DNSFilter + Zorus Roadmap Webinar Q3 2025
Originally recorded on July 24, 2025
[00:00:00] Brett Cheloff: Hello. Hello everyone. We will be getting kicked off here shortly, letting everyone kind of join and get connected, be able to see our pretty faces and our awesome presentation. Hello, Brian. I know you Mr. McCool. I don't think you've ever missed one of these. Michael, happy to have you here.
Gonna give it just about 30 more seconds, then we're gonna kick off. I see a lot of people still joining.
We got some people from Canada. Ryan's in Canada.
Alright, let's get the party started. Okay. Welcome to our quarterly roadmap webinar. This is meant to be every single quarter to give our customer base and community an update on what we're doing here at DNSFilter. This is our first one since the merger of DNSFilter and Zorus. So the teams have come together we're working harmoniously and really knocking things out to bring a lot of value to market for our customer base.
And we wanna share that with you today. So let's dive into our cast of characters. So we have some familiar faces that you, both sides of the house are very well attuned to. So we have Kate Trojanowski, who's Director of Product that came over from Zorus with me. Say Hi Kate.
[00:02:15] Kate Trojanowski: Hey guys.
[00:02:17] Brett Cheloff: And then we have Ryan Poppa, our Senior Director of Product already on the DNSFilter team.
And fantastic member of the team say, hi Ryan.
[00:02:25] Ryan Poppa: Hello.
[00:02:27] Brett Cheloff: And then myself, Brett Cheloff Chief Product Officer here at DNSFilter as we move forward and make very cool product for the market and be able to share that with all of you. So let's get into our agenda. Alright, so we're gonna go over some upcoming events so you know where we're gonna be.
Each quarter I'll show you kinda the shows that we're at and we would love to meet you guys in person and have chats around product and really be able to help us craft our roadmap and our future together. I'm gonna give you a quick company update and kind of product themes that we'll go over. Since the acquisition, what is our focus and how are we applying that to the product?
And then in the traditional format of these quarterly webinars, we really want to show transparency of exactly what we're doing. Get your voice heard into it, and so on. We definitely believe in making value that changes and impacts your business and your company from a security standpoint, and we want to make sure that it is being ingested heard and used.
And so this is that layer for you. So we'll go into what we've recently released just in case you missed it. I know we do the email blast and the release notes and stuff, but we want to go over that for you as well as what we're currently working on. And then what's next after that? Going forward and then we'll go into a live Q&A.
So I'll be MCing that, be able to ask us anything you want and we'll be able to get to as many as we can until kind of time's up. If we can't get to your question, we'll make sure that we ping you directly through email to answer your question just in case there's a lot. So let's get into our upcoming events, a couple shows coming up that we'll be at.
So stop by the booth, say hi to the members of the team that will be there and, give us your feedback and your love. So we'll be at Channel Con in Nashville. It looks like it's gonna be next week, and then in a couple weeks we'll be at Black Hat out in Vegas. That should be a fun one. A lot of us will be there at Black Hat.
So come check us out. And then Vision 25 in Dallas. Week after the about two weeks after that. So would love to see you at any of these shows and we'll keep you updated on other shows. We also have on our website, all the shows that we'll be at as well, just in case you're going to one and wanna see what's going on with us and touching base.
For a quick company update post merger, right? Everyone gets really nervous. Oh, company's coming together. What does that mean for the roadmap? How are we, kinda affecting all of that? Really the big areas here that we put a lot of investment into coming together between DNSFilter and zuru is very much making sure from a support standpoint and a product engineering standpoint, we are stellar.
So we invested pretty heavy in, into support and making sure that we are extremely responsive. We're working on our CSAT scores going up and just making sure it's an absolute pleasure every single time you contact us through support and that we're knowledgeable, we're helping you solve the problem and not just try to fix the issue.
And really impact your business and the tasks at hand that you have. We know that it's important to be very responsive from the standpoint of if you are having an issue. And that's what we strive. So if you are working with our support team and you love your experience, please, hit the feedback button.
Give us your feedback. If you're having a poor experience, we want to hear that too. We're striving to be amazing at support. And then on the product engineering side, it's very much of, we're in a very competitive heating up market, and we really want to provide an expanded product value. To our customer base, knowing that when you're using our product, it's not just the product that you get today, it's the product that you get tomorrow.
And that's what we're trying to make sure that we're educating everyone on and being able to show you what that innovation looks like and what you'll be able to use in the future. As well as just be very community involved. Meaning we want to talk to you, we understand that you have a hundred things in your life and we wanna make sure that we're solving the piece that we solve for you perfectly.
And we also want you to be heard during that, so that way you can talk to us directly as product leaders at DNSFilter and potentially impact what we do and help us steer the ship. We're gonna be very transparent with that and working through it. So that's that piece. Then as far as product themes and what we're gonna be going over and what our current focus is, this will change as we evolve and move forward.
You'll see that throughout every single quarterly roadmap webinar we come through. But for this one, our themes around our vision of protecting every click and ensuring that anyone using our product is protected from a user standpoint. Clicking on bad links, clicking on anything that might be malicious and so on.
So those areas right now are ease of doing business. Connect on your terms, zuru Yuba or end user behavioral analytics which we refer to as cyber Site as we get through that in our presentation here, as well as modernize our platform and ensure future stability and scalability worldwide.
Knowing that people are traveling all over, we have to keep them protected no matter where they go. So what does ease of doing business mean? That really is about onboarding experience, your ability to deploy our product, your ability to consume and understand your licensing, your ability to just work with our product in such a nice and elegant way that it just feels pleasurable, being able to go through any and every aspect of it.
We're starting focused on understanding licensing and licensing models for you to make it easier to consume and understand your bill and so on going forward. We'll talk about that in a bit. And then we're gonna move on from there as far as like your ability to deploy easier and so on. As far as connecting on your own terms, this is being able to be anywhere and everywhere, dependent on if you have an agent, you don't have an agent, you need relays, you need any clientless style filtering and so on.
We want to ensure that all traffic and any traffic can be scanned and ensure that it's safe and secure. Zora Yuba around cyber site. This is the vision of being able to protect users that are using their device and ensuring that their behavior is appropriate or it's actually them. So the vision here around end user behavioral analytics is being able to say, Hey, we can fingerprint how Kate uses her computer versus how Ryan uses his computer, how I use my computer.
And if that starts to deviate, we'll be able to lock that device down as though that they might be compromised or start an insider threat issue. So we really want to get in front of that, especially with gen ai, et cetera. Going out there where people can't even trust their Zoom videos anymore.
Ensuring that we're protecting users using their devices even privileged access users using their devices. And then as far as the modern platform, it's very straightforward. We need to ensure that our platform and our product is always up. It is always working, it is always protecting, and it's doing that in a very scalable, fast manner.
We know that DNSFiltering in general is very sensitive because if DNS were to blip in any way, you're not getting internet. So we wanna make sure that is always safe and secure and up. So that's where our investment is going. And with that, I'm gonna hand it over to our awesome product managers to go over what we have recently released and et cetera.
