Reimagining DNS: A Conversation with NS1’s CEO, Kris Beevers

krisbeevers - Reimagining DNS: A Conversation with NS1’s CEO, Kris BeeversKris Beevers is a recognized authority on DNS and global application delivery, and often speaks and writes about building and deploying high performance, at scale, globally distributed internet infrastructure. Kris is co-founder and CEO of NS1, the leader in next-generation DNS solutions that orchestrate the delivery of the world’s most critical internet and enterprise applications.

I’m Prasad Parthasarathi, Head of Security Investments & Corporate Development at Cisco Investments. Today, I’m super excited to announce our investment in a company revolutionizing the Network and Application Traffic Security: NS1.

Recently, I had the incredible opportunity to sit down with NS1’s CEO and Co-Founder Kris Beevers to talk about the drivers behind the company’s inception, what it means to make security “approachable,” and his vision for a “Goldilocks” partnership with Cisco.

Prasad Parthasarathi (PP): DDI and DNS are spaces that have been around for a while, so can you tell us what prompted you to start a company in this space?

Kris Beevers (KB): There were really three big drivers. First, my co-founders and I had a background in broad internet infrastructure, and we were building everything up and down that infrastructure stack in the mid and late 2000’s. We had a front row seat to huge sea changes in application architectures and how applications are delivered.

So, fast forward to the emergence of public cloud and DevOps and microservice architectures. All of this new technology made the applications we were working on more dynamic because of the availability of API addressable infrastructure and DevOps tools. So the first driver was the need to manage more dynamic environments.

The second driver was a recognition of the need for intelligent traffic steering across hybrid infrastructure. We had been building global traffic steering technology for our own use cases in our previous business. And in particular, we were building Content Delivery Networks, or CDNs. Any CDN is just piles of infrastructure all over the world, which introduces a basic problem of matching each user with the right pile of infrastructure to get the content that they want so they get the right experience. Maybe no surprise, but we found DNS to be a highly leverageable control point in the application delivery process to inject some intelligence and make global steering decisions. We developed a lot of operational expertise around traffic steering technology.

And the last driver was really about the market. The bottom-line takeaway we had around 2011 was that the companies occupying the Managed DNS space were primarily networking companies. Their differentiation was about network speed and reliability. Their differentiation was not in the software, or unlocking intelligence in this piece of the stack, or about driving leverage from this DNS lookup opportunity. We knew we could build a software company with differentiated technology.

So, when you put those three things together, we saw a unique opportunity to make DNS a strategic part of the application delivery stack driven by how applications were being built, delivered and consumed.

And then, a couple of years into our business, we learned that the same challenges that drove us to build a Managed DNS business were now creating similar complexity inside the enterprise environment. Enterprises were investing in modernizing and driving velocity, automation, and scale inside their enterprise environments to make them cloud native as well. That’s where we identified a similar opportunity for our application traffic solutions inside the enterprise environment, which has historically been a different space, the DDI space, which is an acronym for DNS, DHCP, and IP Address Management. In our view, the Managed DNS and DDI spaces shouldn’t be thought of independently. Really, the application traffic stack needs to be vertically integrated for use cases that span across cloud and internal – behind the firewall – networks.

PP: You made a couple of very interesting comments. I’m curious about what it takes from an architectural standpoint to stand up a DNS or DDI solutions that’s tailored for cloud native and dynamic traffic zone environments. Did you reverse engineer from customer pain-points, or did you have a vision of what the future needs to look like? Which came first?

KB: One of our basic values as a business is to understand the problems customers are trying to solve and then apply our expertise to figure out how we can leverage where we sit in the stack to address that problem most effectively. The first several years of our business, much of it was about projecting a vision driven by problems we ourselves had experienced.

First of all, we have this amazing cadre of customers – kind of all the key customers on the internet – that you would want to have to drive this technology. They have the biggest, most at scale, most critical path use-cases on the planet. So, our job was to find out what kind of problems they were having and what new trends were driving the way they invest in their application architectures and infrastructures. We took those answers and asked ourselves: how do we help them move forward on the path they want to be on as opposed to working from behind?

The other thing you touched on is the question: how hard is it for these organizations to drive toward this cloud native approach to DNS and DDI and application traffic? And actually, the short answer is that it’s not as difficult as you would think. Especially with the kinds of modern cloud native capabilities that NS1’s platform provides.

The common characteristic of our customers is that they simply must achieve the velocity that NS1’s next-gen tech is enabling. To get there, the very first step is to use us, not in a different way than they’ve used their previous vendors but just to transition their domain infrastructure over to our footprint so that they have access to the automation of intelligence capabilities. And then, they start to really rapidly adopt more strategic use cases across their application when they’re ready to move ahead. Over time technology unlocks a lot of velocity, and it becomes ingrained in how our customers, like say, Salesforce, build their application infrastructure and operate it. But it’s definitely not just a rip-out-and-replace type of operation where the value stops there.

PP: While your platform is well suited for massive traffic zones and large enterprises, it would be great to hear your thoughts on the SMB space.

