What we do
NetWatch collects data from attackers through a global sensor network, allowing cyber-defenders to identify and protect against attacks, as they happen. Spanning six continents, our sensors capture intelligence on over 10 million attacks daily, leading to hundreds of malicious system takedowns. Driven by a dedicated community of like-minded individuals hosting sensors on a diverse range of systems, our network expands daily—enhancing visibility and accelerating response times.
500+ Global Sensors
Our network of sensors spans six continents, detecting and reporting threats in real-time to our central backend.
10M+ Attacks Daily
We analyze over 10 million cyber attacks every day allowing us to idenitify, track and disrupt adversarial groups.
Global Collaboration
Our collaboration with authorities allows us to regularly take down full botnets of malicious actors.
How does NetWatch work?
NetWatch is based on a large number of sensors that collect SSH brute-force attacks globally and report them to a central backend. By using modified OpenSSH server instances, we are able to blend in with other systems. The collected data is then used to identify the owners of abusive systems and report them. Furthermore, we also use the data to identify clusters of adversaries and take them down in cooperation with law enforcement.
For all the details have a look at our talk at the 38C3:
How can I support NetWatch?
Join the Community
A large number of NetWatch sensors are hosted by the community on their infrastructure. Join the community by using your infrastructure to collect attacks and make the internet a safer place.
Sponsor a sensor
If you don't have any infrastructure to host a sensor on but still want to support us, you can sponsor a sensor for €1 a month.
Get in touch
If you not only want to support us by hosting a sensor but also want to join the team in using the data to take down adversaries, then get in touch: contact@netwatch.team.