Risky Business - Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access
Episode Date: March 26, 2025In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on... service to your network controls. Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers?? You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure. Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he’s a founder advisor. He also serves on Knocknoc’s board of directors. This episode is also available on Youtube. Show notes
Transcript
Discussion (0)
Hey everyone and welcome to another Risky Business Soapbox edition. My name is Patrick
Gray. If you're not familiar with Soapbox, it is a paid sponsored slot and that means
that everyone you hear in one of these Soapbox editions of the show paid to be here. But
today's, today's Soapbox is with Knock Knock. It's sponsored
by Knock Knock and regular listeners would know that this is a company that I'm deeply
involved in. I'm actually on the board of directors of this company. I helped this company
secure its seed funding from Decibel Partners, where I am a founder advisor. Uh, and I also
helped to recruit our guest today, Mr. Adam Pointon to the role of CEO.
And that is because the people who developed the original technology of Knock Knock, you
know, it's, it's, it's spun out of a services company, right?
They developed it to deploy it to their customers.
And now that Knock Knock is going to be, you know, its own thing and it's doing a big push
out there all on its own, it needed a new CEO and that CEO joins me now. Adam, we should probably just set the scene of what Knock Knock actually is.
I'm gonna have a crack at explaining it. I mean this is a product that we use at
Risky Business Media. We love it. Essentially what it is is just-in-time
network access or network allow listing. Basically we have some systems that we
use to run our web property
and they're creaky and we don't have too much confidence in them. So what we've been able to
do with Knock Knock is basically firewall them off to the internet and the only way you can get
access to the ports that you need to access these systems is to authenticate to Knock Knock
via SSO. So it's very easy.
You just hit one page, hit authenticate with SSO,
and then bang, that dynamically opens up the ports
to your IP, right?
So that you can then access those systems.
So that is the sort of starter level idea behind Knock Knock,
isn't it?
Which is this dynamic IP restriction.
But there is more, and we'll talk about that soon.
But that's the starting point for people to understand this, right? That's right. So just in time, network
access control done easily. So as you said, single sign on button and then magically ports open.
What actually happens is in the background through out of band control, we orchestrate
existing infrastructure. So as you said, you've got an existing system, you've got firewalls.
What Knock Knock does is rather than sitting in the way
of those firewalls or that network path,
we actually orchestrate the firewalls and say,
this IP address is allowed access for four hours
to these services, and then you go about your business
and directly access those services.
We don't sit in the way
like another zero trust network approach. We actually orchestrate
the files that you already have. That said you can actually ship your own firewall right? Like we
don't have like Palos or Fortinet sitting in front of our stuff so you can actually do it any way you
want really. Absolutely like we don't really like the Swiss Army knife analogy but it kind of works.
We can do on-host firewall control, we can do Palo upstream, we can do public cloud service network security group control.
There's a lot of options with it. It can also operate in reverse proxy mode. So I actually
do layer seven, just in time application level, like web application level control, which
is really interesting. So we have some customers that are using it to slash admin actually requires you to log
in to Knock Knock separately.
And then that is allowed through only to authorized users, whereas other parts of a web application
are directly accessible.
So it can do low level firewall control, any port, any protocol, IPv6, et cetera, or all
the way up to layer seven if you operate it in that mode.
Yeah.
And it's interesting, right?
Because every different use case, you know, you might
want to use it slightly differently. So I know that there's one knock knock customer
that is like an IPv6 shop, right? And it's amazing for them. But you know, as you point
out to you've got like a HAProxy part 12 of this. So if you want to use this as like an
identity aware proxy, you can do that as well. So you've got the IP restriction, but then you've also got, uh, you know, like a, an authenticated browser
session as well to make sure that it's the correct user that's able to access, you know,
what is presumably a hideously vulnerable web application that you, that you are running.
Yeah. We like to call them legacy applications for our customers. Uh, but yeah, typically
they're an application, web application that's been that's been built previously doesn't have MFA. And they wanted to add MFA take that
web application off the internet, but not force everybody to go through a VPN. So they didn't want
another bump in the wire to get to that system. So they're using knock knock to protect it.
You can't hit it on the IP address, no scan is gonna pick it up, it's invisible.
But then they also have a layer seven level control.
So, but yeah, on the IPv6 approach,
like we love IPv6 because you get individual attribution
of the user, obviously, you know,
we also support privacy extensions
where their IP address sort of rolls.
And we have that direct access capability into the service.
