Summary7 min read

Risky Bulletin: "Knocknoc built a Greynoise integration"

Podcast: Risky Bulletin (Risky Business Media)
Date: May 10, 2026
Host: Patrick Gray
Guest: Adam Poynton, CEO of Knock Knock

Episode Overview

This sponsored episode centers on Knock Knock’s new integration with Gray Noise, a cybersecurity service that identifies potentially malicious ("naughty") IP addresses. Host Patrick Gray and Knock Knock CEO Adam Poynton discuss how this integration enhances secure, just-in-time user access by ensuring that only non-blacklisted IPs are allowed. The conversation also covers shifting industry attitudes toward old-school network perimeter security in the AI age, user experiences with the new feature, and why fundamental controls are having a resurgence.

Key Discussion Points & Insights

1. What Is Knock Knock? (00:00–02:00)

Knock Knock: A platform that orchestrates firewalls to provide "just-in-time" access to network assets, based on users' SSO (Single Sign-On) authentication.
- Users log in with their SSO (Okta, Entra, etc.), access the Knock Knock web app, press a button, and their IP is temporarily allow-listed on firewalls.
  
  "If you have some awful vuln-riddled box sitting at the edge of your network ... you could put that behind a firewall ... Knock Knock goes and orchestrates firewalls such that that user and only that user ... can connect to that device."
  — Patrick Gray (00:33)
- This reduces exposure to internet attacks, which are especially relevant given AI-enabled threat actors.
  
  "Now that AI enabled hacking means that basically anything left at the perimeter is going to get rinsed ... It's definitely going to get owned."
  — Patrick Gray (01:14)

2. Introducing the Gray Noise Integration (02:00–03:40)

Problem: Allow-listing users can backfire if their source IP is from a compromised or suspicious network.
- Example: A legitimate user logs in from a “dodgy” VPN or insecure corporate network.
Solution: Knock Knock now integrates with Gray Noise to check IP addresses before adding them to firewall allow-lists.
- Gray Noise acts as a "naughty-or-nice" tracker for IPs.
  
  "Now before you add an IP to an allow list, you can check it in Gray Noise to see if it's good or bad."
  — Patrick Gray (01:40)
Why Not Block All Bad IPs Directly?
- The Gray Noise bad IP list is huge and ever-changing, so real-time bulk blocking isn’t feasible.
- Knock Knock’s allow-list process makes it practical by only checking relevant users at access time.
  
  "It's just not feasible to do real time, you know, ingress filtering ... But what I like about this is if you apply Knock Knock to assets at the edge ... you can actually Gray Noise filter everything by taking the allow list approach."
  — Patrick Gray (02:36)

3. Dynamic Threat Filtering and User Experience (03:11–04:00)

The integration makes allow-list decisions dynamic, tied not just to an IP, but also to identified users and their access context.
- If a user’s IP is deemed malicious, decision-making can surface directly in Knock Knock:
  
  "Some of that decisioning can then happen in Knock Knock as opposed to it just being, you know, my users can't connect ... Gray Noise makes that dynamic and then Knock Knock links it to the user so it's even more dynamic."
  — Adam Poynton (03:11)
Instead of blunt denials or silent failures, users can receive feedback:
- Temporary, time-bound access or notifications to contact support if their IP is flagged.
  
  "You can only get access to this resource for 10 minutes because you're coming from a bad place, or please contact support. We'll have to work something out ..."
  — Patrick Gray (03:38) "Rather than a timeout, it's a message. Say, you know, contact your admin. Something's not quite right here. So far better user experience ..."
  — Adam Poynton (03:51)

4. Dogfooding and Real-World Impact (04:01–05:24)

The Knock Knock team has been testing (“dogfooding”) the new integration internally.
- It immediately caught an internal staff member coming in from a flagged VPN IP.
  
  "It actually got one of your own staff pretty quick ... He was using one of the various VPN systems, connecting from different locations to test things out ... and Gray Noise blocked him ... It was great to just actually see it."
  — Patrick Gray & Adam Poynton (04:01–04:44)
- Demonstrates practical value and real-time detection.

5. Customer Reactions and Market Education (05:24–06:33)

Early adopter feedback depends on familiarity with Gray Noise:
- Gray Noise-savvy prospects: Enthusiastic about new coverage areas.
  
  "...They've actually been, oh, wow, I can now use Gray Noise in more places than I could today."
  — Adam Poynton (05:47)
- Newcomers: Curious, but need more education on the value.
  
