Lecture Notes: Reinventing Critical Network Services

Presenter: Mesh Kupta, Lead Product Team at Info Blocks

Background:

• Mesh Kupta joined Info Blocks 1.5 years ago.
• Previous experience includes 4.5 years at Palo Alto Networks and 6 years at Lumia.
• Early employee at Lumia, involved in product development from the ground up.
• Extensive experience with Nokia, Checkpoint Firewall, Juniper S/RAX, Netscreen Firewalls.

Agenda:

1. Company Overview & History

   • Founded in 2000.
   • IPO in 2012, taken private by Vista in 2017, partnered with Warburg in 2020.
   • New CEO Scott Harold from Cisco in 2023.
   • Transitioning to a hybrid multicloud model.

2. Customer Trends & Challenges

   • Movement towards multicloud environments (AWS, Azure, GCP).
   • Emphasis on SaaS-first and cloud-first strategies.
   • Concerns over costly security breaches and increasing cyber threats.

3. Platform Vision & Universal DDI Product Suite

   • Launched the Universal DDI Product Suite in September 2022.
   • Focus on offering DNS, DHCP, and IPAM services across hybrid environments.
   • Integration with third-party services like AWS Route 53, Azure DNS.
   • Emphasis on AI, flexible consumption, and supported integrations.

4. DNS Security

   • Utilizes DNS as a shield against cyber threats.
   • Offers proactive defense by blocking malicious DNS queries.
   • Unique approach focused on tracking cyber 'cartels' rather than individual attacks.
   • Provides significant operational and cost benefits by reducing network traffic.

5. Market Trends & Specific Problems

   • Challenges of managing diverse DNS systems in multicloud environments.
   • Issues with IP address management and the risk of DNS record conflicts.
   • Importance of comprehensive asset visibility.

Key Technologies & Opportunities

• Universal DDI: Provides a cohesive management platform for DDI services across environments.
• Security Enhancements: Integration of DNS security as an add-on to prevent attacks.
• Automation & Interoperability: Use of REST APIs, Terraform, and Ansible integration.
• Asset Insights: Real-time visibility into IP usage and detection of conflicts or unused resources.

Customer Engagement & Roadmap

• Positive reception from Fortune 500 companies and various industries.
• Ongoing development to support more DNS systems and enhance security features.

Questions & Interactive Discussion

• Addressed queries on integration, air-gapped environments, and plans for hardware partnerships.
• Discussed potential actions and integrations with ServiceNow and other management tools.

Here's a more detailed breakdown of the lecture notes, organized for better understanding and study. I've expanded on each section, incorporating information from the transcript and adding further context where appropriate.

Lecture Notes: Reinventing Critical Network Services - Expanded Notes

Presenter: Mesh Kupta, Lead Product Team at Info Blocks

Date: [Insert Date Here]

I. Company Overview & History: A Deep Dive

Info Blocks, founded in 2000, initially addressed the limitations of managing DNS, DHCP, and IPAM (DDI) using open-source solutions (like dhcpd, bind) or rudimentary methods like spreadsheets. The company's evolution highlights key industry shifts:

• 2000: Founded, addressing the nascent need for centralized DDI management.
• 2012: IPO, signifying market validation and growth.
• 2017: Acquisition by Vista Equity Partners, indicating a strategic shift towards private equity investment and potentially focusing on expansion and innovation.
• 2019: Launch of security capabilities, showcasing a response to growing cybersecurity threats. This marks a significant expansion beyond core DDI services.
• 2020: Partnership with Warburg Pincus, likely for further capital infusion and growth strategies.
• 2023: Scott Harold (from Cisco) becomes CEO. This suggests a focus on streamlining operations and potentially leveraging Cisco's market expertise.
• Present: Transition to a hybrid multicloud model, reflecting the current IT landscape. This emphasizes adaptability and the need for solutions compatible with various cloud providers. The company boasts around 13,000 customers, including a significant portion of the Fortune 500.

II. Customer Trends & Challenges: Understanding the Landscape

The presentation highlights three major customer trends that significantly impact DDI and security:

1. Multicloud Adoption: Most customers are migrating to a hybrid multicloud environment, involving on-premises infrastructure alongside AWS, Azure, and GCP. This creates complexity in managing DDI services across different platforms.

2. SaaS-First/Cloud-First Strategies: The move towards SaaS and cloud solutions accelerates the need for streamlined DDI management. The presenter specifically mentions VMware's acquisition as a factor accelerating this trend, as companies are moving away from on-premises virtualization solutions.