So we love IPv6,
we love our customers with legacy applications
because we let them sleep at night,
a little bit better knowing that they're not
on the internet all the time,
just waiting to get hosed because Knockknock's really
protecting them and taking them offline.
Yeah, now for most of the time, right?
Like allow listing a v4 address
is actually gonna be enough, right? Like allow listing a v4 address is actually going
to be enough, right? But there are circumstances where it's not. And that's a fun conversation
thinking about, well, Hey, if you happen to be in Brazil or whatever, and you're trying
to access a, um, you know, some, some web application on your network and you're coming
out of a CG NAT gateway that's dirty, right? That has like a million compromised hosts
behind it that are scanning the internet. You know, you probably don't want to just rely on that
control all on its own.
That's right. Yeah. And a lot of the access still, we allow access to the network service.
People still need to authenticate in, you know, it might be SSH Bastion, it might be
VPN endpoints. So those hostile IPs do have access to that service for a period of time
for the four hours for that session or whatever it is, but it's still not enough.
We still want to be able to say this IP can have access, but also we're going to inject
some tokens into HTTP streams so that we can do additional layer seven filtering.
So I can, yeah, thankfully say we've got a solution to that now if it's HTTP.
So we're able to use these additional tokens to provide that assurance that it's this IP address is allowed and this actual user's browser, this user's session
is also validated before it gets passed through to that vulnerable application on the backend.
Yeah. And I should mention too, that there's something on the roadmap that's pretty cool.
It's probably a ways out, but there will be eventually a gray noise integration so that
you can make a determination on whether or not an IP should be added to
an allow list.
Like there's just going to be some IPs where it's like, no, we don't want to open up for
any duration of time, right?
Now we should probably talk about one of the primary use cases here.
You mentioned, oh, well, maybe you don't want to provision access to an internal application
through a VPN, right?
I mean, it's a pain to do that.
That's one reason you wouldn't
do it. And the second reason is the way that a lot of enterprises are getting owned these
days is actually through those sort of boarded devices, VPN. So funnily enough, a big use
case for Knock Knock is actually protecting firewalls and VPN appliances at the edge of
your network. So it's like, you know, your dog, I heard you like firewalls. So I put
a firewall in your firewall kind of thing. It's a firewall for firewalls.
Um, why don't you walk us through like what people are doing there? Because that is a,
that is a popular use case.
Yeah, that's right. So with all these Fortinet and Palo and other firewall issues that have
happened over the last 12 months in conjunction with all the VPN, brute forcing stolen credentials,
taking VPNs off the naked
internet and taking those firewall management interfaces off the internet
which you know they shouldn't be anyway but it's hard to sort of remotely manage
those without IP address allow listing and doing that specifically so what
Knockknock can do is manage those devices add the IP address of the
authenticated user prior to those VPN endpoints actually being
exposed to the entire internet, which prevents the brute force, prevents the stolen credentials in
the case of VPNs. Obviously, it's a big entry point for ransomware into an organization.
And then for the firewall management customers, so there's a lot of MSPs, MSSP's that they need to remotely manage firewalls for their
customers 24 seven.
And so VPNing to then access the firewall or accessing the file directly means that
it needs to be on the naked internet.
So Knockknock allows them to take it off.
And they're also doing single sign on, they get attribution only those in the firewall
group that can edit the firewall then have network level access to the firewall.
So they've got multiple layers of user control attribution and then network level access
control before they can even get to those, you know, soft and squishy firewall appliances.
Yeah.
I mean, it's crazy, right?
That it's people's security equipment getting them owned these days.
But I mean, if you're listening to this and your, you know, Fortinet or your Palos are
keeping you awake at night, I mean, this is one way to do that.
And indeed you're working on a pretty major trial with a very large company right now that,
I mean, that's exactly the use case there. Yeah, absolutely. And the good thing about it is it can,
it can be implemented really quickly. So there's a number of ways Knock Knock actually can control
or orchestrate a firewall. We've got the passive mode which is external dynamic
list is the Palo Alto language where it's essentially polls the Knock Knock
environment for a list of allowed IP addresses and that's a very passive way
we don't actually orchestrate the file directly it's more the firewall
connects to us and collects a list of IP addresses that are allowed. That's
the easy implementation. You can sort of get that going really quickly. It doesn't break
anything, doesn't interact with anything. And then we've got passive plus where we will
actually publish the allow list and then go and tell the firewall, hey, rather than waiting
one minute or five minutes in the case of Palo to get the updated list, go and refresh
it now, go and refresh it now. And then we have an active mode
where every single login request,
we actually go to the Palo and say,
add this IP address for this user.