KB: Our job is to build the most advanced application traffic technology to meet the use cases of the biggest enterprises and tech companies in the world. However, another core value on the technology side for us at NS1 is to make these sophisticated technologies approachable and easy to use because not everybody in the world is Facebook or Google, so we don’t all have teams of 200 people who are thinking about this stuff all the time.

And a really great example here is DNSSEC. So DNSSEC, security extensions to the DNS protocol, are incredibly relevant in 2019 because of real serious active attacks against the domain infrastructure of many, many enterprises and governments. You know, Talos at Cisco has put out reports this year, Department of Homeland Security has put out reports, and other global organizations have put out reports about serious, at-scale hijacking of major public company and government domains. So this is happening. DNSSEC is the basic solution in the ecosystem to prevent these sorts of attacks from being successful. The reason DNSSEC hasn’t seen much adoption historically is it’s hard, right. It’s error prone. We make it easy and foolproof. It can be enabled with one click.

PP: That mindset is very refreshing. I like the word that you used – “approachable” – because one criticism I think we hear as security practitioners is that we create this fear factor and overcomplicate to the point our customers don’t understand what we’re advocating. So, I like this idea of simplifying and abstracting the complexity.

KB: The reality is that the best practices in this space are well understood: sign your zones to prevent hijacking, and implement redundancy for your domains so that if there’s a big DDoS attack your domains stay online.

Given that those best practices are understood, what we don’t need to do is expose customers to a gigantic laundry list of features and functionality. What we really need to do is make those best practices easy. Those same best practices apply whether you’re Cisco or whether you’re a little auto shop down the block.

PP: You mentioned Cisco. We have strategically committed to this space and own best in class technologies such as Umbrella and SD-WAN. In my view, there is a lot in common between our vision and your future of network and application traffic stack. So, I would love to hear your take on the potential opportunities that we can pursue together both near term and long term.
KB: Maybe one of the most important things is that we come right up against the edges of each other’s technology areas without a ton of overlap. It’s a super tight alliance.
PP: It’s like a Goldilocks zone.

KB: Exactly. So, at NS1 we’re very application-centric. We work with the world’s biggest enterprises and tech companies to put their applications on the internet or on the network, enable management of those resources, make the best use of those resources, drive efficiency, user experience, security. But then at Cisco, with Umbrella in, and the recursive DNS selection there, this is all about securing and optimizing the access side. And so, this is perfect for us.

Really, we’re taking the two absolute best in class technologies in each of these areas: Umbrella on the access and endpoint security side, NS1 on the application and traffic side. We’re putting them together and spanning that horizontal footprint with depth. So that’s super exciting to me. That’s our area of deepest engagement with Cisco today. It’s possible for customers to replace their entire existing legacy DDI and end point security footprint with that combination of NS1 and Cisco Umbrella, which is a huge market opportunity for both sides. So, that’s exciting.

Viptela and SD-WAN is another one to touch on. The purpose of SD-WAN is a little different than securing access. It’s optimizing access to key applications on the internet. Well, guess what? NS1 is responsible for many, many of the key applications that every enterprise is interacting with on the internet every day, like LinkedIn, Dropbox, and Salesforce.

You know, we can enhance access for NS1 and Viptela’s mutual customers by enhancing each other’s data sets for making security decisions and so on. And then, there’s other security stuff especially in the application and firewalling side.
There’s just tons of complementary solutions up and down the stack between Cisco and NS1. This is driven by Cisco’s reach fully across the networking stack and every enterprise in the world and NS1’s ability to span all the way from the outermost cloud resources of the enterprises to the guts of their network infrastructure as well as our visibility into their inner networking footprint. There are just so many different angles for us to pursue.

PP: Final question: What has been your experience working with Cisco Investments, and what are your expectations going forward?

KB: A couple of thoughts on this. First, we are not having surface-level conversations, but deep conversations about how we can help customers succeed, our shared vision and our complementary technology. That matters a lot – that’s a huge driver. Our ability to work with market leaders, and the interest we are already getting from Cisco customers and channel – that is a big part of our rationale for wanting to work with Cisco. We can all help one another while helping our customers. It’s super, super important.

Over the next year, we have a set of priorities as an organization to invest really aggressively certainly in our technology stack, in strategic alignment with Cisco, in and around these different areas that we talked about, in alignment with the go to market organization. What’s super important is guidance. Obviously, we’re off to a good start.

I whole heartedly agree, and I’m excited at the prospect of what we can accomplish together. Want to learn more about NS1? Check out Kris’s blog here!

 

About the author: 

Prasad Parthasarathi joined Cisco Investments in 2015 to focus on acquisitions, investments and inorganic strategy in the Security space. Prior to Cisco, Prasad worked in HP’s Corporate Development group where he evaluated and led a variety of transactions including acquisitions, divestitures, IP licensing, joint ventures and equity investments across Security, Enterprise Software and IT Services. Prasad joined HP from EDS Corporate Development, where he executed acquisitions in the Consulting & Systems Integration space and was a key member of the deal team that advised the EDS leadership on its $14B sale to HP. Prior to HP / EDS, Prasad held positions in Business Strategy and Corporate Finance in Singapore and India.

Contact Us