  For people who know Gray Noise, it's like, ‘Oh my God, now I can stick it in other places.’ And for people who don't know Gray Noise, they're like, ‘Oh, okay, that's nice.’"
  — Patrick Gray (06:18)

6. Changing Threat Landscape & Demand Drivers (06:33–10:02)

Surge in interest attributed to the rise of “agentic AI-based” hacking—automated, AI-driven adversaries ('Infinity Script Kiddies').
- Organizations previously complacent about perimeter exposure are now reconsidering fundamental controls.
  
  "It's this agentic AI based, offensive like hacking stuff that has got them looking at controls like this. ... Infinity Script Kitties seems to be driving a fair bit of demand for some fundamental controls like knock knock ..."
  — Patrick Gray (06:46)
- "Infinity Script Kiddies" is Patrick’s term for self-driven, massively scalable AI attackers.
  
  "'Infinity Script Kiddies is a good one actually. I quite like that.'"
  — Adam Poynton (07:25)
Patching and security operational challenges:
- Ongoing struggle between frequent patching ("patch daily") urged by government and stability issues with vendor updates.
- Risks of zero-day attacks and patch timing (“quantum patching”).
  
  "Quantum patching, yeah. Patch. Yeah. Historically, in the future, whilst waiting."
  — Adam Poynton (08:25)
Renewed value in “boring” preventive fundamentals:
- Instead of “fighting rain with lasers,” just use an umbrella—i.e., use simple, proven security measures.
  
  "You know, it's raining outside and we're going to fight AI with AI and it's like ... No, no, just get an umbrella ... that like boring, clunky, mechanical, just, it's raining, get an umbrella, keep moving ... going back to the roots of what foundationally worked, but modernizing it ... is definitely got a second wind."
  — Adam Poynton (09:21)

Notable Quotes & Memorable Moments

On the Security Challenge:

"AI enabled hacking means that basically anything left at the perimeter is going to get rinsed ... It's definitely going to get owned."
— Patrick Gray (01:14)
On Gray Noise’s Role:

"They're Santa Claus, right? For IPs, they're tracking which IPs are naughty and which ones are nice."
— Patrick Gray (01:36)
On Customer Excitement:

"If they know of Gray Noise, they understand the problem. So, yeah, they're pretty excited actually to deploy it in different places they couldn't today."
— Adam Poynton (05:47)
On “Infinity Script Kiddies”:

"Infinity Script Kitties seems to be driving a fair bit of demand for some fundamental controls like knock knock at the moment."
— Patrick Gray (06:46)
On Security Fundamentals:

"No, no, just get an umbrella. Let's just have an umbrella ... going back to the roots of what foundationally worked, but modernizing it, tying it to single sign on, etc, etc is definitely got a second win."
— Adam Poynton (09:21)

Timestamps for Important Segments

00:00–02:00 – Intro to Knock Knock and perimeter security context
02:00–03:40 – Knock Knock’s Gray Noise integration explained
03:40–04:44 – Practical user experience, benefit to user feedback
04:44–05:24 – Dogfooding and real-life effectiveness at Knock Knock
05:24–06:33 – Customer and prospect reactions
06:33–09:21 – Surge in perimeter security interest, roots of infosec, and “Infinity Script Kiddies”
09:21–10:09 – Security “umbrella” metaphor, conclusion

Summary

This episode spotlights how Knock Knock is leveraging Gray Noise to add a dynamic, identity-driven layer to just-in-time firewall access, uniquely addressing the challenge of potentially risky user connections from suspicious sources. The integration is timely given the explosion of automated, AI-driven attacks. Both speakers stress that, while cybersecurity may be chasing flashy technological threats, foundational controls like targeted allow-lists remain essential—and are enjoying renewed interest as a result.

Listeners gain insight into real-world outcomes, customer sentiment, and the broader context of secure access in an AI-saturated threat environment. Even for those new to Gray Noise or just-in-time security, the discussion offers an accessible look at modern network defense.