3. Costly Security Breaches: The escalating frequency, sophistication, and impact of cyberattacks are major concerns. The three dimensions highlighted are: increasing attack numbers, more sophisticated attack methods, and increasingly severe consequences. This fuels the demand for robust security solutions integrated with DDI.

III. Platform Vision & Universal DDI Product Suite: The Solution

Info Blocks' response to these challenges is the Universal DDI product suite (launched September 2022), built upon a platform vision addressing several key areas:

• Unified Platform: A single platform for managing networking and security across hybrid environments.
• Multi-Form Factor Protocol Servers: Offering DNS and DHCP servers as hardware, virtual, and cloud services to meet diverse customer needs.
• Third-Party Support: Embracing existing cloud provider DNS services (AWS Route 53, Azure DNS, GCP DNS), rather than requiring customers to migrate everything. This allows for gradual integration.
• Comprehensive Asset Visibility: Real-time insights into the usage of IP addresses and other network assets across all environments. This is key for efficient resource management and conflict detection.
• AI-Powered Management: Leverage AI to automate tasks and improve operational efficiency.
• Ecosystem Integrations: Integration with tools like ServiceNow and vulnerability management systems, reducing manual efforts.
• Automation: Supporting popular automation tools (Terraform, Ansible, Python SDKs, CLI). API compatibility between NIOS and Universal DDI is stressed to ensure smooth transition for existing customers.
• Flexible Consumption: Allowing organizations to adopt specific features as needed, rather than requiring an all-or-nothing approach.

Key Components of Universal DDI:

• Universal DDI Management: Centralized management of multiple DNS systems from one interface (including third-party solutions).
• Universal DHCP Management: Similar unified management for DHCP services.
• Universal IPAM: Consistent IP address management across clouds and on-premises infrastructure.
• Universal Asset Insights: Provides real-time visibility into assets, subnet utilization, and detects potential conflicts or unused resources (e.g., dangling DNS records). This includes the capability to schedule discovery jobs at regular intervals.

IV. DNS Security: A Unique Approach

The presentation introduces a novel approach to DNS security, leveraging DNS as a primary defense mechanism against various attacks:

• DNS as a Shield: All attacks, regardless of type (phishing, exploits, data exfiltration, AI-based attacks), initiate with a DNS query. Blocking malicious queries at the source offers a highly effective preventative measure.
• Significant Network Reduction: Blocking malicious DNS queries can reduce overall network traffic significantly (customers report 20-35% reductions). This reduces the load on firewalls, routers, and other security infrastructure.
• The "Cartel" Approach: Rather than targeting individual malicious domains (like most security solutions), Info Blocks focuses on identifying and disrupting the infrastructure of major cybercrime organizations ("cartels"). This significantly improves detection rates and minimizes false positives.
• Prolific Puma Example: Illustrates this approach, highlighting the tracking of a single organization responsible for registering vast numbers of malicious domains. This proactive approach enables blocking domains up to two months before they're identified by other tools.
• Low False Positive Rate: The cartel-focused approach results in an exceptionally low false positive rate (0.002%), vastly superior to other methods. The vast majority (75-82%) of malicious queries are blocked within 24 hours.

V. Market Trends & Specific Problems: Deeper Analysis

The lecture expands on the challenges faced by organizations due to the current market trends. Here's a deeper look at the problems discussed:

• Multi-DNS System Challenges: Managing multiple DNS systems across different clouds and on-premises environments leads to increased complexity, human error, and potential outages. The New York bank example is a stark illustration.
• Costly Automation: Implementing automation across disparate systems is complex and expensive. The difficulty in managing multiple APIs and infrastructure adds to the costs and delays.
• IP Address Management Problems: Lack of visibility into subnet usage leads to inefficient resource allocation, conflicts, and potential outages due to poor collaboration between cloud and network teams.
• Stolen DNS Records (Dangling DNS Records): Forgotten or orphaned DNS records that point to deleted resources create a significant security vulnerability. Attackers could potentially hijack these records.
• Ransomware & Zero-Day Threats: The continuous threat of ransomware and zero-day attacks demands robust security solutions that are constantly adapting.