[00:10:18] Kate Trojanowski: All right, I'm up. So if you're a Zuro partner, you've probably seen a similar image to what you have on the screen here. Generally we would do recently released now and next a DNSFilter. That would be a much longer list. So we've instead broke it up and split it by those themes that Brett just talked about.
So you'll see this coming from us quarterly. This is our first one in the merger, but we are scheduled with marketing to do it every quarter. Moving forward, if your DNSFilter partner, you're probably familiar, hopefully with canny can, is gonna get updated. And managed a lot more intentionally here in the next couple weeks.
This is not uncanny yet to show the accurate depiction of what we're showing here, so I just wanna call that out. But do know it is going to get a revamp and we are going to be much better about keeping you informed. And so you can even be ahead when we come onto these calls. Here on this view, you'll see, GA versus beta and when those items went out, and I'm not gonna stay up here much longer 'cause we're gonna dive into the key highlights of this one by one show you what it looks like.
We're starting it off with Zora and some of you don't have zoros, but you still wanna pay attention because anything in Zoros is intended to become a DNSFilter feature. Later. So things you see here that maybe give you some excitement, it will come into the DNSFilter platform too. So not a waste of time to pay attention.
So first up we have introduced the full URL filtering in the browsers, so you can go beyond DNS. We did that earlier in 2024. That can be a little disruptive. When you're looking at the full path of every single page somebody goes to you can get a lot more blocks and noise than you would at the DNS level.
And so some people are gung-ho about having that more granular security and managing it. But other people were like, can I just get ip? Because it does offer IP protection in the browser too. If they were to go directly to an IP or click a phishing link from an email we would be filtering that with our.
Browser extension piece of the product. So what we did in Q2 is we split that so that you can choose if you want both or one, and pick those level of securities where the IP is a little less invasive than the full URL, just depending on the type of environment and your needs. Next, schedule, timeline, activity, logs.
So we have a pretty good start on a report scheduling engine with a variety of different templated reports. So this was just a next set piece of we developed a screen. Now you want the data, you can export it. Now you can export it. Can I schedule it on a run? We've had some people do some really cool things with these CSV logs and they.
Kind of pushed on us. If I could schedule this, I can automate the whole function to go grab the CSV, put the data in their BI tool and get these other metrics or these businesses. And so that is in there now and it really cool to see the different like ways people have used this and excited to maybe bring some of those into the product in the future as well.
Then we have networks. So Zuru has offered network protection for some time but with the merger we have moved to have them powered by DNSFilters, threat engine. So that went live back in June and it added a not only the robustness of the DNSFilter backend to power this, but we also were able to bring it up to a global layer.
Previously, our network solution, you had to dig into each customer one by one to go set up and manage networks and see the traffic. So just like we did. The global endpoints which DNS side would call that the roaming clients. We were able to get the networks into the same global view when we moved it to DNSFilter.
And what I think is really cool to point out about this is it's literally integrated and connected with DNSFilter. So when you make these networks, it goes to a secure portal on the DNSFilter side, and it's set up like using their exact setup that they have in their dashboard. And so what's also cool about this is when RIS ends up migrating into one experience, one company, one product.
If you're using networks, you'll already be using networks and you're just. Transitioning over the endpoint roaming client experience. So it gets you half the way there and we're very excited to see that out the door. Next. This is a smaller win, but I think it's really useful. Flexible time filters.
So both for endpoint and our network logs, you can pick customer endpoint date range and then you can narrow that down. So we've had these time selectors in zuru before for the single day. So if I was on July 23rd, I could go to eight 15 for example. But when you went multi-day, it ignored that.
And so we've had people say, I only wanna look at eight to six, but each day. So we've changed the way the filtering works so that it's being more dynamic to, do you want it just during this time block for all these days you selected, or do you want it all day for that full range? That was actually a partner feedback item.
Thanks for our partner. I think it was Phil that gave us that, and now it's in the product. And now I think that is the end of Zuru items for Q2 that we're significant. And now we're in DNSFilter land. So since the merger Yes. Who took over roaming clients? Me. So first up we have Chrome. What's, if you're a Zoa side guy, I'm gonna keep saying that a lot, I think for this quarter.
But it'll smooth out here as we keep moving. DNSFilter offers a lot more agents than just Windows and Mac. They have a Chrome agent for Chromebooks. They have an iOS agent that can get the iPads, Android, et cetera. Super exciting. In Q2, we've done a ton of work on our roaming clients to really get them to the next level of architecture and chrome or code, and some of that is.
Based on requirements by the vendor in this case, Google. They deprecated manifest V two. So we had to move to V three. But it's good to stay up to date with the technologies. So this is in beta now, and it also introduces the DOH support. If you're a Chromebook user, you can sign up for the beta by just emailing support.
They'll turn a feature flag on for you. And then you can take the steps to get this DOH template that is required by man manifest V three and get that running. The deadline to switch from V two to V three is August 19th. So if you are a Chromebook user, you will see this exit beta here very soon.
We're July's coming to an end, right? So this is gonna come out the door and it does. Require manual intervention by you to keep filtering. Next we have the Mac Os. These are KB articles just to point the differences of what's happened between our one X agent and our two X agent. Previously, the one X agent used DNS loop back to intercept the DNS queries to then do the filtering that has.
Been a method that Apple's largely been moving away from, and now they're pushing everybody to the system extension, network extension framework. So our two X agent that went out in May is using those methodologies. That's the go forward way for Apple. And the best way for managing those devices as an IT provider through those MDM solutions, it does unfortunately require MDM.
We get a lot of tickets like, can I use my RMM? No, you have to use an MDM if you don't have one, invest in one. We can give you tips on the ones we've seen that work really well. It's not us, it's Apple. We're working in their parameters. But the agent it's. Up and running and move to this new technology that's gonna open more possibilities for us down the road to evolve it and just make it a really great stable product.
VPN. VPNI have a love hate relationship with them. So VPN we spent some time, and this was on our window side, we're gonna do a, an effort on the Mac side to, to acquire these VPN tools that we're seeing our customers use. Download 'em, see where there are or aren't conflicts, and then document any configuration steps to make sure that both applications can run smoothly on a device.
So what we have listed on the screen is the ones that we vetted and researched and set up, and no work. That doesn't mean other ones don't work, we just, we don't have access to all of them. We did send out a survey recently to. Get a fuller list of VPNs. I'll say to maybe add to this list, but if you see one not here, or you're having trouble with one, just send us a ticket and we'll see what we can do.
It can be challenging on this front or we have to get the software, but we can work together to make sure our applications are harmonious. And then also on the window side again. Connection IPV six. It's been a longstanding request on the DNSFilter side for some time. So IPV six, arm 64 build.
These are in our beta. It's, which originally went out in May, and then it got another update in beta a couple weeks ago here in July. So the biggest thing there is the IPV six support. But we also have this new function called the self-healing automated monitoring. So it's actually looking at. The service on the device and making sure it's running properly.
