uh so my name is mesh kupta uh lead the product team uh here at info blocks um I'll give you a little bit of my background I joined the company about one and a half years ago uh before this I spent four and a half years at paloalto networks uh I was leading the software firewalls business there I spent about six years at a company called Lumia uh that does Micro segmentation uh before that I was pretty early uh employee number 14 at lumio so built that product pretty much from ground up uh a long history of Nokia checkpoint firewall Juniper srax net screen firewalls before that so that that's my background we're going to talk about uh how we are Reinventing critical Network Services uh today so here's the uh agenda uh I'll start with a little bit of company overview if you don't know what we do uh a little bit of History I'll talk about you know the customer Trends and challenges that we we hear from our customers when we talk to them um when I joined we put together you know this uh brand new platform vision I'll walk you through that um and you know Universal DDI product Suite that came out of that vision and work uh which we launched last September so I'll give you a quick overview of that I'll switch gears to talk about our unique approach to DNS security and how how we are helping our customers uh protect themselves uh and believe it or not I'll try to finish all of that in 35 minutes and then we'll dive into uh the demos which is the most interesting part of the session uh so I'll run to that andad Len and Jason will give you a little bit of deeper dive on universal DDI and give you live demo so you can see the product in action okay so what are these uh critical Network Services that we we do um it's called DDI it's an interesting acronym of acronyms so what it stands for is uh DNS DHCP and ipam that's ddii and each one of these acronyms stand for its own AC acronym so DNS is domain name system as he said it's it's a foundational service so anything that's connected to the internet or your internal Network when you try to connect to something you type something in your browser like google.com facebook.com the first thing that happens on the network is the network needs to resolve this name into an IP address and that's what DNS does so that's the first critical service nothing works without DNS everything requires DNS to work the second one is DHCP so when you bring any device on the network uh it needs an IP address so can connect to something and that DHCP is the protocol that assigns that IP address so Dynamic host configuration protocol is what it stands for um and and that's what it does it gives you the IP address you can connect to the internet uh the third one is IP address management so all devices on the network need an IP address uh if you're a large Enterprise then you you can have millions of these I so how do you manage them IP addresses need to be unique most of the times uh so you need the whole system to manage these IP addresses across your Enterprise so that's what it stands for that's what uh info blocks does a little bit of History a company started in 2000 before that uh customers used to run DNS DHCP on either uh open- Source stuff like dhcpd or findind or on Microsoft and they manage their ipams with Excel sheets or text files and and that's how they lived before infolock was born info Blocks made it really easy launched the company in 20 went IPO uh so we were a public company uh in 2012 we went IPO did a bunch of stuff and uh around 2017 uh Vista took us private uh so we became a private PE owned company uh we launched our security uh capabilities that that I'm going to talk about in 2019 I'm just touching on some of the Milestones uh we were sold half of it to warberg in uh 2020 so we are now on 50% harista and 50 and by War our new CEO Scott Harold came from Cisco and joined the company in 2023 so it's about two years now uh I joined the company in August of 2023 and and we are trying to transform the company now for this hybrid multicloud world that most of our customers live in uh and last year we launched Universal DDI so those those are the some of the Milestones that the company has gone through so we had about 13,000 customers most of the Fortune 500 hundreds are running on info blocks uh and we are pretty critical uh service for them uh if we go down then they're entire Enterprise goes down so uh we literally provide like electricity uh you know to these companies so um what are the market trends I hear about from from customers when I talk to them it's these three so the first one is most of the customers that I talked to are on their multicloud Journey uh most of them end up with at least two to three clouds AWS Azure gcp and they have their on Prem footprint so most of them end up with this hybrid multicloud situation most of them are trying to go SAS first Cloud first trying to get rid of infrastructure in cloud in branches VMware acquisition suddenly accelerated this I hear a lot from customers they're trying to get rid of VMware now uh and and just put everything in Cloud uh the third one is the costly security breaches most of the customers that I talk to are worried about this uh they've invested a lot in security but the cyber attacks you know I look at it in three dimensions uh the number of attacks that's going up the sophistication of attacks that's going up and the impact all three dimensions is just