Loading summary

Transcript29 lines

[00:00]
A
Foreign. And welcome to this sponsored podcast here in the Risky Bulletin podcast feed. My name is Patrick Gray and today we're going to be chatting with Knock Knock. Knock Knock, of course, is a company that, that makes a technology that orchestrates firewalls to provide, just in time, access to users based on their SSO status. Now what does that mean practically? It means that if you have some awful vuln riddled box sitting at the edge of your network, like a VPN box or something like that, and you don't want people to just be able to connect to it because they're going to pop shells in it. You could put that behind a firewall and then when a user wants to connect to it, they log in via sso, okta, entra, whatever. Then they fire up the Knock Knock web app, they press one button and then Knock Knock goes and orchestrates firewalls such that that user and only that user and other authenticated users can connect to to that device. And it does that by adding that user's IP to a temporary allow list. So it's a really good way to reduce exposure to the big bag, big bad Internet. And it's also a technology that is becoming more and more popular. Now that AI enabled hacking means that basically anything left at the perimeter is going to get rinsed. You know, it's just, it's just going to happen. It's gone from. It might get owned and probably will get owned to. It's definitely going to get owned. So yeah, that's Knock knock. Now one thing you might be concerned with though is what if one of your users is logging in from a bad gateway? What if they're logging in from a dodgy ISP because they're on vacation in some dodgy place? You know, what if they are logging in from a large corporate network that is, that is, you know, very insecure and has a lot of compromised devices on it. You don't want to put an IP like that in your allow list. So one way to deal with that is to build an integration which they have for Gray Noise. Gray noise, of course, tracks which I guess they're Santa Claus, right? For IPs, they're tracking which IPs are naughty and which ones are nice. And so now before you add an IP to an allow list, you can check it in Gray Noise to see if it's good or bad. So joining me now is Adam Poynton, who is the chief executive of Knock Knock. Adam, talk us through this gray noise integration. I mean, I pretty much covered it all there, didn't I?
[02:23]
B
Yeah, you covered it. Well, there are circumstances where, you know, one of your legitimate users is using a dodgy VPN or something like that. And gray noise picks that up. Gray noise blocks it. It's best of both worlds.
[02:36]
A
Yeah. And I think the thing with gray noise too is that the data set, it would be great if you could just grab every single bad IP for the gray noise data set and just throw it into your firewalls, but it's like hundreds of thousands of IPs and it's changing all the time. And like, it's just not feasible to do real time, you know, ingress filtering for, you know, to cross match that against the, against the gray noise data set like that. That ain't going to happen. But what I like about this is if you apply Knock knock to assets at the edge of your network, you can actually gray noise filter everything by taking the allow list approach. Which is cool.
[03:11]
B
Yeah. And because you got the user and the identity, you kind of get to say, well, this user and they're in the gray noise bad list. What do we do? Some of that decisioning can then happen in Knock Knock as opposed to it just being, you know, my users can't connect to the service. Why? And it turns out that their IP is in some static list that was updated a long time ago. You know, gray noise makes that dynamic and then Knock knock links it to the user so it's even more dynamic. It's. Yeah, it's a great combination.
[03:38]
A
Yeah. And you can say, well, you can only get access to this resource for 10 minutes because you're coming from a bad place, or please contact support. We'll have to work something out for you or whatever. Right. I guess the point is it's not just like an invisible, oh, it's just not working.
[03:51]
B
That's right. Rather than a timeout, it's a message. Say, you know, contact your admin. Something's not quite right here. So far better user experience than just, you know, frustration.
[04:02]
A
Now you are dogfooding this. This is a new feature. I've also got to disclose too, that I am actually on the board of Knock Knock and I'm a teeny tiny little shareholder of Knock Knock. And, you know, and probably one of the reasons I love this feature so much is that, is that it was kind of my idea. Pushing for it pretty hard. Right. For a while. So it's great to see it in Prod. You've actually rolled it out and you are dogfooding this and what's funny, is it? Actually got one of your own staff pretty quick, right. And you would think if you're working for Knock Knock, you're going to understand, you would think that coming in from a clean IP is going to be a good thing to do. But you know, one of your staffers did something silly.
[04:44]
B
That's right. He was using one of the various VPN systems, connecting from different locations to test things out and then started to access some corporate Knock Knock resources and Gray Noise blocked him. We all got a bunch of alerts, we wondered what was going on and then he sort of came clean. Was like, oh, yeah, that's because I was over here. So it was super effective. It was great to just actually see it. And one of our problems was like, how do we validate this? We had to be known malicious. We had to be in the bad list within Gray Noise. And to kind of have it happen within the first couple of days was super reassuring and really good to see and yeah, a bit of a shame on the guy's face, but it was great, great outcome. Yeah.