And anytime some kind of blip happens for whatever reason it will try to self-repair it so that you're not losing access to the internet when you switch networks or hit a captive portal, et cetera. So really a great step forward in trying to be connected all the time and not having to have manual user intervention to fix a DNS issue, as we know can be not our favorite times.
So this is here to just self do it and really excited to see this keep moving out the door and evolve from here. And now I'm gonna hand it over to Ryan to tell you about some other items we have for you.
[00:22:28] Ryan Poppa: Thanks Kate. Looks like it's my turn now. So this is actually two different things in one, and I'll break this up into two.
So one of the things that has been a common ask of us for a while is that if you are a multi-tenant user, or you're an MSP, trying to monitor or manage a whole bunch of organizations that are underneath you, you had to go into each and every single organization to manage individual sites. So if you had organization A, I had to manage organization A by going into it, looking at their sites, then pivoting to B, then pivoting to C, which meant that A, you had to remember where all the sites were, which can be challenging depending on how you named your sites.
And B, you had to go pivot and pivot through. So one of the major things that we released, it just went out a couple weeks ago, is the ability to do site support for multi-tenants. So there's a single page in your MSP view, you can go to the site view and it will return every single site. That is under each and every single organization you have.
You can filter, you can search, you can basically delineate between whether or not the site is protected or not and be able to manage, control and change your sites in any way across any different organization that you actually have. So in this example, you can see in the screenshot, there's two different organizations here.
'cause I'm looking for the word insights. Again, we are able to really quickly and really simply see that in a way that makes sense. On top of that for those single org users as well. You can also see that there's a whole bunch of other things that you can see in terms of underlying columns. You can edit these views.
So this is what we show you. By default. You'll see status, you'll see IP hosting, you'll see organization, but you can go into your preferences and actually edit this in any way that makes sense. So if you have individual users in your organizations who need to see very specific things, if you want to see a different set of columns or views within your world, 'cause that's what's most important for you, these columns are set on a per user basis.
And so as you make changes, this is the view that you see personalized for you in whatever way that makes sense. On top of that, with a screenshot on the bottom right hand corner, which is something that we didn't never did, but now we have. Is that if you have a whole ton of sites, let's say you're managing 10, 20, 50, 100, 200 a million, depending on who you are you can now search for ips or host names through that list.
And so if you're trying to answer the question, am I pointing my traffic to Dinas filter from an individual site or from this IP address, you can just type in, the field itself, enter an IP address, whether it's short form, or you can type the whole thing if you want to, and the field itself, or the results will filter down to the results that actually matter to.
So really quick, really easy, pretty common requests from some of our larger customers, but you now you have the ability to do that in whatever way That makes sense. Next slide, please, kid. On top of that if you are a sales managed account, you now can actually set user allocation if you are an MSP.
So if you went through sales, you made a purchase, you bought a whole bunch of licenses across, and you wanna be able to allocate those across the organizations that you acquire or that are doing business with you you can now manage it in a single view that we call subscriptions in the UI under MSP.
And so this will show you a few things. One, it will show you what organizations that you have underneath you. It'll show you how many licenses that you have allocated to each organization. So as you see in this example, you have one that has one, you have another one that has six, five licenses, as well as the different license types that come behind it, whether or not they're a roaming client or not, whether or not you have network devices and what's pointing to you, as well as the overall, what we call recommended licenses, which is this is what we think the user or the organization is doing.
And this the recommendation, li recommended licenses. I'm having, trouble speaking sometimes to do what you actually need to go do. So if you want to be able to edit these numbers, be able to change these numbers, be able to allocate new licenses to your users or your accounts in a way that actually makes sense, you're able to do that based on plan type or allocation itself.
And at the top you can see how many licenses you have overall and how many that we think you're over for individual type
on top of this. Now, you also can display. We also have the ability to display what we call accurate licensing and usage details. And so this is all about providing visibility to you as an organization or as an MSP in terms of, what do we actually think you're actually using. We want to be able to show that to you.
Like you've purchased 10 licenses, are you actually using 10 licenses? We leverage, what we actually have in our license agreements. We'll show you how many users that you actually are licensed for, how many we think that you're actually being using tied to them of requires per day, or the number of roaming clients you actually have.
And it gives you the capability to be able to edit and monitor and change in whatever way that actually makes sense. So you can see what's here, the terms that you're at, you can make the changes that you actually need and the underlying cost that's actually behind it. So if you wanna see really quickly, what you have, what's being used, what it's actually costing, and you wanna make changes, you can do that directly through the ui.
Next slide, please. Kay.
[00:27:30] Kate Trojanowski: All right. In the works. So I'll take it back over here for a minute. We have a lot of things in the works. So this is actually a fuller list that we broke down and in the works and on the horizon, and then there's even more on the horizon after that. But that's why we meet quarterly so we can keep up to speed with how things are going and all the moving pieces.
So with that, we're gonna dive in to what's coming soon on the Windows agent, which is DNS precheck for Windows. This is the value prop Zuru had against DNSFilter of how we intercept traffic before it ever leaves the device. You don't have to change DNS at all, which helps with traveling user conflicts first and foremost.
It gives you a different layer of security. So I have a list of those benefits here on the next slide, but we try to just picture that for you in this diagram where Zora intercepts the traffic is before the resolver. So DNSFilter has done the traditional method where you have to update the resolvers to route the traffic through them to do the filtering.
Zoros actually captured it pre DNS. To inspect it, right? So this is that value prop that we're gonna bring into DNSFilter and then give you the option to choose which method or combo of methods that you wanna use, which I'll show you in a second. So again, some of the benefits of that are, you don't have to change the DNS.
So it's one less thing to manage and make sure it's working. Or if you're changing some technology or re-imaging a machine, you don't have to remember to worry about DNS 'cause you didn't change it in the first place. Or you can use your own DNS, right? We're we'll still filter within the parameters of, I'm, I wanna use this local DNS that I own all the data for, and now we can filter in those scenarios.
What's really cool about the pre part is it means you're intercepting before it leaves the device. So if there's bad traffic, it never leaves the machine, it never hits your network, it doesn't have the potential to sprawl elsewhere, right? You nipped it right in the bud. That I think is a really cool way of looking at DNS.
And then there's other benefits where you don't have as many connection challenges. Captive portals is always the favorite one. We've made a ton of progress on that being super stable with DNSFilter, how it is. This is just gonna. Bring it home a step further. VPNs, local domains, you don't have to configure those to work.
It just is moving, so you stop the extra configuration there. Lots of benefits and options here, and we're gonna give you those options to choose. So what you're gonna see when this releases, which it's currently targeted for our 3.0 agent which should be out in August, is we set up this new option at the org level for your roaming client deployments, where you have this connection and filtering mode and.
This can get complicated. So we were like, let's just give 'em two different options. Do you want the standard recommended option that's gonna be the pre-check that's more compatible in most environments or do you want a more strict configuration where it runs through the DNSFilter Resolver which is more locked down in that you own the data through the dashboard and it coming through?