things are getting worse and worse and most of our customers are worried about that so those Trends result in these specific problems around DDI and security so I'll just touch on them quickly uh when you move to Cloud each one of the clouds have their own DDI so DNS thcp and ipam built into the cloud so the cloud teams love to use those because they're native Services uh what that does is most customers end up with four to five different DNS systems now TNS is trying to connect things so if you have to log into four different uis uh the probability that you make a mistake goes significantly higher and if you make a mistake because DNS is such a foundational service you know things can go down uh so the the example that I use one of the banks in New York uh allowed the teams to use the native Services uh one time someone was servicing a ticket creating some DNS entries made a typo brought the entire Bank down for four hours uh and this the bank processed trillions of dollars of transactions every day so it was a huge event so that's what could happen if you end up with four or five different uh DNS systems what the next thing that most of the customers look into is oh you know people logging into these uis and trying to make things work uh you know is uh is costly and could cause outages so we're going to just put a self Ser portal or a terraform ncble layer on top of it but when they try to do this because you're dealing with four five different apis four five different terraform providers uh ncle cookbooks just the cost of automation just building it how long it takes and how long it takes to maintain it just goes significantly higher so that's the second problem most of the customers want and two because these apis are different and they keep changing you know over time as well question I know we're talking a lot about multicloud and hybrid Cloud but to confirm let's say an organization doesn't go the multicloud route maybe they're going to do multi- region instead because of the expertise in house they can still use your product absolutely just with one Cloud it doesn't have to be multi hyper Cloud they can and even if they don't go to Cloud uh sometimes they end up with you know info blocks in some places Microsoft or bind in other places even on Prem sometimes you acquire companies and they were running on Microsoft so even within on Prem you end up with this these problems cool thank you yeah the third problem is around how you manage IP addresses so what I constantly hear from customers is the cloud teams keep asking for more and more subnets for their Cloud environments uh and the network team has no visibility into how these subnets are being used uh so it results in suboptimal usage and and IP addresses are precious resources for Enterprise so if you're wasting them uh you can run out of them uh so that can cause a problem you even bigger problem is sometimes the cloud teams would start using subnets without even asking the network team and that results in conflicts routing uh issues and that that can cause outages so that happens a lot as well just because the network teams and the cloud teams are not collaborating effectively uh the fourth problem is around steale DNS records so when you create an application in Cloud uh you have to create DNS records and and point that to either an IP address or an S3 bucket uh what happens is the cloud team sometimes destroy these applications but they forget to remove these DNS records uh and now you have DNS records pointing to IP addresses or S3 buckets that have been released and in public Cloud someone else can acquire them so an attacker could take over and now they running a gambling site on your domain by taking over this S3 bucket so unfortunately I've heard that story from a lot of customers it's not that uncommon so that that's a big problem and the last one is just everybody's worried about ransomware zero day threats uh costing them millions of dollars um most of the customers tell me they have deployed all the tools available in the world but they just keep getting more and more alerts and they still are not you know feeling protected so those are the problems that come up I'm curious about that last point ransomware and threats yeah how does proper management ofns Ian alleviate some of the ransomware attacks yeah I will touch on that so we uh you could use DNS as a shield around your entire organization and it's not just ransomware it can protect you against all sorts of attacks and and I'll spend some time towards the end I'm having sure we connecting the dots so I'm curious yes I will connect the dots for okay so as I said we started with you know our original DDI solution called nios and iOS that's the the original solution uh what that did is it had a grid Management console that allows you to manage DNS and DHCP servers at scale uh fore an Enterprise then you have physical or virtual dnsdhcp servers uh but what happened over time as I said you know people started moving to cloud and ended up with this hybrid situation of you know AWS azur gcp DNS uh and noos uh or Microsoft or bind and end up with this you know all these problems that I talked about about five years ago we launched uh and we were the first one that launched a SAS manage DDI solution uh so the management plane was offered at as service so you could just log into it you didn't have to install anything and you could use