And we're able to add additional information.
So along with that IP, we actually give the username.
So within the Palo ecosystem,
you can see that this user had this IP address
at this point in time,
which then flows through into their other management,
management reporting and systems and gives them more than they get today by just having
an IP address allowed.
So what's funny is, I mean, I've been out there talking to a few CISOs about this, this
product. And one of the things that they get really giddy about is that idea that you can
start attributing, you know, network connections to users, right? So they're like the controls
great, that's fantastic. But are you telling me that you'll be able to say like that this
person was using this, you know, uh, to do this and that's, you know, just a seam fuel
and they love it.
Yeah. And when you combine that with MFA, so adding MFA to a service that's either legacy
or even SSH because they've got to go through the identity provider, uh, they've got to
go through the login process, hit the IDP, do the MFA challenge.
We're adding MFA to those ports and protocols that don't have it,
and then we've got attribution for the period that they're using the application.
So you can have a 60-minute timer on a certain high security service where user logs in,
they're able to access the network service for 60 minutes,
and then
you see them log out or at times out and that whole chain is then fed through to the same.
So you've got actual attribution of the user, their browser all in the IDP, tied with MFA,
access to the service and then when they logged out, linked back to the IP address.
So it's the data we're getting out and help providing to customers is great.
Yeah. I mean, I think one of the things that makes this like, this is kind of a product
that shouldn't exist, right? It is actually kind of a product that shouldn't exist because
ideally we wouldn't have vulnerable things reachable from outside. And there's so much
to unpack here, right? So you've got this whole class of products that do like attack surface management, right?
And measurement.
So you unleash them, they go and they scan your environment and they come back with a
list of, you know, vulnerable stuff.
And what's been funny about that is, you know, this is a product category that's existed
for a while and they come back and they go, here's a list of 20 things that are going
to get you on tomorrow.
But no one has actually built the tool to like actually mitigate those findings,
which is kind of crazy when you think about it, right?
Yeah, that's right.
Well, it's all traditional approach.
Oh, that thing, maybe we shouldn't have it on the internet.
Maybe we should put it behind the VPN.
And it's like, well, that's sort of added an extra hop for attackers, but does it actually
solve the problem?
Not really.
So yeah, it's kind of the first product that actually says take it off the internet.
That thing should be off the internet.
How do you do that? Maybe you should try and knock it off.
Well, and I think it's also, you know, people recognizing that access control and authentication
are not the same thing, right? You can have some, you know, PHP based payroll system,
like that's another use case or a file transfer appliance that's sitting out there
and they're riddled with pre-auth bugs. So this idea that, oh, well it's, it's got SSO integration, therefore
it's safe to leave on the internet. Like that's just not true.
Yeah. I guess the, the authorization or authentication thing is sometimes gets confused by people.
Well this is really about, is it on the internet or not. And then if it's on the internet, but it's patched and you have to log in first does not mean it's secure. Yeah. This and that's
just a common belief or people still think I'll put it on the internet. It requires authentication.
It's tied into SAML. But if I hit this path, there's pre-off bugs and it's an appliance
and someone's going to be in there forever and you never know and it's a disaster.
You never know when dot dot slash is coming to get you basically.
That's right. Yeah, it's 2025, right? And that's still there. But you know, that's the old adage of
what's the most secure system. It's a hundred feet underground built in concrete and what knock knock does is it allows you to move the
concrete out of the way instantly tied to a a login, and then only then is it actually exposed to the internet.
So the 100 foot of concrete is moved instantly for a user, for their IP address, for four
hours or whatever the time is, and only then is it available or vulnerable and accessible
to all those pre-auth dot dot slash bugs, should they exist, but only to that IP address of the logged in user.
So yeah, one thing we should just on the proxy thing, one thing we should point out is this is
essentially like a identity aware proxy. But what makes it different is that most of the idea where
proxies they're from like Akamai Cloudflare Zscaler, they're like cloud proxies and they're
fiddly and there's kind of problems
with that. This is much simpler, right? Like this is a much simpler way to get that, you know,
SSO enabled ideaware proxy to your applications without having to go through, you know, complicated
clouds. Yeah. And in terms of the magic cloud, we like to call it. So Zscaler and others where
it's like, well, install the agent, put all your machines onto our magic cloud, and then we'll handle all of the routing there.
That sort of solves the single IP address attribution theme because they have a source IP address, they have to be authenticated, essentially cloud VPN to get that tunnel through.