It plays better with zero Trust. VPNs. Zora does work with traditional VPNs very well, but the zero trust ones can sometimes be a struggle where DNSFilter works with those zero trust ones. And then you have standard fail open, strict, fail close. Sometimes you wanna control that narrative too.
So we have a custom option where you'll be able to. Actually pinpoint the exact different ways that you want to filter and connect and fail open if you don't want us to pick for you, right? You're, you guys run it shops, you know what you're doing. You're probably like, I wanna change this. So we're giving you those controls too.
Another benefit of just while we're in here, right? That's org level, that's gonna impact all your endpoints. We're also gonna be adding it into the grid for these bulk selections, single roaming client overrides so that you can start. Picking and choosing based on maybe a scenario of a particular user or a particular group of people.
And you'll notice we've added some other things in there that have been smaller feature requests of being able to enable or disable a device or set a log level or set whether you're getting automatic updates or not at the individual level. Those all won't come at once, but the concept of with precheck giving those options, we're also looking at all the other ones that you've brought to us in canny or to your success team manager to support.
So that's DNS pre-check and I'll hand it back to Ryan for the policy ui.
[00:33:17] Ryan Poppa: Thank you. This is gonna be a little bit of a smaller update than the site side. We have refreshed the policy page and it's something that we are gonna be releasing in probably the next couple weeks. So instead of what you see historically, you're able to come here and manage it.
Like a lot of the other pages that you have here, you have filters. You have the ability to be able to see pretty quickly and also customize the columns and views behind it. But it's really all about how can we bring the look and feel of our policy page, which is an older look and feel to the new design system that we actually have here.
So no new specific functionality or capabilities here, for the most part, other than the ability to at the top filter based on what you're looking for. However, this is a aligned to the way that everything else works and gives you the capability to, to manage your policies and search through them in a much easier and simpler way than you had previously.
Next slide, please. On top of that, there's a couple changes actually. You edit a policy that's gonna be pretty important. One thing is that you're now forced to save a policy as it comes through. This has been a pretty common ask from a lot of our customers today. It just saves. So again, if mis click or type something wrong, it automatically sets policy.
So in this case, you now have the ability to just hit the save button, discard your changes. So you know that's there. If you look at the top headers, you can now pivot through the different things that actually matter for you, whether you want to change categories, change threats. And one of the new features that we put in place is that there's that little blue dot beside the name.
So if you make a change, whether it's change the policy name, adding a category, adding a new application to appware, changing something in the allow or block list, you can pretty quickly see what you have changed before you hit save or discard to see what you have done. So you don't necessarily make a mistake as it goes through.
Next up something then, and Kate touched a little bit about this on the Windows side or the Windows agent side, we are going to be introducing a very common ask from our customer base. The ability to actually. Point your traffic, your IPV six networks into DNSFilter. So very similar to what you traditionally see on the site side.
I want to be able to take my IPV six network that is just a clean IPV six network. You see a lot of ISPs moving to IPV six, only a lot of locations, especially around the world or moving to IPV six only. That's where the world is actually going. And so for your sites, you're able to enter in the IP address or your IPV six IP address or the site that you're trying to protect.
Enter that in and then protect any network that you actually have by automatically Point to our IPV six resolvers. We'll also be introducing V six for Mac Os. Our Mac Os clients as well as for all those users that are using the relay so that you'll be IP V six ready as your organization transitions.
A really simple one. Again, this is a, it's really a really aligned to the look and feel and making things really simple. A lot of the changes that you just saw on the policy side, if you are A MSP we're changing the way that you actually manage your settings as well. So it's purely just a look and feel thing.
It is aligning to the way that the rest of the UI works, but it should be easier for you to be able to manage things. And as well, if you make changes, you'll get that little blue dot beside the name, which will signify the fact that you've made a change. Are you sure you want to actually do it before you actually move on?
And you can pivot through the different the different tab you actually have in a much simpler and easier way. And each of the individual pages will change as well.
Next up, another really common request for those even though it's called Dough here, which is always a funny name, I always laugh when I see it. DNS over Htt PS it is a way that a lot of organizations want to connect to us. So instead of using the traditional DNS protocol, UDP port 53, or TCP Port 53 you want to be able to point your traffic to us using DOH.
You have routers or devices that support DOH natively, they don't support. Let's say DNS over TCP or something else directly and you want to be able to automatically point your traffic into us. By doing so. Kate talked a little bit about native DOH within our roaming clients or Chrome. We're also gonna be introducing that for sites.
So if you have a device that is in a site or behind a site, instead of actually configuring DNS to point to us, you can just configure your D-N-A-D-O-H setting, whether that's in the OS or a browser like Chrome, Firefox Opera, and et cetera. And then that device will point, will actually resolve and point traffic to us over DNS over H-G-D-P-S versus the traditional DOT.
Again, this provides a lot more flexibility in terms of how you want to connect. You may have a bunch of devices that you have on your network that don't support things like DOT and it gives you the capability to point the traffic in the way that you want to, to us in the way that actually makes sense.
[00:38:12] Kate Trojanowski: Oh. I wasn't expecting that slide to be next but we'll roll with it. So end user behavioral analytics. This is what Brett teed up earlier when we talked about themes, cyber site. So cyber site is coming to DNSFilter. This is a roaming client technology, and what it does is it discerns between what the user did versus what the machine did.
Traditionally, DNSFiltering you get, you can get insights and reports and data and Facebook was hit 10,000 times, but did they actually go there? TBD couldn't tell you, right? Cyber site brings in that layer and it has. So many different use cases. What you see here is our overview screen.
So this gives you an overview of not only where the user physically went to, what they clicked on, what application they were in, but how long they spent there. This can help you with license management, with shadow IT detection with your managing end customers. Where is time going in their business and as their kind of business advisor is that where they want the time to be spent.
And so this will be the first screen that we see come over and it'll again, will be Windows RC specific and then we'll keep knocking off other rcs with it to discern. User versus machine. Where this gets cool and where I'm super excited about it is the cybersecurity use cases. So this is a timeline screen.
Really we tee this up in terms of incident response. I got an alert in my EDR, something went wrong. I can now come see exactly what the user was doing at a very narrow time span and dig in. What did they click that maybe spawned this attack chain? Were they even logged into their computer at that time?
Were they in on it, not in on it. Getting us that fine tuned granular details to help aid in faster incident response and recovery and allow you. Through nature of us being a DNSFilter provider, if you know the URL right, you can now go block that for all your other customers and users and make sure that they don't get themselves into trouble.
And then this next screen, our UX team's been part at work and I'm so excited with the stuff that they're coming up with us in product. So this screen doesn't actually exist in source, but as we looked to lift and shift the feature over to DNSFilter came up with this opportunity to show you where there's risky behavior.
So in this view, what is cool is like they. Got blocked when they went to the malicious domain site. They got blocked when they hit the botnet, but we still, because they physically opened that website or launched a phishing email campaign, we still know it attempted to go there. So we can tie that data to the user and show you who's getting into trouble more frequently than others.
