753 DNSFilter: Threat Detection 7 Days Faster

[Uncle Marv]
Hello friends, Uncle Marv here with another episode of the IT Business Podcast, the show for IT professionals, where we talk about products, stories, and tips, and try to help you run your business better, smarter, and faster. This is one of our audio presentations, and the presenter today is SuperOps. If you're tired of juggling multiple tools, SuperOps is your all-in-one solution.

The unified PSA RMM platform streamlines your workflow with AI-powered features. Head over to the ITBusinessPodcast.com website, click on the link for SuperOps, and see what SuperOps has for you. Unlock your MSP's full potential today.

Today's interview is actually an interview that we tried to do at IT Nation, and things just did not work. So this was one that we had to make sure that we got in before the end of the year. Richie Wade, the manager of sales engineering at DNSFilter, is joining me today.

Richie, how are you?

[Richie Wade]
Good. How about yourself, Uncle Marv?

[Uncle Marv]
I'm doing pretty good myself. So let me ask this, just to, what was the weather event again that caused you not to make it to IT Nation?

[Richie Wade]
It was a rare November hurricane, actually. So we had some bad weather, and luckily it wasn't too bad, but bad enough to cancel the flights, delay my flights, and so I ended up staying home for that ConnectWise event.

[Uncle Marv]
That's a shame. I mean, of course, you know, here in Florida, all about hurricanes. Oh yeah.

[Richie Wade]
It's the first one I missed in a couple of years, so I was a little bit bummed about it, but you know, glad I'm still able to meet and talk about this awesome integration that we have.

[Uncle Marv]
Okay. So you're over at DNSFilter, and just for transparency with everyone, I do not use DNSFilter. I'll be honest, Richie, I've never even looked at DNSFilter, and the reason is, is I've been using the web filtering that's built into my current RMM platform, and I'm one of those creatures of habit where it works, why change?

But I have heard a lot of things from DNSFilter over the last couple of years, and of course, you guys had some pretty big announcements in October, so I know it's not timely, but we'll talk about all of those, but I mean, listen, DNSFilter, it's not something that people don't understand, right? Everybody knows what it is, but tell me about, you know, all the buzz that's been happening around DNSFilter lately.

[Richie Wade]
Yeah, I mean, the biggest buzz, obviously, is AI, right? We're seeing a lot of increase in AI utilization. It continues to be a really effective tool that's enhancing threat detection, and we kind of use AI in two different main ways, right?

So the first role is we do also have, you know, security threat feeds, third-party threat feeds that most other vendors are going to subscribe to, but we use AI to kind of determine which one of those feeds is right in any given listing here. So that's kind of like the first part. The second part is that we're doing our domain intelligence in-house.

So we started in 2018 with a domain categorization tool. Since then, we are, you know, catching threats up to seven days faster than third-party threat feeds, and we're actually catching about 70% of what we catch with that in-house solution that we have. So I think that's the main drive of all the buzz around DNSFilter is how accurately and how fast we are able to detect these threats on that DNS layer.

[Uncle Marv]
All right, so we should probably clarify a couple of things because I believe that I don't know, years ago, the way I understood it and the way some people probably do, most of us think of DNSFilter as just simply that content filtering. We're blocking websites. We don't allow our customers to go to porn or gambling or, you know, look up, you know, stuff like that.

But DNSFilter has threat protection actually built in. So you're guarding against malware, phishing, and ransomware?

[Richie Wade]
Oh, yes. Malware, phishing, ransomware, botnets. You're talking about even, you know, traditional sort of things that have been chinks in filtering's armor, like new domains going off of domain reputation.

We're able to stop those domains that have been registered in the last 24 hours, domains that have been registered in the last 30 days, even maybe domains that have been registered longer than that, but are just now starting to see traffic. So we're looking at, you know, 10 different threat vectors to make sure that we're keeping you safe on all of those different fronts there.

[Uncle Marv]
So those new domains, I hadn't actually thought of that. So if a domain has popped up in the last 24 hours, those are, are those automatically blocked or are those something that we can set to block them?

[Richie Wade]
You can set to block them just with a click of a button there. We manage that test on the back end for you, just like all of our other categorization tests or our threat vector tests there. So we're doing all of the, you know, the hard work of listing and making sure that we're keeping up to date on these listings.

And then you're just opting in on what categories or threats that you want to block.

[Uncle Marv]
Okay. And the idea of categorization. So I know that with my filter, I still come across a lot of sites that are uncategorized and I have to submit a category for them.

You say that you guys are able to, to analyze those up to seven days faster. Is that with the AI or is this something you guys have always done?