it uh and we provided you know DNS and DCP servers uh in physical or virtual form factors so that's where we were about two years ago um one of the problems that we created for our customers is the noos DDI solution and the bloxman DDI Solutions didn't interoperate together which means they were already suffering from multiple DDI Solutions and we kind of contributed to that and made it worse right so that's that's the mistake we made so about one and a half years ago we realized that you know the critical problem that our customers are suffering from is this proliferation of DDI different DDI siloed Solutions and they really need a consistent cohesive management for that and our new platform Vision basically was born out of that so here's what we we came up with we said this is what our customers have they have you know data centers and branches they have users iot devices they have multiple clouds so how do we solve these problemss for them how do we become a unified platform for networking and security for this hybrid environment and we said we want to offer protocol servers so DNS DHCP servers in many form factors sometimes you need a hardware server sometimes you need a virtual server sometimes you want DNS thcp as a cloud service so we should be offering all three solutions to them and for whatever reason if they want to use a third party like R 53 or Azure DNS we should embrace that we shouldn't force them to replace set we should embrace that and help them manage it uh so we adopted that uh strategy for the protocol servers on top of that we said it's really critical to have comprehensive asset visibility and I'll tell you you know how asset visibility solves some of the problems I I talked about and we want DDI management that runs across this hybrid Enterprise and then I'll connect the dots on how we protect using DNS uh so we wanted to create this watcho cycle between asset visit ility networking and security uh so we put that as part of our vision uh and no matter what they are using we should have cohesive management uh across this you know hybrid environment so that was you know on top said the entire platform needs to be powered by AI so we can help our customers you know with their operational stuff on the security stuff we need to integrate it with ecosystem uh that we partner with service now CM tools vulnerability management tools and we provide these supported integration systems so our customers don't have to do the system integrator work we do it for them and we support it properly you also said uh everybody's trying to automate using terraform anible Python sdks and we should provide all of those things to our customers as well uh so they can automate across this uh one of the critical decisions we made when we uh launched Universal DDI is we replicated the apis that we had from nios uh to Universal DDI so because um you know thousands and thousands of customers have built automation with those apis we wanted to make it easy for them to just point those apis to Universal DDI and it just works uh so that was one of the the big Investments we made in Automation and the last one is the platform needs to provide flexible consumption so they can use different parts of the platform in a flexible manner so that became you know our uh platform vision and Universal DDI came out of that so I'll touch on what are the new parts of universal DDI uh what you see on the left is the original nios uh the grid Management console and the virtual and physical servers what you see in the middle is the universal DDI so the the big thing that uh was new is this Universal DDI management what that means is if customers are using Route 53 and Azure DNS and gcp DNS and and infol blocks and Microsoft we want to provide Universal DNS management so they can log into rui and they can manage all all of these systems from one place and Jason is going to show you live demo of that how we can manage Route 53 Azure DNS and gcp DNS uh we are working on uh adding support for Microsoft cloud flare arami bind so no matter what DNS they want to use they have full freedom to use those but they can manage it consistently from one place uh from rui R API R terraform provider they can use uh any of those DNS systems uh same thing for for DHCP uh even though the proliferation of tools doesn't happen on DHCP as much as on DNS uh but nonetheless if you're using Microsoft or info blocks you should be able to manage those you know consistently from one one UI one API uh and the third one is the universal ipam uh so we provide IP address management across all clouds and on-prem uh infrastructure so they can manage because it's really important for the ipam tool to be you know consistent across uh hybrid entprise otherwise it doesn't work if you if you can't detect all the IP addresses and you can't manage them cohesively the fourth piece that's new on top on that management layer is the universal asset insights uh which is super critical if you want to know uh how your IP blocks are being used uh you really need realtime visibility uh into these environments uh so we have had on Prem uh Network visibility tools uh with naos uh so we we of course using that to to feed the on-prem visibility we can scan all the devices you know on Prem in data centers in branches you know uh uh endpoints like laptops and feed that into the ipam but now with universal DDI we can also scan the AWS