Not just from a threat perspective, but also just content blocks, maybe. They're going to sites you don't want them on day to day. And then we can see that trend over time of who's the riskiest people that you may need to handhold or give more training or keep an eye on so that your overall environment can be protected.
So these aren't. All the screens, but these are the immediate ones we're tackling. And you'll see this evolve over time into our longer term plan which is getting those threat profiles of those users and getting more proactive with that's not normal behavior. And combine that with a feature that we have called device isolation, where you can actually lock that down to everything on the machine, can't do anything until we can see what's going on.
So you're gonna see this keep evolving quarter over quarter into that proactive device isolation model. But these are the screens we're gonna start with, and then we'll keep moving each quarter from there. So definitely excited to see how this evolves and gets adopted in this community. But that adds privacy concerns, right?
We do have customers that are privacy conscious. They might be in a country where they have to be privacy conscious. We know cyber site can be invasive and because of that we had to look at re-imagining our PII data protection. This is a feature that already exists in the platform, already, something you can use.
We are just gonna revamp the UI and add a few other options to ensure not only cyber site is included in this moving forward, but any other use case of getting DNS or full URL data that could have a privacy concern, that you have more streamlined options to set that and then manage by override, depending on if you're, if you have multiple organizations.
If they have different needs. So really streamlining that experience and the robustness of what you consider private and not private, depending on the ecosystem, because depending on the ecosystem there can be some gray areas. So really just giving you more control when those gray areas come up.
And then I think this is the last slide. Before we hit our Q&A, and I'll just reiterate like this isn't every single thing we're doing right. There's lots of little other things that get worked in that we don't highlight on the roadmap webinar. But if there is something that you're hoping for reach out and we'll make sure it gets featured in the next one.
But, so this one, identity sync. We have a longstanding identity sync tool, but as that market evolves into clientless options, our intra version today I think is an on-prem tool. I've seen the cam canny comments. People are frustrated. It's coming. So what's cool about the way that we're approaching this is yes, you could still have the on-prem active directory install version of the sync tool, but we're also doing a.
A clientless intra. And the way we're setting up this framework is to make it agnostic so that we can add other providers in the future, like Google Okta, et cetera, into here. And so what these sync tools do is it allows you to assign the policy per user as they travel across different networks and devices.
So that's getting a revamp and then managing that into what we call collections, which is the grouping of those users and what policies you want to apply based on that. That's getting a lift in its UI to make it more user friendly, to get the particular individuals you're looking for into the collections easier.
That is in the works on the horizon as well, and as promised Q&A.
[00:45:50] Brett Cheloff: Awesome. Great job. Feel free to use the Q&A box. I have it open and I will be the mc asking our awesome product managers here. Each one of these questions, I'm gonna start with one that came in through the actual webinar chat and answer that directly. Are the ZORA features being referenced here being rolled into existing plans, or will there be an uplift on licensing to use those features?
So as it currently stands, we're packaging the initial releases of cyber site that align with Zorus into the PRO plan and above There will be like enterprise level features in the future that would require you to go above pro. But as a stands we're aligned to the pro. So if you have pro at the things that you just saw, that's what, will come out as part of that due to the fact that it's an endpoint based technology. So anything below pro doesn't really make a lot of sense 'cause we can't do that level of granular detail on the networks. And on top of that, I just in case it got missed I think it's really important to note that cyber site is not just your web traffic, it's also your thick client activity that's installed on those devices as well to truly give you the full picture of what the users across your company or the companies you serve are actively using.
So that is the answer for that one. We did get a question. This is towards you, Kate, around the Mac agent and the changes there. Will the New Mac agent require a certain Mac OS level? And if so, is there a floor to that or how far back does it.
[00:47:37] Kate Trojanowski: Like what version of Apple do you need to be on?
[00:47:40] Brett Cheloff: Yeah. Is there any kind of requirement there that's from a Mac agent standpoint, a New Mac agent style?
[00:47:49] Kate Trojanowski: I'd have to go look to be exact, but I'm pretty sure that feature starts in big serve, which has been out. So whatever was like 2020s release and beyond is where this comes into play.
Apple likes to name things fun. It should help me remember, but I, big sir, is what is sticking out in my brain of where the OS needs to be to switch to this.
[00:48:15] Brett Cheloff: Got it. Next one's also towards you. So did you say there was a deadline date for having Chromebook os Manifest V two extension updated to V three?
The answer was yes. What was the date again, Kate? Yes.
[00:48:30] Kate Trojanowski: So Chrome's actually already deprecated it at the end of June, but they're giving enterprise businesses a little more leeway. So that deadline is August 19th. The only reason we're sitting in beta still is for adoption. We haven't seen any challenges.
So if you're open to beta, we can get you rolling onto that now. And like I said, August 19th, we're reaching the end of July here. So we're gonna mark this ga very soon. And look out for the marketing emails too, because they'll send reminders to make sure that you're in loop.
[00:49:09] Brett Cheloff: Awesome. This one's a jump ball. So are there any plans to address VDI compatibility with the roaming agent or just from a blanketed install standpoint to give us visibility on user activity? Right now on our multi-session a VD Windows 11 hosts, we point our hosts to our off-prem DC DNS server and have our DC point to DNSFilters, DNS servers, as for as a forwarded.
So we can only see the internal host ip accessing the sites, not the users.
[00:49:43] Ryan Poppa: So I'll try to answer that question. This is a longstanding issue, and it isn't something that we necessarily control in a VDI environment. We don't get user information as you're sending DNS requests. So unfortunately there isn't anything that we can do in the short term.
And so it's an unfortunate consequence of VDI and what Citrix and Microsoft and others have done, how DOH or DS over HDP might be able to help with this a little bit because DOH is set at the user level and not the system level. And that might be a way to get around VDI, but no promises yet. We're still evaluating.
[00:50:20] Brett Cheloff: I also would like to add that once precheck is in for at least VDI and Windows environments the precheck not changing DNS, you'll still get DNS records linked to the logged in user in those VDI environments. So that style of DNSFiltering can help in scenarios like that.
Alright, next question. So this might be more of a support related question, but we'll we'll help you out with it. We just onboarded a customer, very restricted policy. We're seeing that when they get to a block page, they get that your connection is not private, meaning the certificate's not installed.
What's the best practice way of getting around this? He's saying without having to install DNSFilters, certificates on all computers. Which that is the answer unfortunately, is installing the certificate, typically done through your RMM. I do think it's important to note, and I don't think Kate touched on it 'cause I'm not exactly sure we're doing it right away, but part of DNS precheck allows for the block page to be hosted locally.
Is that gonna be part of that precheck Kate? That's not
[00:51:37] Kate Trojanowski: gonna be in V1 but it'll evolve to get there thought.
[00:51:42] Brett Cheloff: Yeah, so I think what's important to note is as these features come over on the Zuora side, the block page is actually hosted locally, which is why you're not getting that certificate thing.
Keep in mind, if it's a network block, you're still gonna get the certain problem, so can't stress that enough. But if it's an endpoint block, it would be hosted locally and doesn't require something like that. So it will evolve to that point. But as for now. I would recommend using whether you have an RMM tool or of nature, be able to deploy that certificate to the devices on that network, and then you will stop seeing the, your connection is not private.