[Richie Wade]
No, that's something with our AI and we're actually able to do on-demand categorization. So, you know, if you run into that situation where you're running DNS filter and you come across a domain we've never seen before, it takes us maybe 10 to 15 seconds to make a decision there. We'll run through about 150 different heuristics on that site to make a determination whether it's safer.

You shouldn't go to it.

[Uncle Marv]
Well, that's good because I think right now I have to wait 24 hours or whenever they get around to it to reply back to me.

[Richie Wade]
Right.

[Uncle Marv]
Yeah.

[Richie Wade]
That's one of the advantages of being able to run the in-house domain intelligence here is that, you know, our customers are keen. So if something needs to get reclassified, we're the ones that determine that, not a third party.

[Uncle Marv]
All right. So let's, let's shift this a little bit. I know we've talked a lot about the features and stuff, but a lot of this really centers around this change in our cybersecurity landscape.

We've got to think about things in a completely different way. So how is, how has the things that have, you know, happened out there with a lot of these exploits and ransomwares and botnets, how have they kind of, you know, driven what you guys are doing over there at DNS filter?

[Richie Wade]
Yeah. I mean, look, it's year over year, we're seeing an increase in those malicious threats. What we're also seeing is that cyber insurance providers are starting to make customers or organizations utilize security frameworks.

That way they have a stronger security posture. And part of those security frameworks is having protective DNS. But, you know, just on our network alone this year, we've seen an increase of malware, 14%, and an overall increase of threats like 36%.

So we are working on an annual security report that we're going to be releasing next month. And what we're finding though, is that everybody is a target. It doesn't matter, you know, big or small organization.

You know, you're basically one click away from a data breach there.

[Uncle Marv]
So you mentioned the one click away, we've historically told our clients that, you know, don't click on something you don't recognize on the internet. But I remember us at some point in time, we would talk about this idea of drive-byes, where you could just simply be on a site and things would happen, whether we click them or not. A lot of that has been, I guess, common misconceptions on what people actually do on the internet.

What are some of those misconceptions that you see out there?

[Richie Wade]
Right, I mean, it's basically getting you to click on that link that you're not sure of, right. So the whole thing is to throw up a fog, make the user, you know, a little bit confused, maybe not 100% confident. Or, you know, maybe it's the opposite, where they want to give you the view that, hey, this is a legitimate link.

It's just basically stopping that habit of clicking before you're thinking, right? Some of the misconceptions, though, that I see is that, you know, oh, it's not me. They're only targeting big organizations, right.

That's probably the biggest misconception that I run across. You know, there's plenty of small, you know, four or five user organizations that have been taken advantage of by these bad actors.

[Uncle Marv]
Okay, so most of the clicking that our users are understanding not to click has come through the form of email. If they're on the internet, for some reason, it doesn't follow the internet. So, you know, how is DNS filtering helping users not click on those links?
Because I'm sure you guys can't catch every single bad link out there, can you?

[Richie Wade]
I mean, we're going to try. We're definitely going to try. But where we step in is we step in after that user clicks on that link, so you have your email security to prevent that link from getting to the user, but that link got to the user.

Well, now you have another set of security options behind that user, even though they clicked on that link. So they click on it, the request goes through DNS filter. We're going to say, hey, no, this is going to a known malicious phishing site.

We're going to deliver you to the block page instead. That's typically how we're handling those situations. But yeah, it can definitely get hairy, and it's an added benefit to protect those users after the click, because I know these organizations are spending a lot of money on security awareness trainings, trying to get those users not to click, and those users still click.

So I think that's a big value point for DNS filter.

[Uncle Marv]
Okay. So now let's go ahead and go back to some of the announcement that you guys have talked about. I know that you, what was it, October, when a lot of these announcements came out, where you were doing additional integrations.

Now, are these new integrations, or are these just better, you know, integrations?

[Richie Wade]
Yeah, these are completely new integrations, and these are direct integrations to the major PSAs. So PSAs like ConnectWise, Datto Autotask, Pulseway, Halo, all of these are directly into those PSA services there, I should say. So, but we were looking to do, you know, a lot of good stuff with this integration to minimize the administrative workload, to kind of bring this DNS filter seamlessly in with the rest of the MSPs sort of products, and to also kind of shore up or make sure that you're doing your billing accurately.

So more accurate billing reconciliation as well.

[Uncle Marv]
Okay. So I guess the question to ask then is, people are still purchasing through you, but the integration into those products is handled backdoor. So people aren't going to go to, you know, ConnectWise or Kaseya and purchase DNS filter through them, are they?