environment the Azure environment the gcp environment uh so our users can see that these are all the subnets that they're using and here are all the assets in those subnets so how these subnets are being used we show them utilization uh which again Jason will show you the other thing it does is if someone decides to create their own subnet without asking the network team we can scan that and bring that to that hey here are some of the subnets that you're not aware of and those subnets could be overlapping with some other environments and could cause you know conflicts and outages so proactively we can scan all of that and bring it in uh the last thing that the universal asset insights does for customers is uh you we have the DNS record once we scan the assets we can figure out oh you have this dangling DNS record that is pointing to an IP that doesn't even live in your environment anymore it's pointing to an st bucket that your Cloud team decided to delete and we don't see it anymore so that's a you know ticking time bombs somebody could acquire that uh S3 bucket and now host you know gambling side and pawn side and who knows what on your domains which will destroy your brand uh and cause all sort of problem security problems for you so that's what USD insights does yes you mentioned that it can you know understand like if there's going to be a conflict that occurs right like you have you know two subnets that are sitting on the same side or whatever yeah is that that's happening in real time there's like a specific trigger that like let's say you know I'm an engineer and I want to set it up like scan it every five minutes or every 24 hours or something or is it just occurring on your own triggers no you configure a discovery job got it okay and then we are scanning you can adjust the frequency of that as well and then we keep scanning and bring things in got now when we find uh conflicting things and we show you that and we'll show you some of that stuff uh so you can detect it got it and and so from a monitoring perspective we can see everything that's happening in real time that's right from an observability perspective is there any action that you can take like a default action if there's a conflict in the subnets like shut down one subnet or whatever something like that right like real like a real time automation to to uh uh resolve the conflicts yeah so U resolving the conflicts on sub is something that the customers would have to do because if we do something that may cause you know side effects um but we are building uh actions for let's say we show you a bunch of dangling DNS records uh we allow them to say go go delete this you know DNS record and clean things up so so there is like automatic remediation that you can Implement um you can the customers can uh but we just need to be careful again because DNS is the foundation if we do something automatic it could bring things down so we just need to be careful how much we automate versus how much control we give to customer makes sense okay guess the idea is that you want to increase the signal to noise ratio so that you ensure that what we're sending you so you could send it to a seam or to some other whether it's a service now or some other place where people are commonly that's their admin portal yeah because that's how whenever I see like Universal Universal implies that that's the one place you go but it's more like this the one place where action happens how often would people be in info blocks versus in their native consoles so in this case um DNS is you know where we are saying we are the universal management uh the way we have done it is uh it's a two-way sync so if the cloud team prefers to log into AWS Route 53 console and they want to do things from there or they have developed their own terraform automation they can continue to do that we don't want to slow them down what we're doing is we we will sync that with the uh infol blocks console portal so the networking team can also see the latest stuff uh real time and if they want to create something then we again send it back to Cloud 53 so the cloud team see it so you can operate on any console it gives you centralized visibility in management but we don't force them to just be on one console okay oh sorry go ahead okay thank you uh I think you mentioned that today you can manage Route 53 and support is coming for some of the other third parties we manage Route 53 Azure DNS and gcp DNS all three today the big three okay yes and you will see that uh the support for Microsoft uh Cloud flare akami and bind is coming in next six months so when you say Microsoft you're talking about like traditional Windows DNS Windows DNS okay gotcha believe it not thousands and thousands of customers are running their DNS on my the former active directory okay I believe it yes get rid of it get rid of it is when I'm here I've got one do you manage my Excel spreadsheet filled with IP addresses that's how not yet yeah upload there's an upload box for that there there you go for this real quick I've got one question like um how many customers do you see that are integrating like info blocks with like something like netbox or notabot something like that for what you said as far as like a two-way sync what are you seeing from that as far as adoption I have heard some customers use that but I haven't talked to enough of them to to give you what percentage but