All right, so we got a question. Does Zuru work alongside Threat Locker? Are or are they competing product services? Technically, they're a competitor now too. They have DNSFiltering. I don't think it's as robust as DNSFilter and zora, but they absolutely have that. And we do pair nicely side by side with them.
If you choose to use our filtering services through them can't stress enough. Like for instance, our security intelligence team, we invest a lot of time and money in owning and training our threat intelligence to make it world class. Most people and other vendors do not own their threat intelligence and have a team like ours.
And we really strive to make that the best out there to be the thought leaders of that type of DNS security and protection.
So I'm sorry if I missed this earlier, but is there any plans to address issues with DNSFilter roaming agent, when there are connectivity issues on Windows hosts? Be it the user cannot connect to the internet specific services, is there a bypass mode or a, so this is almost like a fail open question in our strategy around fail open, so I do think, Kate touched on the DNS precheck item, DNS precheck by design is a fail open. You have the choice to fail close if you choose, but if it can't be looked up properly, it will allow them to go there. For instance, if the infrastructure is down, which, happens from time to time, even Netflix goes down and we can't watch our shows.
But the the idea there is to have an elegant fail open model regardless of style. So we've even been actively working on a fail open model, even owning the DNS resolver as well. That's still in progress to mature and get out there, but once pre-check goes out, you'll have that elegant experience of fail open.
But until then, right now owning the DNS, we strive to keep our, our DNS resolvers uptime at five nines, and we continue to work that out and move that forward. And I think that is it. So I'm seeing a lot of just to address it, I am seeing a lot of questions around just like Zora's DNSFilter.
What's the story here? What's the long term, I went with one product, what should I do? Kind of statement. The sentiment right now and what we're working towards. Long term. Yeah. Years away. We want to be one platform, one product that is capable of doing way more than what, Zuru and DNSFilter do alone today.
There's so many ideas that we have that we're gonna expand into. And if you've already are on zuru today or you're on DNSFilter today, and where should I be? You should be where the feature set makes most sense for you and what you're trying to do today. If you're heavy into cyber site and that data is important to you, you should stay on Zorus.
If you love the way that the filter works from a pre-check standpoint on Zorus, great. If you love what you got on DNSFilter side today, but you're really eager to do cyber site, we're actively, moving that type of stuff over and those features over and it's all features of Zoros will move over, including things like GYP blocking, the elegant unblock request style.
'cause that came up as a question too, that I answered privately. All of that will move over. And once we get to the end state, which is gonna take a lot of time, so no panicking or anything like that, and we're still investing in our products, both sides there will be a migration process, but it will be as automated as humanly possible once we get there.
But that's, way out. We're talking a long time. So with that being said though the fact that we already switched networks over to DNSFilter is a big win in the sense that you're already on the DNSFilter network if you're using Zorus today anyway. There's not much to migrate after that other than your settings and configuration.
With that, I want to thank everybody we're on an hour exactly. Thank you so much for joining our first roadmap webinar. We'll see you all in three months with our next update and never be too scared to come hit us up in any of the shows that we might be at in the future. We love talking to our customer base and our partners, and we will see you on the flip side.
Gonna give it just about 30 more seconds, then we're gonna kick off. I see a lot of people still joining.
We got some people from Canada. Ryan's in Canada.
Alright, let's get the party started. Okay. Welcome to our quarterly roadmap webinar. This is meant to be every single quarter to give our customer base and community an update on what we're doing here at DNSFilter. This is our first one since the merger of DNSFilter and Zorus. So the teams have come together we're working harmoniously and really knocking things out to bring a lot of value to market for our customer base.
And we wanna share that with you today. So let's dive into our cast of characters. So we have some familiar faces that you, both sides of the house are very well attuned to. So we have Kate Trojanowski, who's Director of Product that came over from Zorus with me. Say Hi Kate.
[00:02:15] Kate Trojanowski: Hey guys.
[00:02:17] Brett Cheloff: And then we have Ryan Poppa, our Senior Director of Product already on the DNSFilter team.
And fantastic member of the team say, hi Ryan.
[00:02:25] Ryan Poppa: Hello.
[00:02:27] Brett Cheloff: And then myself, Brett Cheloff Chief Product Officer here at DNSFilter as we move forward and make very cool product for the market and be able to share that with all of you. So let's get into our agenda. Alright, so we're gonna go over some upcoming events so you know where we're gonna be.
Each quarter I'll show you kinda the shows that we're at and we would love to meet you guys in person and have chats around product and really be able to help us craft our roadmap and our future together. I'm gonna give you a quick company update and kind of product themes that we'll go over. Since the acquisition, what is our focus and how are we applying that to the product?
And then in the traditional format of these quarterly webinars, we really want to show transparency of exactly what we're doing. Get your voice heard into it, and so on. We definitely believe in making value that changes and impacts your business and your company from a security standpoint, and we want to make sure that it is being ingested heard and used.
And so this is that layer for you. So we'll go into what we've recently released just in case you missed it. I know we do the email blast and the release notes and stuff, but we want to go over that for you as well as what we're currently working on. And then what's next after that? Going forward and then we'll go into a live Q&A.
So I'll be MCing that, be able to ask us anything you want and we'll be able to get to as many as we can until kind of time's up. If we can't get to your question, we'll make sure that we ping you directly through email to answer your question just in case there's a lot. So let's get into our upcoming events, a couple shows coming up that we'll be at.
So stop by the booth, say hi to the members of the team that will be there and, give us your feedback and your love. So we'll be at Channel Con in Nashville. It looks like it's gonna be next week, and then in a couple weeks we'll be at Black Hat out in Vegas. That should be a fun one. A lot of us will be there at Black Hat.
So come check us out. And then Vision 25 in Dallas. Week after the about two weeks after that. So would love to see you at any of these shows and we'll keep you updated on other shows. We also have on our website, all the shows that we'll be at as well, just in case you're going to one and wanna see what's going on with us and touching base.
For a quick company update post merger, right? Everyone gets really nervous. Oh, company's coming together. What does that mean for the roadmap? How are we, kinda affecting all of that? Really the big areas here that we put a lot of investment into coming together between DNSFilter and zuru is very much making sure from a support standpoint and a product engineering standpoint, we are stellar.
So we invested pretty heavy in, into support and making sure that we are extremely responsive. We're working on our CSAT scores going up and just making sure it's an absolute pleasure every single time you contact us through support and that we're knowledgeable, we're helping you solve the problem and not just try to fix the issue.
And really impact your business and the tasks at hand that you have. We know that it's important to be very responsive from the standpoint of if you are having an issue. And that's what we strive. So if you are working with our support team and you love your experience, please, hit the feedback button.
Give us your feedback. If you're having a poor experience, we want to hear that too. We're striving to be amazing at support. And then on the product engineering side, it's very much of, we're in a very competitive heating up market, and we really want to provide an expanded product value. To our customer base, knowing that when you're using our product, it's not just the product that you get today, it's the product that you get tomorrow.
