-Members Login


July 4, 2016 Issue

The Most Powerful Name In Corporate News and Information


Cyber Security Solution Auditing the Entire IT Environment and tracking Changes to Stop Breaches and protect against Malware



Mark Kerrison

Chief Executive Officer


New Net Technologies Ltd.


Mark Kerrison

239 5374733

Interview conducted by:

Lynn Fosse, Senior Editor, CEOCFO Magazine, Published – July 4, 2016


CEOCFO: Mr. Kerrison, would you tell us about New Net Technologies?

Mr. Kerrison:  Yes of course. We originally started our software company with a mission to help IT organizations get a better grip on the multiple changes that were taking place throughout their entire IT estate in order to provide some insight into which changes were good and which may be potentially damaging. Our concept at the time was based on the fact that IT Systems don’t typically just stop working, get breached or become otherwise vulnerable without there being some sort of discernable change, however discreet that change might be.


Change control and profiling still underpins what we do today but over our 11 years in business, NNT has emerged into a leading cyber security company. We operate a sensible but reasonably simple philosophy. First, audit the entire IT estate to get it into a safe, un-breached, healthy and compliant state. Next up, monitor all changes but with enough built in intelligence to be able to identify those changes that were planned or expected compared to those, which were unplanned as well as analyzing for viruses or associated malware. An intelligent, self-learning capability also allows us to recognize harmless changes as well as changes associated with a valid internal change request. The longer the software is in place the better it becomes at recognizing what is normal behavior and therefore the better primed you are to spot unusual and potentially harmful behavior.

We leverage real-time File Integrity Monitoring – System Configuration Vulnerability Management – Compliance Monitoring – Policy Management & Event Log Management within our solutions.


CEOCFO: There seem to be many points where a company can look at protection. How do you decide where and how?

Mr. Kerrison: The thing with cyber security, even now during what most people would consider to be a fairly evolved stage, is that many still regard it as the exclusive  process of preventing a breach and more specifically preventing an external breach. Taking steps to stop a breach is of course vital but equally important is to have measures in place to “spot” a breach, should the unthinkable happen. Typically, when people think of cyber security  tools, they think of intrusion detection, firewalls, and anti-virus. These are all critical and crucial but to be fair, if that were all that was needed, then no one would suffer a security breach. The damage starts with the breach but the length of time to spot a breach is what will determine the ultimate impact and cost!


At NNT we set out to help both ‘stop’ and ‘spot’ the breach by combining system vulnerability hardening with intelligent change control. Add to that a good Firewall, AV and some awareness process and you will be in a very strong place indeed. For any Malware to take effect, something that was not there before has to now be active, or in other words, an unexpected change has to occur!


Effective Cyber security requires Change Control. You just can’t have one without the other.


We are concerned with preventing the breach by ensuring all systems are secured properly. But, we are also concerned with spotting the breach by analyzing changes to IT Systems and Devices. If you can view the environment end-to-end - from the desktop all the way to the datacenter - whilst also monitoring and making sense of changes, then you are in a better position. Security is a layered discipline. We talk to people all the time about being pragmatic about security. You want to know how to secure your environment, read a toothy data security standard such as the Payment Card Industry Data Security Standard (PCI DSS). The best approach to securing your environment is laid out clearly within this standard but everyone is still a little too concerned with the latest vendor hype or silver bullet solution.


CEOCFO: How do you help a company understand the basics - that you should not click on unknown links or have weak passwords?
Mr. Kerrison:
We are constantly running educational webinars and posting blogs on this topic but we also help with this using our software. We have all sorts of Malware Mitigation kits that create the right preventative settings in your Outlook or Windows App’s for example, which will protect against precisely this sort of thing. Last year, 99.99% of the breaches were executed by exploiting known existing configurable vulnerabilities. So, it really does need to start with the ‘hardening’ of the IT estate to remove these known holes and gaps.


CEOCFO: Do your potential clients appreciate the way you do things or do you have to show them the value?
Mr. Kerrison:
In all honesty some do, some don’t. As I mentioned previously, many still believe that Cyber Security starts and ends with good perimeter security such as AV and Firewalls. However, as IT professionals become more knowledgeable about how breaches manifest themselves, they quickly appreciate the need to control & understand changes.