I definitely have heard of not aart uh and and some of the customers are using that okay what what kind of artifacts you generate for this is it like like is there Json output is it a CFA stream you could subscribe to is it just like what are the ways in which a data and information comes from here to an external system is it push is it pull like what are how much can you interact with it in depending on how you want to receive that information so standard rest Json um we also have uh streaming logs we have you know on demand actions so we create tickets to service now so it's all of the standard things that you do uh we also have terraform providers sensible cookbooks Python sdks and so U CLI so you can interact with you know uh the platform however you want to nice yeah so just a quick question and apologize but if you look at the stack below the SAS are you are you hosting the solution or where are you hosting so I just talked about the management layer and that's hosted in AWS uh we have a one region in us and one region in AO we are working on uh hosting and that management plane in other clouds as well because we have customers that say if you host a service in AWS we can't use it because we compete with it Amazon so so we are working on extending that but that management plan right now lives in AWS the server plan that I'm going to talk about next that niox as a service can run on AWS or gcp because that's the data plane so we we have worldwide regions where you can launch it and that uh we using both AWS and gcp for it so would you have any part of the uh below the stack with that is platform agnostic is there something that they don't need to see you abstracted above that so the management plan they don't need to see uh just because you asked I I told you and customers ask I tell them but they're logging to SAS behind the scenes whether we run it on AWS or you know on a data center or gcp or or Azure they shouldn't care it's just a s service for them do you have an on-prem appliance that you deliver uh yes we do so that the original you know grid Management console is uh an appliance okay yeah and we offer a physical Appliance as well as virtual Appliance but the the universal DDI product Suite the management is only SAS the servers can be Hardware software or as a service thank you yeah but that on Prem piece that's just the data plane that's not the management layer that's putting in okay got it got it makes sense so it's it's literally like a Azure local box or AWS Outpost or whatever like it's a box that you're putting in your data center to um collect everything from your on Prem environment send to the Management console that way you you can have true hybrid cloud observability and monitoring and such okay and so it's not just for collecting it's for serving DHCP and DNS as well got it okay uh uh a lot of times you know you have sites where you need local resiliency like a hospital can't go down when the internet goes down so they want a DNS server sitting right there um because they want local resiliency right so in those cases they would put that box um software box Appliance uh in their local environment like stores uh they can't go down when the internet goes down so in those cases they put a server if it's knowledge workers when the internet goes down the whole thing goes down anyway then they would prefer to use that niox as a service which is 100% cloud service they don't need to deploy any appliances and we serve DN CCP protocol uh from a cloud service which again we'll show you I apologize I think maybe Ned might have touched on this already but like let's say I have a couple windows boxes running on Prem they're doing DHCP they're doing DNS y well info blocks integrate in with what you already have correct so that's uh what I uh you know said that's on the road map and what we will do is we'll allow you to uh install an agent on those uh Microsoft servers and then we'll pull all your DHCP DNS configuration to our SAS management and now you would be able to manage it uh from uh infol blocks if you wanted to move the server itself from Microsoft to info blocks then you can do that later okay got it so I can do a full consolidation I can shut down those boxes put everything full box got a lot of our customers do that and they're in process of doing that but if we trying to provide a bridge so that it's not a big disruptive you know operation you start by managing it uh that you know makes it easier and then once you're ready then you can start flipping these servers puts the customer's mind at EAS too because they're not like uh getting rid of everything right they still hold on to a little bit of the the good stuff yeah got it yep do you have anything right now for oh sorry Alison you don't worri I'll wait patiently um I I know we've kept you on this slide for a long time um I Know You released this product in the fall of last year are you going to share in your presentation what customer response has been sure uh I can talk about it the response has been uh way more positive than we even expected um so Fortune 5 company one of the fortune 5 companies is already B and they're in process of deploying it uh we have large SAS retail uh providers um like pretty big brand names we have airlines that have purchased it and and are deploying it so a huge uh interest uh in in Universal DDI now one thing I like to mention is I talked about