And that's what we're trying to make sure that we're educating everyone on and being able to show you what that innovation looks like and what you'll be able to use in the future. As well as just be very community involved. Meaning we want to talk to you, we understand that you have a hundred things in your life and we wanna make sure that we're solving the piece that we solve for you perfectly.
And we also want you to be heard during that, so that way you can talk to us directly as product leaders at DNSFilter and potentially impact what we do and help us steer the ship. We're gonna be very transparent with that and working through it. So that's that piece. Then as far as product themes and what we're gonna be going over and what our current focus is, this will change as we evolve and move forward.
You'll see that throughout every single quarterly roadmap webinar we come through. But for this one, our themes around our vision of protecting every click and ensuring that anyone using our product is protected from a user standpoint. Clicking on bad links, clicking on anything that might be malicious and so on.
So those areas right now are ease of doing business. Connect on your terms, zuru Yuba or end user behavioral analytics which we refer to as cyber Site as we get through that in our presentation here, as well as modernize our platform and ensure future stability and scalability worldwide.
Knowing that people are traveling all over, we have to keep them protected no matter where they go. So what does ease of doing business mean? That really is about onboarding experience, your ability to deploy our product, your ability to consume and understand your licensing, your ability to just work with our product in such a nice and elegant way that it just feels pleasurable, being able to go through any and every aspect of it.
We're starting focused on understanding licensing and licensing models for you to make it easier to consume and understand your bill and so on going forward. We'll talk about that in a bit. And then we're gonna move on from there as far as like your ability to deploy easier and so on. As far as connecting on your own terms, this is being able to be anywhere and everywhere, dependent on if you have an agent, you don't have an agent, you need relays, you need any clientless style filtering and so on.
We want to ensure that all traffic and any traffic can be scanned and ensure that it's safe and secure. Zora Yuba around cyber site. This is the vision of being able to protect users that are using their device and ensuring that their behavior is appropriate or it's actually them. So the vision here around end user behavioral analytics is being able to say, Hey, we can fingerprint how Kate uses her computer versus how Ryan uses his computer, how I use my computer.
And if that starts to deviate, we'll be able to lock that device down as though that they might be compromised or start an insider threat issue. So we really want to get in front of that, especially with gen ai, et cetera. Going out there where people can't even trust their Zoom videos anymore.
Ensuring that we're protecting users using their devices even privileged access users using their devices. And then as far as the modern platform, it's very straightforward. We need to ensure that our platform and our product is always up. It is always working, it is always protecting, and it's doing that in a very scalable, fast manner.
We know that DNSFiltering in general is very sensitive because if DNS were to blip in any way, you're not getting internet. So we wanna make sure that is always safe and secure and up. So that's where our investment is going. And with that, I'm gonna hand it over to our awesome product managers to go over what we have recently released and et cetera.
[00:10:18] Kate Trojanowski: All right, I'm up. So if you're a Zuro partner, you've probably seen a similar image to what you have on the screen here. Generally we would do recently released now and next a DNSFilter. That would be a much longer list. So we've instead broke it up and split it by those themes that Brett just talked about.
So you'll see this coming from us quarterly. This is our first one in the merger, but we are scheduled with marketing to do it every quarter. Moving forward, if your DNSFilter partner, you're probably familiar, hopefully with canny can, is gonna get updated. And managed a lot more intentionally here in the next couple weeks.
This is not uncanny yet to show the accurate depiction of what we're showing here, so I just wanna call that out. But do know it is going to get a revamp and we are going to be much better about keeping you informed. And so you can even be ahead when we come onto these calls. Here on this view, you'll see, GA versus beta and when those items went out, and I'm not gonna stay up here much longer 'cause we're gonna dive into the key highlights of this one by one show you what it looks like.
We're starting it off with Zora and some of you don't have zoros, but you still wanna pay attention because anything in Zoros is intended to become a DNSFilter feature. Later. So things you see here that maybe give you some excitement, it will come into the DNSFilter platform too. So not a waste of time to pay attention.
So first up we have introduced the full URL filtering in the browsers, so you can go beyond DNS. We did that earlier in 2024. That can be a little disruptive. When you're looking at the full path of every single page somebody goes to you can get a lot more blocks and noise than you would at the DNS level.
And so some people are gung-ho about having that more granular security and managing it. But other people were like, can I just get ip? Because it does offer IP protection in the browser too. If they were to go directly to an IP or click a phishing link from an email we would be filtering that with our.
Browser extension piece of the product. So what we did in Q2 is we split that so that you can choose if you want both or one, and pick those level of securities where the IP is a little less invasive than the full URL, just depending on the type of environment and your needs. Next, schedule, timeline, activity, logs.
So we have a pretty good start on a report scheduling engine with a variety of different templated reports. So this was just a next set piece of we developed a screen. Now you want the data, you can export it. Now you can export it. Can I schedule it on a run? We've had some people do some really cool things with these CSV logs and they.
Kind of pushed on us. If I could schedule this, I can automate the whole function to go grab the CSV, put the data in their BI tool and get these other metrics or these businesses. And so that is in there now and it really cool to see the different like ways people have used this and excited to maybe bring some of those into the product in the future as well.
Then we have networks. So Zuru has offered network protection for some time but with the merger we have moved to have them powered by DNSFilters, threat engine. So that went live back in June and it added a not only the robustness of the DNSFilter backend to power this, but we also were able to bring it up to a global layer.
Previously, our network solution, you had to dig into each customer one by one to go set up and manage networks and see the traffic. So just like we did. The global endpoints which DNS side would call that the roaming clients. We were able to get the networks into the same global view when we moved it to DNSFilter.
And what I think is really cool to point out about this is it's literally integrated and connected with DNSFilter. So when you make these networks, it goes to a secure portal on the DNSFilter side, and it's set up like using their exact setup that they have in their dashboard. And so what's also cool about this is when RIS ends up migrating into one experience, one company, one product.
If you're using networks, you'll already be using networks and you're just. Transitioning over the endpoint roaming client experience. So it gets you half the way there and we're very excited to see that out the door. Next. This is a smaller win, but I think it's really useful. Flexible time filters.
So both for endpoint and our network logs, you can pick customer endpoint date range and then you can narrow that down. So we've had these time selectors in zuru before for the single day. So if I was on July 23rd, I could go to eight 15 for example. But when you went multi-day, it ignored that.
And so we've had people say, I only wanna look at eight to six, but each day. So we've changed the way the filtering works so that it's being more dynamic to, do you want it just during this time block for all these days you selected, or do you want it all day for that full range? That was actually a partner feedback item.
Thanks for our partner. I think it was Phil that gave us that, and now it's in the product. And now I think that is the end of Zuru items for Q2 that we're significant. And now we're in DNSFilter land. So since the merger Yes. Who took over roaming clients? Me. So first up we have Chrome. What's, if you're a Zoa side guy, I'm gonna keep saying that a lot, I think for this quarter.