[05:25]
A
Yeah. So, I mean, when you've talked to customers about this feature, and I know it's early days, right, but I know you're in some pretty, pretty advanced discussions with a bunch of prospects at the moment, right. And when you've mentioned the Gray Noise thing to them, I mean, is this something that they're really like, oh man, you know, that's amazing, can't wait to do that. Or is it more. This is the sort of thing where you and me, we're going to have to go out and sort of sell the idea. Like, I'm just curious, right? Like, what's the reaction been so far?
[05:47]
B
Well, I think people that are aware of Gray Noise really understand the problem. So they're sort of a little bit like, oh, actually I can tie Gray Noise now to these other assets that I couldn't previously because tying it into an Azure NSG or into something else couldn't really do that easily. So they've actually been, oh, wow, I can now use Gray Noise in more places than I could today. But it's a subset of people that are like, if they know of Gray Noise, they understand the problem. So, yeah, they're pretty excited actually to deploy it in different places they couldn't today.
[06:18]
A
Yeah. So for people who know Gray Noise, it's like, oh my God, now I can stick it in other places. And for people who don't know Gray Noise, they're like, oh, okay, that's nice.
[06:25]
B
Moving on and they're like, oh, Gray Noise. That looks interesting. I'll add it to my list of other things I need to look up. But yeah, those who know Gray Noise light, that's great. I can use that.
[06:34]
A
Yeah. All right, so look, one more thing I want to chat to you about just while we're here is, you know like knock Knock's always done okay. Right.
[06:44]
B
But
[06:46]
A
it's real popular lately in a way that's almost kind of funny because what we've seen is a whole bunch of people who maybe were interested in looking at knock knock and kicking the tires a year ago who just sort of went away and now they're all coming back real keen and they're all saying the same thing, which is that it's this agentic AI based, offensive like hacking stuff that has got them looking at controls like this. Right. So it's like Infinity Script Kitties, which is what I call like agentic hacking. It's Infinity Script Kitties seems to be driving a fair bit of demand for some fundamental controls like knock knock at the moment. I mean, I'm sure you would agree with that. I mean. Well, I know you do because we've talked about it.
[07:25]
B
Yeah, definitely. What's, you know, Infinity Script Kiddies is a good one actually. I quite like that. Add that topic.
[07:31]
A
Yeah, yeah, that's right.
[07:34]
B
But there's always, everyone's always been like, oh yeah, I've got SSH on the net and the naked Internet. Everything else is behind layers. Or I've got, you know, these other services that I'm pretty comfortable with. And then just the wave of O day, the wave of bugs, the wave of Infinity Script Kiddies attacking everything. It's like, yeah, maybe I'm not totally comfortable with those.
[07:53]
A
Maybe I'm not as comfortable as I thought I was with that.
[07:55]
B
Exactly. Yeah, yeah. And then you've got the like government saying patch daily, patch daily, patch daily. And then it's like, okay, patch daily on one hand and then you've got, you know, major vendors releasing server updates that semi brick servers daily.
[08:10]
A
And also as Brad Arkin pointed out last week, wait a week to make sure that there isn't a supply chain problem. So patch simultaneously at a one day and seven day interval.
[08:22]
B
Exactly. Yeah. And then so then it's what do you do?
[08:24]
A
Quantum patching.
[08:25]
B
Quantum patching, yeah. Patch. Yeah. Historically, in the future, whilst waiting. But the simple approach has always been there. Remove the attack surface, don't have the thing on exposed in the first place. So it's like back to those foundational security paradigms of many years ago. But it's infinity script kitties. It's kind of one of the only ways you have to shift to that prevention model. Otherwise there's fires. Yeah, yeah.
[08:49]
A
I mean, but the shift in sentiment around knock Knock has been pretty profound, right? Because I think some people were saying, and it's always had its fans, right? So as I say, it was always doing fine. But you know, I think some people saw it as like old fashioned. Do you know what I mean? Because everyone's like, rah, rah, rah, agentic. Even like through raising, you know, you would have to explain to investors, no, you know, fundamental controls are still going to be important in the age of AI, you know, some might say even more important. And then that's really been found to be true. But like, yeah, the vibe, I guess what I'm saying is the vibe shift here has just been extraordinary.
[09:22]
B
It has. And I described it to somebody yesterday, actually. They said, you know, I said, you know, it's raining outside and, and we're going to fight AI with AI and it's like it's raining and we're going to have these lasers that stop the rain. No, no, just get an umbrella. Let's just have an umbrella. So it's kind of that like boring, clunky, mechanical, just, it's raining, get an umbrella, keep moving. As opposed to, yeah, lasers, you know, preventing rain. You just can't operate like that. So going back to the roots of what foundationally worked, but modernizing it, tying it to single sign on, etc, etc is definitely got a second win. Definitely a lot of interest in deploying it.
[10:02]
A
All right, well, Adam Poynton, great to chat to you, my friend. Congratulations on the new Gray Noise feature and I wish you all the best with it.
[10:10]
B
Thanks, Pat. Thank you for having me,
[10:18]
A
Sam.