that blocks one DDI that platform itself is about 5 years old M um Universal DDI has some new parts in it but this basic SAS platform was built five years ago so it's pretty stable and and we had hundreds of customers using it as well uh so uh that's why customers don't feel like it's brand new some pieces are new uh but the overall platform is not new got it and that puts them at ease because these you know large customers uh want to wait for years before they adopt something new so the reason they are able to adopt it is because the the code platform is not run new thank you question on air gaps because I know this is the question that eventually we have to ask is how do you deal with airgap environments and given that that you are potentially now a Bastion entry point to an air gaft environment what are the risks and protections you have for making sure that your Stu is protected other than just being sock to certified yeah so the the nao's uh solution is completely on Prem so you can use it in air gap environments uh for SAS of course the server part can be in the airgap environment but the SAS management is of course a cloud service so that that can't be but we we have not as a as a solution that we continuing to invest in because we know a lot of customers can't use SAS for variety of reasons so we'll continue invest in iOS as an on Pam solution for that back to the plance is do you have Partnerships with various Hardware vendors or you just have one and it's all um so we have our own Hardware but we are uh also moving towards um like we have a partnership with Dell uh so we can run on Dell boxes and and that's the direction we are going in doesn't make sense for us to keep building our own Hardware so but we have our own Hardware right now we migrating towards general purpose Hardware quick quick question on the universal ipam is that similar to the DNS where you're actually pulling in information from other ipams or is it just you use our ipam oh good question um the uh Universal ipam uh is we are scanning the environments and providing you know the ipam but AWS and Azure both have actually built their own ipam yeah so a lot of customers are using those and they want to keep them uh so we are also integrating our IAM with AWS ipam and Azure ipam in some cases we hear that they want to get rid of AWS and just use us uh in some cases the cloud team says Nope I want to use the AWS one and the network team wants to use infol blocks ones we are integrating so our goal here is to provide them as much flexibility as we can uh so they don't have to worry about us we fit into their environments and whatever they want to do we want to make it work for them and is there the same kind of two-way sync so if I'm it will push things back to AWS ipam for example it's the primary thing is we will be the authoritative uh ipam and what they want is when AWS runs out of subnets they want AWS to talk to info blocks and get more uh from the pool so we are the bigger pool AWS is going to be a smaller pool and they just pull from us and then they use locally okay yeah and they don't the network team doesn't want any subnets being used in Cloud unless they came from info blocks just to avoid they bring your own subnet problem okay the last one the nios sex as a service is basically 100% cloud service uh if customers don't want any infrastructure they can just launch a cloud service and we serve DNS and DHCP you know on on top of that using ipack tunnels just like you do in in a sassy or SD architecture so that's Universal DDI I promise that I'll touch on TNS security so I'll touch on that now uh so what most people don't realize uh and and you were asking you know creating that connection between DNS and and security is no matter what kind of attack you're dealing with uh there is always that first DNS query that happens so let me give you a few examples you get a fishing email or you have a you know text with a a bad Link in it or this new thing called questioning where you're scanning QR codes and that takes you to some bad place in all those cases when you click on those links the first thing that happens is a DNS query uh before you go there right the second example uh people talk about vulnerability exploits so you exploit a vulnerability you get into a laptop or a cloud workload or a data center server the first thing the attackers have to do is connect back to a commanding control center so they can download ransomware or malware now when they do that there is again that first DNS query that happens before they can download that thing right the data exfiltration so once they get in they try to exfiltrate your data guess what they're connecting to a server where they are uploading all this data so there is that first DNS query that happens right even in the AI world people are talking about prompt injection attacks uh even if you do that there is that first DNS query that that connects to something bad so no matter what kind of attack you're talking about there's always that first DNS query so our thesis here is if somehow magically you could figure out um you know and block that first DNS query you could literally stop all types of attacks uh no matter what kind of attack you're dealing with and this is the connection between DNS and and cyber attacks now what happens is DNS is there in any Enterprise and it's serving pretty much all kind of devices your laptops