[Richie Wade]
No, they're not. They're still going to purchase DNS filter directly from us. And then what we'll do is pull those usage numbers into their PSA of choice that they're using.

[Uncle Marv]
Okay. All right. So you mentioned ConnectWise, Datto Autotask, Pulseway.

I didn't hear Enable in there.

[Richie Wade]
No, we're working on Enable, but we also do have a pretty close partnership with them already.

[Uncle Marv]
Okay.

[Richie Wade]
So we have a couple of things, and Enable is also one of our partners. So if you're with Enable, you probably already have DNS service through Enable.

[Uncle Marv]
Oh, so I might be using you after all. Yes. Okay.

That makes me feel better. And then what about the other ones out there? Like I mentioned Super Ops as a sponsor of the show, Synchro.

Anything with those guys?

[Richie Wade]
Not yet, but that's definitely kind of the direction that we're heading in, right? We want to continue to deliver awesome integrations for our MSP communities here. We want to seamlessly integrate with the MSP's other tools there to make life a whole lot easier, right?

The whole idea is that we want MSPs to love us. We want it to be, it's a set it and forget it type service. And then maybe you're running your conciliation once a month, takes you a couple of minutes to do that.

That's the ultimate goal. We want to make that happen for all of our MSPs using any of the PSAs out there.

[Uncle Marv]
All right. I want to make another shift here because when I was doing a quick check of the background, I saw that you were once with AppRiver.

[Richie Wade]
Oh, yes. It's been 10 years over at AppRiver.

[Uncle Marv]
Was it AppRiver proper or AppRiver after the purchases?

[Richie Wade]
It was both, actually. So I started it with AppRiver proper back in 2012 and their support team. And, you know, I really got a lot of our customer service or customer support skills out of that AppRiver experience there.

So I helped build up the support team. Then I went over to implementation for a little bit there and then came over to DNS filter.

[Uncle Marv]
All right. Did you bring that concept of phenomenal customer care with you?

[Richie Wade]
Oh, I live it. I live it. And so many of my other co-workers live it as well.

You know, I'm running the sales engineering team as well now here. So we are definitely customer centric, customer focused. We want to make sure that experience is everything to us.

Right.

[Uncle Marv]
Now, you mentioned you're running the sales team. Now, you actually started there a couple of years ago as just an engineer. Has the role changed that much?

I mean, are you still able to get your hands in there?

[Richie Wade]
Oh, yeah. I definitely still have a couple of sales reps that I, you know, support directly because I definitely don't want to lose my thumb on that pulse of the customer. So I definitely like to be in those calls.

I like to lead by example. But my other two guys are just as great as I am, maybe even a little bit more technical than I am. So, you know, I have a great team.

And, you know, any one of us here is able to support you and make sure that you have a smooth onboarding experience.

[Uncle Marv]
All right. So now let's go back. I want to ask.

I don't need to ask about the prompting of, you know, integrating with the PSAs. But if we were talking to, you know, service providers, MSPs. So I'm talking to this one guy and I'll just throw this out where he's talking about trying to get me on a platform that would remove my firewalls.

And he wants to go through this other service that's running the firewall in the cloud. And I'm not going to say the name because I don't want to either get myself in trouble or them in trouble. But now I use my web filtering along with my firewall filter.

I still have both because I've got customers that, you know, have servers on-prem and they still work in the office for the most part. For something where we're moving everything to the cloud. I know that DNS filter can, you know, work with each, you know, server slash workstation as an agent sort of a thing.

But what about all those other devices, the BYODs, you know, phones, tablets and stuff that, you know, may not get an agent in an environment?

[Richie Wade]
Oh, yeah. Well, not only that, but what about guest Wi-Fi use cases as well? Maybe you're a coffee shop and you want to offer Wi-Fi to your users, but you don't want your users exploiting that connection.

So, yeah, we do offer several different ways to deploy. And, you know, the way that would cover those two use cases that we're talking about here would be like our network forwarding setup. So, you can essentially point your firewall, point your modem, your router to our Anycast resolvers.

And that would be our network deployment or network forwarding is what we would call it. But any device using that network would then be subject to that protection there. It's a really good way for you to get an agentless deployment, a really fast way for you to deploy if you want to just do basic sort of protection for an environment or a network there.

[Uncle Marv]
Now, is that just simply putting in DNS filters servers as DNS servers for our provider or is this a proxy type setup?

