Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access
Mar 26, 2025
auto_awesome
In this engaging conversation, Adam Pointon, CEO of Knocknoc, shares his expertise in innovative network access control solutions. He discusses the importance of securing Single Sign-On services and minimizing exposure by integrating advanced tools like Identity-Aware Proxies. Adam clarifies common misconceptions about SSO vulnerabilities and highlights strategies to isolate critical applications from the internet to enhance security. With a focus on Just-in-Time Network Access Control, he outlines how to streamline access while maintaining robust protection for sensitive environments.
Knocknoc enhances network security by allowing just-in-time access for authenticated users while minimizing exposure of sensitive applications to the internet.
The platform improves user experience through a redesigned, accessible management interface, facilitating easier installation and configuration across diverse organizations.
Deep dives
Understanding Knock Knock's Functionality
Knock Knock provides just-in-time network access control through a streamlined authentication process. By using a single sign-on (SSO) button, users can dynamically open access to specific IP addresses for a limited time, enabling secure interaction with legacy systems. This solution sits outside traditional firewall systems and instead orchestrates existing infrastructure, simplifying the access management process. This flexibility allows Knock Knock to adapt to various infrastructures while ensuring only authenticated users gain entry to sensitive services.
Protecting Vulnerable Applications
Knock Knock is particularly effective in securing legacy applications that lack modern security features like multi-factor authentication (MFA). By making sensitive applications invisible to the internet, it dramatically reduces the risk of exposure to potential attacks, a significant improvement for organizations dependent on outdated systems. The product also enables the addition of MFA to these applications without requiring complex setups or VPNs, thus enhancing their security posture. This approach allows organizations to keep legacy systems operational while mitigating inherent risks.
Layered Security Approach for Enterprise Applications
Enterprises face rising threats to their network gateways, often stemming from compromised firewalls and VPNs. Knock Knock acts as a 'firewall for firewalls' by allowing authenticated access to management interfaces without exposing them to the broader internet. This concept is crucial as many breaches exploit weak credentials at the edge of networks; thus, Knock Knock adds another layer of control. By managing the IP address allowances dynamically, organizations can significantly limit potential attack vectors while ensuring operational flexibility.
Innovative Development and User Experience
Knock Knock has evolved from its initial technical implementation to prioritize user experience and accessibility. The management interface has been redesigned to appeal to a broader audience, allowing for easier installation and configuration without deep technical skills. This focus on user-friendliness is aimed at streamlining adoption across varied organizations, from telcos to critical infrastructure sectors. The ongoing development reflects a commitment to making robust network access controls not only available but also easy to use for different types of users.
In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls.
Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers??
You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure.
Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he’s a founder advisor. He also serves on Knocknoc’s board of directors.