Knocknoc: Opening the Door with Dynamic Access Control

We are excited to announce our investment in Knocknoc, a fast growing just-in-time access company that makes it easy to secure access to applications and devices. Most enterprises have trouble protecting all of their apps using traditional VPNs and privileged access solutions, and find legacy approaches too cumbersome to provision in rapidly changing environments.

Knocknoc offers a simple and flexible approach that seamlessly combines identity and network policy, enabling dynamic allowlisting of users to apps without slowing them down. It is used by several large enterprises today including large telcos, media companies, and government agencies around the world.

Knocknoc was founded by Dave Kempe and Andy Foster, who teamed up with cybersecurity veteran Adam Pointon after catching the attention of Risky Biz founder Pat Gray (who recently joined Decibel as a Founder Advisor). You can hear Pat dive into Knocknoc with Adam on his podcast here. We spoke with the founders about their journey in our Founder Q&A:

What is the founding story of Knocknoc - how did the team eventually come together?

Knocknoc was initially built to solve a secure network access problem for a very large broadcaster in Australia. They needed low-latency and high-bandwidth connections for crews in the field, and VPNs weren't cutting it. We realised dynamic IP allowlisting would solve the problem so we built a network connection allowlisting solution that only lets users get an IP connection to an application or device once they've signed in via their identity provider. Users just hit their Knocknoc page, hit "sign in", and their IP is added to an allowlist on their company's firewall. It works for any protocol, any port. It's simple but effective. It ran in a few customer environments and we started to gain word of mouth awareness. In early 2024 we approached Pat Gray (founder of Risky Biz) who inspired us to create a scalable product we could sell to anyone. We found a lot of prospects around the world needed to solve this problem urgently and decided to take on investment to grow.

Why is Knocknoc finding success today? Where do you fit in the security landscape?

The core problem we solve is that there's just too much vulnerable “crap” on the internet. Too many systems are always accessible, even without authentication, when they don't need to be. Organizations already have the building blocks they need to solve this problem and spend a fortune on stuff like Okta and Palo Alto Networks firewalls, but those two worlds don’t talk to each other. Before Knocknoc nobody had glued identity and network policy pieces together, which is what we've done. We've built an access solution that gives customers an easy way to do IP-based controls, and also enforce higher levels of security assurance for web applications and high risk protocols like SSH and RDP. We do that piece with an Identity Aware Proxy (IAP) component we've developed.

A solution like this hasn't come along until now because enterprises have been trying to patch their way out of trouble when it comes to vulnerable devices and applications. We now know that's just not enough and some sort of dynamic access restriction like this, that doesn't get in the way of legitimate users, is something organizations need to do as well as managing vulnerabilities.

A lot of vendors have tried to solve this problem previously - what makes Knocknoc unique?

Our simplicity and flexibility makes us unique. We don’t need users to install new endpoint software on their laptops. We don’t need to route traffic through some sort of "magic cloud". Customers can spin up Knocknoc with no major architecture changes or investments because it works with what they already own. This is a huge deal for security teams that want fast time to value.

Knocknoc’s flexibility also brings joy to security operators which is hard to find in security products. You really can do whatever you want with it. We have some customers using it to run custom scripts to do things like turn wireless interfaces and IoT devices on or off. There are even party trick possibilities like turning on your coffee machine!

Who were your early design partners? What are their use cases?

We have many large customers as early adopters and design partners, and their use cases vary a lot:

• A large broadcaster needed low-latency, clientless access from iPads across Australia
• A major telco that needed to protect high-value, low-latency video feeds. They used Knocknoc to cover their SSH, remote access, and semi-public dashboards
• A critical infrastructure operator that needed better control of a heavily segmented, protected environment
• A government agency need fine grained access control of SSH in an IPv6-heavy environment
• A large enterprise that needed HTTP/IP attribution for users in emerging markets

A lot of our customers deploy Knocknoc to solve an immediate use case and then roll it out to other systems as there are near endless possibilities. Many design partners start with something boring then realise we can solve a curlier, more exotic problem that they'd previously thrown in the “too hard” basket.

What is your vision for what Knocknoc can become?

We imagine a future where systems are simply more self-defending: they only become reachable by, and for, verified users. Every access is attributed. Attackers can't see targets, let alone compromise them. Trust becomes granular and dynamic. If anything feels off, systems auto-hide, boundaries reappear, and attackers or compromised users are shut out. Our vision is that security adapts in real time, and we are excited to make this a possibility.