[Richie Wade]
Nope. It would be the forwarding just like you described where you're just setting up your external forwarders to point to the two DNS filter Anycast IP addresses. The only caveat here is that we do run a closed resolver.

So, you do need to list out your public address that you're coming from for that network. Okay.

[Uncle Marv]
Okay. And I know that you've got a feature called DNS layer security. Explain that in relation to what we've all just talked about.

[Richie Wade]
Well, so our security is really part of the service there. I wouldn't really call it a feature, so to say. I mean, we really don't have a specific feature for the security, but we do have like app aware.

So, this is a really good sort of application blocking feature. So, what this does is it allows you to first look at any application usage across your endpoints that you have the deployed to, but then you can also block access to any of those applications. This is a really good shadow IT tool where a lot of times we won't see you block anything off of app aware when you first deploy DNS filter.

I actually recommend you give it a week or maybe a month and then go into our reporting and you can see the different applications being utilized across your users because your users aren't always going to be honest and truthful telling you what applications or maybe they just forget to tell you a specific application. This is a really good way for you to kind of shore up that security approach and make sure that there's no unapproved app usage going on there.

[Uncle Marv]
Okay, I guess that's what I was trying to ask about the app aware. I had the wording all wrong. All good.

Well, that's good. Let me see here. I was trying to look at some of the other notes I threw down here.

I know that most of my listeners are either going to be solution providers, MSPs, and stuff. Recently, you guys did a price change that probably needed to happen to increase the cost. How has your feedback been from MSPs over the last few months?

[Richie Wade]
Pretty well, generally. Now, our pricing is increasing at the beginning of the year next year. So, we haven't really heard too much gripes from our MSPs here.

Not yet. From any new MSPs. We're still getting anybody that we're talking to currently, they're still grandfathered in on the old pricing.

We don't want to just increase the price while they're evaluating DNS filters. So, if you come out, you talk to us before the end of the year, you can still take advantage of our old pricing.

[Uncle Marv]
All right. Now, is it per agent, per domain? How is that set up?

[Richie Wade]
Yeah, so we're actually pretty kind with our billing. It really just depends on your use case. Now, typically, you're going to have more devices than users.

So, we would say bill off of users. And what we mean by users is warm bodies that need an internet connection. Now, say if you have, you know, four machines and 10 employees around those four machines, and it's a shared machine workstation sort of setup, then we would say bill off of device there.

So, whatever you typically have less of is what you want to bill off of.

[Uncle Marv]
Okay, that sounds like it could get confusing, because you can't always tie a device to a user, right? Correct.

[Richie Wade]
Can't always tie a device to a user. But if you have more devices than users, then you're going to bill off of users there. So, however many users you have, that's what you'll bill.

[Uncle Marv]
Okay. I'm sorry, I'm in my head, I'm thinking of my one client, because they have got five offices and employees move between the offices. So, I have to consolidate that billing, but I'm already using you through my arm, ma'am.

So, we're good.

[Richie Wade]
Yeah, right. Yeah. I mean, if you're using us through the PSA, it should be pretty straightforward.

Not going to be an issue there. But in general, our billing is on our base system. So, worst case scenario, if there's an over usage situation, one of our handy partner development managers will reach out, they're friendly, they'll say, hey, what's going on here, we'll get to the bottom of it there.

But we're never going to shut your service off, we're never going to give you a surprise bill. Again, we're pretty customer centric here, we want to make sure that you're having a good experience with DNS filter.

[Uncle Marv]
Okay. Now, with that price increase that's coming at the start of the year, are there new features to go along with that new price?

[Richie Wade]
Oh, yeah, we were definitely coming out with some new features. Like URL filtering is one of the big ones, I think, at some point next year that we're going to be working on no hard release date yet on that. But you know, we're also looking to kind of have a focus on MSP integrations too.

So, we just worked with Rewst, for instance, on an integration. So, you know, we're going to continue to look for different opportunities like that, that we can kind of expand and make life easier for our MSPs on the day to day.

[Uncle Marv]
Any hint as to how that would make our life easier?

[Richie Wade]
Well, so, I know the Rewst integration, for instance, can or has reduced support escalation ticket time, sometimes by 80%, right? So, that's going to save you a whole lot of help desk time and effort there, which should equivalent to savings and money.

[Uncle Marv]
Okay. And that would just be kind of like that AI, you know, automation, robotic, you know, resolutions and stuff like that.

[Richie Wade]
Yeah. It allows you to perform policy updates or, you know, kind of solve those generic tickets or those tickets that, you know, you always get a lot of. You can do, you know, pre-can responses.

You can respond to those automatically and kind of get those out of your hair so you can focus on the important stuff.