One of the biggest prevailing challenges actually is not persuading the technical team – they usually get it. It is at Board level that we face the biggest value-sell. There is still an element of “This won’t happen to us”. Perhaps they have managed to avoid any kind of serious breach up to this point, so why spend money on it now? Whether we like it or not, investing in a proper cyber security strategy is, at the end of the day, a cost. It is difficult for anybody to draw a correlation between the investment in cyber security and an increase turnover or profitability. It is a cost that can be put off and most commercial organizations will still prioritize profitability over securing data. Perhaps it has to become law before everyone truly recognizes the value but I think we are probably another five to ten years before anything like that really happens.


CEOCFO: Who is turning to you for services?
Mr. Kerrison:
In all honesty, you cannot claim to have secured your environment without including the type of technology we provide. It is a prescribed requirement of all major security standards. That doesn’t mean it has to be NNT, of course, but it’s not credible in any way to claim your environment is secure without deploying this type of technology. That said, there are really two main types of IT security consumer: The guys that have been told they have to do it for Governance, Regulatory or Compliance reasons and those that are simply discerning enough to understand this needs to be done regardless. The rest is where we find we need to evangelize and educate as best we can.


CEOCFO: How do you reach out and stand apart from the crowd?
Mr. Kerrison:
For us, it has been a process of attrition. Just doing the job well for over ten years, people start to take notice. We took a slightly different route. We built our company organically and decided early on that we would avoid external investment & debt. The process has taken a little longer of course but where we have ended up today is close to a thousand customers all over the world & we are answerable to no one but ourselves – it’s a terrific feeling! I am quite passionate about this. It defines us in many ways and allows us to make decisions that are right for NNT and our customers and not those based in any way on appeasing or pandering to external backers. Within the security and compliance market, people do know us now and they come to us either through word of mouth or other standard marketing initiatives. We also get the customers who are looking for an alternative solution to the one that they have. Perhaps something that is easier to use and maybe less expensive. To answer your question more directly, I believe we stand out because we have been doing this for a while now and we have built a reputation and reputation is not something that you can claim, it is something you have to earn over a period of time and then people take notice of you.


CEOCFO: What is new for the company; offerings and features?

Mr. Kerrison: Right now we are focused on introducing more intelligence and learning capabilities to the solution. The ability to learn from changes, the ability to leverage sources of information from other areas to deliver additional threat intelligence for example. We intelligently review changes and activity within the environment and through analytics, threat intelligence & other external integration we can help people make sense of those changes and significantly reduce the amount of false positives. We recently launched Generation 7 of NNT Change Tracker. It’s something of a landmark release to be honest; really everything we have learned about this space over the last 11 years is in this product.


CEOCFO: What might be different a year from for New Net Technologies?

Mr. Kerrison: We are embracing new licensing models such as SAAS for example. We want to put the software well within reach for everyone, whether that be through a perpetual model or a subscription option, and we are exploring new ways to make the software accessible to anyone who wants to feel better about security. The other exciting developments for us include new agent technology, which aside from being highly efficient does also start to open up new market opportunities for us specifically related to the Internet of Things. We already have our software on all sorts of mobile and smart devices as well as automobile operating systems. With the inevitable increase in smart devices from agricultural to medical to standard home appliances, we see that as being a massive market opportunity to be honest. Of course, that could be an entire interview subject in and of itself!


“Effective Cyber security requires Change Control. You just can’t have one without the other.”- Mark Kerrison


New Net Technologies Ltd.


Mark Kerrison

239 5374733







Any reproduction or further distribution of this article without the express written consent of is prohibited.



Cyber Security Audit Program, New Net Technologies Ltd., IT Environment Security, CEO Interviews 2016, Mark Kerrison, Cyber Security Solution Auditing the Entire IT Environment and tracking Changes to Stop Breaches and protect against Malware, Technology Company, File Integrity Monitoring , System Configuration Hardening, Change Control, Tripwire Alternative, Intrusion Prevention, Intrusion Detection, HIPAA, NERC CIP, PCI DSS, FIM, NIST - 800, SOX, New Net Technologies Ltd. Press Releases, News, Companies looking for venture capital, Angel Investors, private companies looking for investors, cyber security companies seeking investors, IT Security companies needing investment capital does not purchase or make
recommendation on stocks based on the interviews published.