And then the IP address of Zscaler or whoever the magic cloud is, that then needs to be trusted or you have a route
all the way through to the back end. So you're kind of moving the problem but you're also
connecting all your assets to a magic cloud. Well and that's the thing other other customers
of the magic cloud can then attack you through the magic cloud basically is what you're getting at
there. That's right you're plugging all your machines into a magic cloud and saying that's
okay I'll put all my traffic there it's's better than the broader internet, which is true.
But our approach is we don't actually introduce new technology necessarily.
So if you've got an existing reverse proxy environment, NGINX, HAProxy,
et cetera, we orchestrate those.
We tie the login to those systems so that user logs in and only then can
actually pass through that reverse proxy tier rather than plugging everything
into a Magic Cloud, which obviously has its downsides.
Yeah.
I like calling it a magic cloud too.
That's a good, good, good term for it.
Um, but I mean, obviously not everything's all web, right?
So I'm imagining that over the next couple of years you will be building probably sort
of, you know, protocol aware, proxying, you know, building blocks for this thing.
Like there's a lot of people reaching out who are running stuff.
I mean, in the case of a web proxy,
something like, you know,
old school exchange web access servers, right?
Like you can use a web proxy to gate access to those things.
There's a bunch of regulated industries
where they are still using exchange
because they haven't figured out how to make, you know,
the cloud stuff all compliant yet in some verticals.
So you can actually proxy all of that stuff, keep it safe so that users have to go through this,
just hit the knock knock page before they get access to that stuff and that's going to save you a lot of headaches.
But then there's stuff that's not necessarily web. You've got your SSH, your RDP.
Citrix is a big one. There's people
coming in saying, Hey, we've got these Citrix environments we can't get rid of. Please put
something in front of it to help us. But I'd imagine that, you know, there's going to be
more proxies involved with this, right?
Yeah, definitely. So we're, we're looking at per protocol. How can we get in the way
or inject into them without breaking them or without breaking trust?
So our philosophy is we don't want to be in line necessarily. We would rather the direct access continue.
It comes from our heritage.
So we actually built this originally to solve low latency, high volume
bandwidth issues where it couldn't go through a VPN, couldn't go through a proxy. It needed direct access.
So our approach was to orchestrate that access, allow just in time network access control.
So that's great.
Which I'll just butt in there and say that it's an interesting use case because it was developed
specifically for customers in the broadcast industry who would need to like submit video
footage, which is often like UDP as well. And they would need to do that from remote locations or
wifi at like, you know, say it was a broadcaster covering some sporting event, you know, they would
need to do this. Precisely. So low latency, direct access, they get the video stream, they then need
to push their audio stream up to HQ, which also is protected by Knock Knock. And then that would be
split together and broadcast out.
So that low latency direct access as opposed to routing through Magic Cloud or putting
through a broker service, which obviously adds another hop and other processing.
But we always try and extend additional protocols.
So we've got a lot of customers that are using SAP and that's thickware and they need to
extend that to contractors. So contractor needs access
to some thickware or some port or protocol that's non-standard, it's not web and doesn't have MFA.
I mean, again, I'm like, this is horrifying. The idea that people are opening up their SAP ports
to the internet, right? And they have to do that. That's horrifying.
They have to do that. They've got no control over the machine. So the contractor's got their own
non-SOE laptop. There's no MFA. It's on the internet. You know, there's a lot of like,
just hope is not a strategy. So Knockknock is opening those ports just in time. And then,
and then the horror continues once they've got access through, but at least it's off the internet
and not behind a VPN or not behind some other magic cloud that then adds more
latency and more problems.
Well, I mean, it does give you a pretty high degree of assurance that you're not going
to get like mass scanned and exploited, right?
Exactly.
And it's the old, you know, defense in depth.
Like it shouldn't be on the internet.
You shouldn't have those applications or those systems on the internet. That's, that's first the first point. Uh, so taking
them offline, they're invisible. They're not going to turn up in a database ready for some
zero day or some issue or, or somebody to just go after it in more of a targeted attack.
It's just not on the internet until they've knocked.
Yeah. So like with SSH, we're seeing more people like kind of work around, uh, you know,
how to deliver stuff like SSH and RDP, you know, building sort of SSO capable like SSH
and RDP gateways.
Yeah, absolutely. And there's, we've already, uh, like we've, we've got some customers that
are using Apache Gocomolly, uh, to deal with RDP and we're adding another layer to that before it gets to that point, gives them MFA.