your mobile points uh your iot devices your Cloud workloads your your data center servers everything is already connected to DNS so if you could turn this on uh on your D DNS server you don't need to install any agents you don't need to install any like new appliances you can just flip a switch on your DNS server which is already serving DNS to everybody so it's really easy uh to deploy and because DNS is the first thing that happens if you start blocking those bad queries it reduces uh a load on your network so this is something we were surprised by first time we heard about this is one of the customers turned on rdns protection and they panicked because the load on their firewalls and the routers went down by 40% so they literally thought something had gone wrong and why are they seeing the significant reduction of traffic so they panicked they started you know freaking out and then they realized because they were blocking those first DNS queries uh all the following traffic never went on their Network so that's just the network went quiet so it wasn't a problem it was you know really good and once they realize that then when I talk to customers I hear 20 to 35% reduction when they turn this on which is huge because now you don't have to buy more firewalls more switches routers uh the number of alerts that your sock team gets goes down significantly because your end points are generating alerts or firewall orary alerts if you just block that DNS query everything goes down so significant reduction on the operational overhead the infrastructure cost so huge benefits of blocking things at DNS now the magic is because it's DNS if you block a a good DNS query you're going to make people unhappy right so you really need to be good at detecting bad domains and good domains and how do you do that so um I explain you know unique approach using this this analogy so if you have a drug problem in a city you could take two approaches to you know deal with that drug problem the first approach would be you go after the drug dealers and there'll be many drug dealers in the city you would be uh you know at every street corner in colleges and universities and you'll have to find the drug dealers and as you arrest them eliminate them the new ones will keep popping up so you just keep playing this game of vaco if you're going after the drug dealer ERS the second approach is to go after the cartel uh and you may have one or two generally they keep their territory so you don't have to deal with a lot and it's much harder it's a cartel but once you eliminate that cartel then the entire city gets clean the drug dealers go away automatically right so it's a much more strategic and impactful approach so let me give you an example of such a cartel in cyber world everybody knows what bitly is you know you probably use it for shortening the URLs uh now ATT haers are also sending all these you know fishing emails so they need a URL shortening service too but bitly doesn't offer that service to them so where are they getting their URL shortening Service uh there is a company a big company they make millions and millions of dollars serving all the attackers with this URL shortening service and guess what they're running huge infrastructure they need DNS uh so we can actually track that cartel and we we hired uh Dr Renee Burton she was running uh she was working at NSA and running this dns-based you know cyber uh detection service at NSA she joined in for blocks and brought all that knowledge uh and we built this so using uh her unique approaches we are tracking these cartel so we call it prolific Puma because they don't publish their name it's a company that has acquired 75,000 unique domains just in last one and a half years so all the other tools in out there they're trying to detect these bad domains when they see a fishing campaign or they see a malicious website that's a drug dealer approach as soon as that domain get blacklisted in Palo Alto or Cisco umbrella they just buy a new one and then start doing you know bad things with that domain uh what we are doing is we are tracking their infrastructure so as soon as they buy a domain we know it's bad right because what's the probability that they're going to do something good with it they run no bad business so that's just one cartel there are a whole bunch of others and we were the first company publishing research on all these cartels because we are tracking them down and we you know tracking their infrastructure so that's our unique approach we're going after these cartels using you know DNS as the the thing uh what it allows us to do is few things first of all because we are tracking them uh as soon as they buy a domain we start blocking it and that gives us almost two months lead before the the world knows about that bad domain so we start blocking it almost 63 days earlier than the industry and we have research on this we would say hey this domain is bad and then two months later virus total would say it's bad um and everybody else will say it's bad but we were blocking at two months in advance the second thing it does is it gives us 0.002% false positive rate why because we're not tracking the dealers we're tracking the cartel so as soon as they buy the domain the probability that it's going to do something good is pretty pretty much zero uh so again because of that unique approach we are able to deliver this lead time to