VI. Q&A & Additional Information: Key Takeaways

The Q&A session covers a wide range of topics:

• Multi-Region vs. Multicloud: Info Blocks' solutions apply regardless of the chosen cloud strategy.
• Integration with Netbox/Notabot: Some customers integrate Info Blocks with these tools for enhanced network management and two-way syncing.
• Data Integration: Data is typically exchanged using REST APIs, JSON output, streaming logs, and other standard methods. The system supports both push and pull mechanisms.
• Hosting & Platform Agnosticism: While the Universal DDI management layer is currently AWS-based, Info Blocks plans to expand to other cloud providers. The data plane (servers) can run on AWS, GCP, or on-premises. They offer both physical and virtual appliances.
• Air-Gapped Environments: NIOS (on-premises solution) is compatible with air-gapped environments, although the SAS management layer isn't.
• Hardware Partnerships: Info Blocks is transitioning from producing its own hardware to partnerships with vendors like Dell.
• Universal IPAM and Two-Way Sync: The universal IPAM can integrate with cloud providers' existing IPAM services (AWS, Azure), acting as the primary source of IP address allocation.
• Customer Response: Universal DDI has received positive feedback from large enterprises across various industries.
• Company Structure: Engineering is organized by product (NIOS, Universal DDI, Security) with centralized support teams. They have four major engineering hubs. The company is shifting its focus away from hardware development towards software and partnerships. The sales and marketing team is shared across the entire product portfolio.
• Actionable Insights: Info Blocks aims to provide both actionable insights within their platform and integration with external systems like ServiceNow, catering to different customer workflows.

These expanded notes provide a significantly more detailed overview, suitable for thorough review and study. Remember to replace "[Insert Date Here]" with the actual date of the lecture.

Deployment Options:

The lecture discusses several deployment models for Info Block's Universal DDI and related services. Let's break down the deployment options in detail:

I. Universal DDI Management Layer:

• SaaS (Software as a Service): This is the core of Universal DDI. The management plane resides in AWS (with plans to expand to other clouds like Azure and GCP to address customer concerns about vendor lock-in). Customers access this layer via a web console or APIs. This centralizes management of all DDI services, regardless of their underlying location (on-premises, various clouds, or third-party DNS services). The SaaS model offers scalability, ease of management, and automatic updates.

II. DDI Protocol Servers (Data Plane): These are the actual DNS, DHCP, and IPAM servers that handle the network traffic. They come in three forms:

• Hardware Appliances: Physical appliances offering high availability and local resiliency. Info Blocks is transitioning away from manufacturing its own hardware towards partnerships (like the one with Dell) to leverage existing infrastructure. These are best suited for environments requiring high uptime and local autonomy even in the event of network connectivity loss (e.g., hospitals, retail stores).

• Virtual Appliances: These are virtual machines deployed on customers' existing infrastructure (on-premises, private clouds, or virtual private clouds in public clouds). This offers flexibility and integration with existing environments, while still leveraging the centralized management from the Universal DDI SaaS layer. They provide the same core functionality as hardware appliances, but with the advantages of virtualization.

• NIOS as a Service (NaaS): A fully managed cloud service offering DNS and DHCP. This is a pure cloud deployment where Info Blocks fully manages the servers, removing the need for any on-premises infrastructure. This is suitable for organizations prioritizing simplicity and fully offloading DDI management. It leverages IPsec tunnels, much like a SaaS-based architecture.

III. Hybrid Deployments:

This is the most common scenario. Organizations utilize a mix of on-premises infrastructure and multiple cloud platforms (AWS, Azure, GCP). Info Blocks' Universal DDI excels in this scenario by:

• Centralized Management: The Universal DDI management layer provides a single pane of glass to manage all DDI services, irrespective of location.
• Integration with Third-Party Systems: Info Blocks seamlessly integrates with existing cloud provider DNS services (Route 53, Azure DNS, GCP DNS), allowing gradual migration and leveraging existing investments.
• On-Premises Integration: The Universal DDI management layer integrates with existing on-premises DDI servers (Microsoft, BIND, etc.) through agents, allowing for phased migration without disruptive changes.
• Real-Time Visibility: Universal Asset Insights scans all environments (on-premises and cloud) to provide complete asset visibility and proactive detection of conflicts.

IV. Air-Gapped Environments:

• NIOS (On-Premises): Info Blocks' traditional NIOS solution is designed for air-gapped environments. In such scenarios, the Universal DDI management layer's cloud-based nature is not viable, but the on-premises DDI servers can function completely independently.

V. Specific Examples:

• Fortune 500 Company: The lecture highlights a Fortune 500 company already using the Universal DDI, demonstrating the solution's applicability for large-scale deployments.
• Large SaaS Retail Providers and Airlines: These examples show diverse industry adoption across various sectors.

In summary, Info Blocks' approach emphasizes flexibility and adaptability. Customers can choose the deployment model that best aligns with their existing infrastructure, cloud strategy, and security requirements. The Universal DDI acts as a unifying layer, simplifying management regardless of the underlying infrastructure's diversity.