[Uncle Marv]
Okay. All right. I'm just going to do a quick sidebar here.

Sorry to do this, but you mentioned Rewst. And I want to say to my regular listeners that are voting currently for the 2024 Podcast Awards, Rewst is one of those companies that is in the running for favorite episode of 2024. So, just to let you know that that's happening.

If you haven't voted, if you want to vote for Rewst or against them, go over to the podcast, click on the link in the show notes and vote. Sorry about that, Rich.

[Richie Wade]
It's perfectly fine. You know, our friends at Rewst, they're great people. So, I don't mind the shout out at all.

[Uncle Marv]
Okay. All right. So, I think I've pretty much hit all the big news.

I know that, you know, a lot of it was the integrations. You guys did come out with an article that talked about malicious domains. The title is kind of funny on that article.

It says, rise in malicious domains underscores importance of cybersecurity awareness. Right. So, is it true that the rise is actually with the domains or is it just the number of bots tied to domains?

How was that?

[Richie Wade]
Yeah. I mean, I would say it's definitely domains. We're seeing hundreds of new domains getting spun up every day, every hour.

You know, and we have to assume the majority of those are bad domains or domains used for nefarious purposes. So, you know, and we're just seeing an uptick year over year. There has not been a decrease in malicious activity out on the internet.

So, it's just something that is an always changing goalpost that we need to make sure that we're staying in front of. And we're definitely seeing that high utilization of malicious domains at this time.

[Uncle Marv]
Now, are these mostly domains where they intentionally look like legit domains trying to get people to click? Or is it just as you type in, if you type the wrong name, you're going to go to this malicious domain?

[Richie Wade]
Right. Yeah. I mean, definitely you have those like typo squatting type domains, but we also have domain generation algorithm type threats.

So, those are like, you know, just numbers and letters. They make no sense to the human eye or to the, yeah, to the human eye. So, you know, we see a combo of both there that are being utilized by bad actors.

[Uncle Marv]
Now, I know a lot of the article focus was on the elections. You know, if you typed in the word ballot or polling or something, you were kind of driven to those sites. Now, obviously, that's going to go away.

How soon are you able to determine what like the next trend might be in terms of that?

[Richie Wade]
I mean, pretty quick. We do have some pretty great security intelligence team members at DNS filter. So, they usually clue us in, give us some heads up on some things.

But we do also try to list most of these things and what our trends are, what we believe are going to be trends for the next year in our annual security report.

[Uncle Marv]
All right. Any idea when that report might come out?

[Richie Wade]
I think that is coming out next month. That's January.

[Uncle Marv]
All right. So, let's see. When you guys get a link for that, let me know.

So, I can get one myself and then have the listeners go on. Now, is it going to be free? Yes.

Okay. I forget sometimes we talk about that. And some of these people, you know, Jay McBain's reports aren't free.

[Richie Wade]
Yeah. I mean, you do have to give us, you know, your email address. So, it's not truly free.

[Uncle Marv]
Okay. All right. We'll be looking forward to that.

Richie, thank you much. Glad we were able to do this and catch up. Now, those were all the things that I had on my list for us to chat about. I should probably have asked you since it's been over a month since we were to talk at IT Nation. Is there anything new that popped up on your radar that you'd like to mention?

[Richie Wade]
No. I mean, we're just riding the good vibes from this PSA integration. And, you know, we're looking to 2025 to, you know, continue delivering awesome updates and awesome features to our client base.

[Uncle Marv]
All right. Sounds good. So, ladies and gentlemen, if you, well, I was going to say a bad word.

I was going to say, if you're stupid and not using a DNS filter, you need to get on it and use that DNS filter. I'll have the links to everything in the show notes. And we will be looking forward to the report coming out.

And I'll have links to the articles that they put out about the malicious domains and everything else on the website. Richie, glad to get you to come on.

[Richie Wade]
It was a pleasure, Marvin. Thank you so much for having me.

[Uncle Marv]
All right. We'll have to chat again soon and look forward to it. But for now, have yourself a happy holiday.

Thank you. You too. And ladies and gentlemen, thank you for downloading and hopefully subscribing to the show.

And as per usual, head over to the website and catch all our other great content. If you're listening to the show in real time, as I mentioned earlier, head over to the site and vote for your 2024 podcast awards, and then plan on attending our year-end holiday podcast, December 18th at 8 p.m. Eastern, as per usual. And we'll share laughter, drinks, and announce the award winners for 2024.
That's going to do it. We'll see you guys soon. And until next time, holla!