Yeah. So, so you might want to actually explain to people what Apache Guacamole is, right?
Because until we spoke about it a couple of months ago, I didn't know.
Yeah. Well, it's essentially just gives you RDP pretty much in the browser. It's, it's,
it's fairly lightweight. It just kind of works. It's, it's Apache foundation. It's pretty
robust. We, we help before you can get
access to that point. Obviously Knockknock protects the edge of that. And then, and only
then do you get RDP in the browser. So it kind of adds MFA. You get about browser pop-up.
You're then on the RDP remote machine. Pretty streamlined. The actual user experience is
like web, click, click, click, SAML and
they're through. You've got your RDP.
Yeah. It's like one of those, it's one of those things where like, huh, this works actually
way better than we thought it would.
That's right. And normally when they work way better than they should have, and it connects
directly through, it's like, wait, what security controls have you turned off here? Why is
this working? Where's my auth? But you've got those additional layers. So it's a good
user experience and it's
not super costly. Yeah. So also, you know, you keep coming back to the idea that you can, you know,
use Knockknock to apply MFA to legacy stuff. People are looking at this internally as well,
because they might have some sort of, you know, legacy crapware that they have to run that's
like specific to their vertical.
And say they're in financial services, this might be a compliance problem, right?
Because they don't have MFA on this thing and they can't tick the box.
I mean, you can actually use KnockKnock to apply MFA to basically anything that has a
IP connection on it.
And that's an easy compliance win for people.
Absolutely. And that's internal or external. So you get user attribution. You can apply
MFA to whatever that finance application is or whatever that compliance system is, and
you get full visibility of it. So that user accessed it at this time and they don't have
to worry about it being sitting in the corner, still worrying away, sitting in some security policy exclusion list.
You know, we have MFA on everything except for these seven things and we're just waiting
for those seven things to be retired, which we all know is going to be far more years
than is appropriate.
Well, people, people forget that one of the reasons that VMware was so successful a million
years ago is because it allowed people to like extend the life of all of their NT4 based infrastructure, right?
If people can find a way to kick the can down the road, they're going to just kick the can
down the road, unfortunately.
Yeah, which I guess on the flip side, we're helping them kick the can down the road, but
it's kind of better than putting it in VMware and then just having IP address restrictions
or not, virtualizing it so
that if it gets hosed, we can just revert to last night's restored copies, I guess less bad.
Whereas with Knockknock, you're actually giving the access network level access control. So it's
prevention rather than just sort of kicking the can down the road by relying on backups or just
getting hosed and being able to restore it. It's interesting, right? Because you do have some
people using it internally already. And you know, one of our other sponsors is Zero Networks who do
like full micro segmentation, right? So they just do the whole network and whatever, but there's
this middle ground of customer who they just want to apply it selectively to a few places, right? And that's kind of like knock, knock good for that.
Absolutely. Yeah. So one of the early use cases for customers, like we just want to restrict this
environment. We've got a management network and it kind of every sysadmin on that environment can
sort of access everything sort of all the time, including these sort of air gap things over here
and these other environments over there. And that's not ideal. So that's one place where we usually get put in first, like let's
control ourselves as sysadmins so that we have to go through a process before we get access to the
broader management network that controls all this OT environment, all these other assets over here.
So that's an early access point to just say,
let's put through, you know, put the users through MFA before they can SSH across these internal assets. And Knock Knock's good for that because it can be hosted internally.
We specifically designed it so that it can be ran internally with no network access to the internet
specifically to protect internal systems. Yeah. I mean, it's funny too, right? Like you look at
the people who are using it. It's an interesting too, right? Like you look at the people who are using it,
it's an interesting mix, right?
So you've got some of these critical infrastructure types who are using it to,
you know, better restrict access into their OTA environments. You've got, uh,
media as we spoke about earlier broadcast media, they love it. Uh,
telecommunications,
one of Australia's major telcos uses this to restrict access to all of its SSH.
Like you cannot hit SSH without going through Knock Knock first and it's a lot of SSH.
Um that one and then you've got as I said like some of those verticals who
are forced to use like vulnerable stuff that can't be fixed and now you know
more general enterprise worried about things like firewalls VPNs whatever and
just all of the craft sitting at the edge of their network. So it seems like
it's yeah I mean the flexibility here is something I guess
is what I'm getting at. Like you can, it's such a universal control that everyone can
think of a way to use it.