our customers and that super low false positive rate um most of the time like 75% of the times uh our customers uh the we block that first DNS query that I talked about because we were already blocking that domain so the first query itself gets blocked 82% times we're blocking within first 24 hours so that's what you know our DNS security which is called thread defense that's what that service does I just wanted to give you that unique approach and the connection to to DNS and how DNS can be used as a very effective security shield around the entire organization do that make sense is that strictly on when it's your DNS server or do you extend this capability to the other DNS servers that you're integrating with right now it's rdns server um we are working with some of of the hyperscalers um on making this available through them but that is something future and just to clarify so all this um security features is baked into Universal DDI solution or is it so like a add-on so the universal DDI uh on that portfolio slide actually I have it next I guess or no um it it's an add-on on that you can turn on so again you had the physical virtual and as a service all three options uh you can just flip a switch and turn on uh the security service on it and then we will start protecting uh you know using this approach okay thank you T is going to show you that it's really easy uh and that's why I was saying because DNS is already connected to everything everything is coming to DNS it's just literally a switch you flip and then we start Pro yeah yeah can I zoom us back out again I think I missed the company uh piece up front so how are you structured how is your how are your resources deployed so for example you talked about Hardware not being a good use of your resources so you're going to phase that out and going to partner within your groups is it by platform is it by you have Network folks you have security folks yeah what would be the the breakdown on that so we um engineering uh is organized by you know we have a big team of uh engineering folks you know support in that naos original DDI solution because we have thousands and thousands of customers you know using that the universal DDI and the security there is the Bas SAS platform because they're connected uh right so there are common pieces there are common teams working on the Bas platform and then there are teams that are working on DDI management asset insights nios service um and all of it was own by Glenn who's going to show up here and then we have team of you know PMs and Engineers who are working on the security solution we also o have a threat Intel team that's headed by Renee Dr Renee Burton uh they are doing all the threat piece that I talked about and feeding all that Intel into the platform so that's kind of how you're organized and so where would you be reinvesting the money that's going from PL uh your own Hardware development oh that's a pretty small piece um we' have gone virtual um you know a big piece of our install base is already running on Virtual appliances uh so it'll go in all places um but I think we'll have to keep some people for managing like Dell HP whatever relationships but yeah we are mostly virtual I'd say 80% right now so yeah not a big hardware shop already and then sales and marketing versus engineering and functional pieces sales team is all shared they're selling the entire platform both noos Universal DDI and security but just as far as resources how much percentage would you have that are engineering versus marketing and sales that's a tough question I would say 30 40% would be sales go to market teams okay yeah and are you also selling your partners too systems integrators would there be a reason to do that too uh yes we we have you know Distributors uh Channel Partners uh that sell all of our stuff we mostly go through them okay yeah uh our engineering sites you know our headquarters is in Santa Clara actually you know very very close from here uh we have a big site in Bangalore uh so that's a big engineering site we have a site in Tacoma near Seattle uh and we have one near Vancouver in bernabe so those are the four hubs and then of course we have employees distributed across the world um I think we are about 2300 employees at this point so that's kind of the size of the company and I know we're about to jump in What I'll say is like obviously visibility is incredibly important because if you visibility and then narrowing down to the right signal versus noise that you can't trust taking action against it right how much of your stuff is like biased towards action or how much do you want to really become the action portal going forward like thinking about do you look for partners to like hey here's an easy way to integrate with this actionable system or do you want to eventually be the action owner uh that's a great question uh right now I would say we are for the actions uh customers want us to integrate with service now uh type tools because that's where you know they take all their actions um as we build a lot of these insights that you're going to see they are asking you know for some of the actions within the platform as well so I think it's going to be a mix of both um we can't bring everybody you know on our platform because they're used to you know their workflows are all built with you know service now the tools so we'll continue to do both perfect thanks yeah