That's right. That's right. Everybody can use it in some way. Typically it starts in,
you know, controlling access, but then it's like, well, wait a minute, I, because I can
take those systems offline, I can easily apply it over here to protect those.
And there's a lot of solving a specific problem they have, and then there's a lot of prevention.
So wait a minute, I can take that off the internet until somebody logs in.
Why aren't we doing that in other places?
Why do I have an attack surface?
I can geo restrict to certain countries, but
we all know that's not actually a solution because everyone just VPNs and pivots through.
So geo restriction, it helps, but it doesn't actually solve the problem. So why do I have
an attack surface? Knockknock actually allows me to take those systems off the internet
until somebody logs in. Why aren't I doing that in more places? And that kind of, we see that in people as they realize they have the aha moment, which is, Oh, this
is different. Oh, okay. It actually orchestrates access. Oh, that's different.
Well, it's just extending SSO to like network access control, right? Which is, you know,
people are sort of under utilizing, uh, SSO when you think about it.
Yeah, exactly. And we sort of, we sort of joked about like just-in-time network access control,
you know, this JITNAC idea. And it is just just-in-time access to systems tied into your
existing SAML IDP at the network level. Any port, any protocol. And as soon as people
have that at home moment, they're like, I can actually apply this in many places.
Yeah. Yeah. I mean, as I say, we use it and we sleep better, right? And, you know, it's,
it's definitely good for that. So let's talk a little bit about the history though, because
I just alluded to the idea, you know, to the fact that it's used by major telco in Australia,
for example, it's been around for a while. So knock knock as a company is fairly new.
Uh, but this was actually developed by a Sydney based networking company
called Solone specifically for some of their clients, right? And then they realized after
a while, huh, okay, probably people who aren't our customers are going to need this one as
well. So it's, it's essentially been spun out of, of that company.
Dave and Andy, who are the guys who developed this, you know, they're the founders, co-founders with you. You came in later in the piece and, you know, as I
mentioned at the intro, like through Decibel, I helped to organize a funding round for you
and brought you in. I should probably mention too that you and I are actually very close
friends and have known each other since we were kids. It's actually Adam's fault that
I'm in security, everyone. He was the guy who as a high schooler, uh, got me into all of this.
Um, but I mean, that's, you know, it, it's not a brand new startup.
Like this thing has been battle tested.
Uh, so the guts of it are actually very reliable, uh, and, and have been tested.
I guess the interesting thing is though, there has been dev work to do since you've come
on board.
One of the things that you've been working on real hard and I love this is you hired a front end dev to try to make this thing much
easier for people to understand because that has been a barrier in the past is like you know the
way that you install and configure it has made sense to the people who built it but made less
sense to people who are seeing it for the first time. Yeah, that's right. So user experience is obviously really important too.
The actual backend is really mature, as you said.
It's been used daily for four and a half, five years.
Originally it was called Salsa because it went well with Guacamole.
It's had a number of rewrites, architecture changes,
but it's been used daily for over four, four and a half years. And at the front end, all of the management side, it required various degrees, Linux capabilities,
skills, et cetera, which just, it needed to be more product friendly, easier to get going.
So a lot of the time was spent over the last few months or five months now is getting the
user experience right, the whole out of the box utilization
deployment up and quickly integration with more devices. And we're in a good spot now
where we've got a bit of a workflow happening. It's just easier to get going and get into
organizations and make a change quickly as opposed to being, you know, a bit more effort
and needing strong sysadmin skills. We want it to just be simpler.
Yeah, yeah. So we should mention too that the new interface that's in beta or beta,
as we would say here in Australia. Yeah. All right, Adam, we're going to wrap it up there.
Anyone who wants to check it out can go find Knock Knock and it's spelled funny, which is great.
Real helpful there guy, but it's our KNOCK.IO. So knockknock.io. Everybody go check it out.
You know, if you've got feedback, you can bring it to me. I work with this company, right? So, So knockknock.io. Everybody, go check it out.
You know, if you've got feedback, you can bring it to me.
I work with this company, right?
So we'd love to know your thoughts.
We think it's super cool.
I think, yeah, I'm really into this one.
I love fundamental controls, simple controls that are enduring.
I think this is one of them.
Adam, great to have you back on the show.
You actually were a news guest something like 15 years ago or something. So it's not your first time on, on Risky Business, but it's great to have you back on the show. You actually were a news guest something like 15 years ago or something.
So it's not your first time on risky business, but it's great to have you back here after
a long absence.
Great to talk to you and I wish you all the best luck with it.
Thanks, Pesci.