But it'll smooth out here as we keep moving. DNSFilter offers a lot more agents than just Windows and Mac. They have a Chrome agent for Chromebooks. They have an iOS agent that can get the iPads, Android, et cetera. Super exciting. In Q2, we've done a ton of work on our roaming clients to really get them to the next level of architecture and chrome or code, and some of that is.
Based on requirements by the vendor in this case, Google. They deprecated manifest V two. So we had to move to V three. But it's good to stay up to date with the technologies. So this is in beta now, and it also introduces the DOH support. If you're a Chromebook user, you can sign up for the beta by just emailing support.
They'll turn a feature flag on for you. And then you can take the steps to get this DOH template that is required by man manifest V three and get that running. The deadline to switch from V two to V three is August 19th. So if you are a Chromebook user, you will see this exit beta here very soon.
We're July's coming to an end, right? So this is gonna come out the door and it does. Require manual intervention by you to keep filtering. Next we have the Mac Os. These are KB articles just to point the differences of what's happened between our one X agent and our two X agent. Previously, the one X agent used DNS loop back to intercept the DNS queries to then do the filtering that has.
Been a method that Apple's largely been moving away from, and now they're pushing everybody to the system extension, network extension framework. So our two X agent that went out in May is using those methodologies. That's the go forward way for Apple. And the best way for managing those devices as an IT provider through those MDM solutions, it does unfortunately require MDM.
We get a lot of tickets like, can I use my RMM? No, you have to use an MDM if you don't have one, invest in one. We can give you tips on the ones we've seen that work really well. It's not us, it's Apple. We're working in their parameters. But the agent it's. Up and running and move to this new technology that's gonna open more possibilities for us down the road to evolve it and just make it a really great stable product.
VPN. VPNI have a love hate relationship with them. So VPN we spent some time, and this was on our window side, we're gonna do a, an effort on the Mac side to, to acquire these VPN tools that we're seeing our customers use. Download 'em, see where there are or aren't conflicts, and then document any configuration steps to make sure that both applications can run smoothly on a device.
So what we have listed on the screen is the ones that we vetted and researched and set up, and no work. That doesn't mean other ones don't work, we just, we don't have access to all of them. We did send out a survey recently to. Get a fuller list of VPNs. I'll say to maybe add to this list, but if you see one not here, or you're having trouble with one, just send us a ticket and we'll see what we can do.
It can be challenging on this front or we have to get the software, but we can work together to make sure our applications are harmonious. And then also on the window side again. Connection IPV six. It's been a longstanding request on the DNSFilter side for some time. So IPV six, arm 64 build.
These are in our beta. It's, which originally went out in May, and then it got another update in beta a couple weeks ago here in July. So the biggest thing there is the IPV six support. But we also have this new function called the self-healing automated monitoring. So it's actually looking at. The service on the device and making sure it's running properly.
And anytime some kind of blip happens for whatever reason it will try to self-repair it so that you're not losing access to the internet when you switch networks or hit a captive portal, et cetera. So really a great step forward in trying to be connected all the time and not having to have manual user intervention to fix a DNS issue, as we know can be not our favorite times.
So this is here to just self do it and really excited to see this keep moving out the door and evolve from here. And now I'm gonna hand it over to Ryan to tell you about some other items we have for you.
[00:22:28] Ryan Poppa: Thanks Kate. Looks like it's my turn now. So this is actually two different things in one, and I'll break this up into two.
So one of the things that has been a common ask of us for a while is that if you are a multi-tenant user, or you're an MSP, trying to monitor or manage a whole bunch of organizations that are underneath you, you had to go into each and every single organization to manage individual sites. So if you had organization A, I had to manage organization A by going into it, looking at their sites, then pivoting to B, then pivoting to C, which meant that A, you had to remember where all the sites were, which can be challenging depending on how you named your sites.
And B, you had to go pivot and pivot through. So one of the major things that we released, it just went out a couple weeks ago, is the ability to do site support for multi-tenants. So there's a single page in your MSP view, you can go to the site view and it will return every single site. That is under each and every single organization you have.
You can filter, you can search, you can basically delineate between whether or not the site is protected or not and be able to manage, control and change your sites in any way across any different organization that you actually have. So in this example, you can see in the screenshot, there's two different organizations here.
'cause I'm looking for the word insights. Again, we are able to really quickly and really simply see that in a way that makes sense. On top of that for those single org users as well. You can also see that there's a whole bunch of other things that you can see in terms of underlying columns. You can edit these views.
So this is what we show you. By default. You'll see status, you'll see IP hosting, you'll see organization, but you can go into your preferences and actually edit this in any way that makes sense. So if you have individual users in your organizations who need to see very specific things, if you want to see a different set of columns or views within your world, 'cause that's what's most important for you, these columns are set on a per user basis.
And so as you make changes, this is the view that you see personalized for you in whatever way that makes sense. On top of that, with a screenshot on the bottom right hand corner, which is something that we didn't never did, but now we have. Is that if you have a whole ton of sites, let's say you're managing 10, 20, 50, 100, 200 a million, depending on who you are you can now search for ips or host names through that list.
And so if you're trying to answer the question, am I pointing my traffic to Dinas filter from an individual site or from this IP address, you can just type in, the field itself, enter an IP address, whether it's short form, or you can type the whole thing if you want to, and the field itself, or the results will filter down to the results that actually matter to.
So really quick, really easy, pretty common requests from some of our larger customers, but you now you have the ability to do that in whatever way That makes sense. Next slide, please, kid. On top of that if you are a sales managed account, you now can actually set user allocation if you are an MSP.
So if you went through sales, you made a purchase, you bought a whole bunch of licenses across, and you wanna be able to allocate those across the organizations that you acquire or that are doing business with you you can now manage it in a single view that we call subscriptions in the UI under MSP.
And so this will show you a few things. One, it will show you what organizations that you have underneath you. It'll show you how many licenses that you have allocated to each organization. So as you see in this example, you have one that has one, you have another one that has six, five licenses, as well as the different license types that come behind it, whether or not they're a roaming client or not, whether or not you have network devices and what's pointing to you, as well as the overall, what we call recommended licenses, which is this is what we think the user or the organization is doing.
And this the recommendation, li recommended licenses. I'm having, trouble speaking sometimes to do what you actually need to go do. So if you want to be able to edit these numbers, be able to change these numbers, be able to allocate new licenses to your users or your accounts in a way that actually makes sense, you're able to do that based on plan type or allocation itself.
And at the top you can see how many licenses you have overall and how many that we think you're over for individual type
on top of this. Now, you also can display. We also have the ability to display what we call accurate licensing and usage details. And so this is all about providing visibility to you as an organization or as an MSP in terms of, what do we actually think you're actually using. We want to be able to show that to you.
Like you've purchased 10 licenses, are you actually using 10 licenses? We leverage, what we actually have in our license agreements. We'll show you how many users that you actually are licensed for, how many we think that you're actually being using tied to them of requires per day, or the number of roaming clients you actually have.
And it gives you the capability to be able to edit and monitor and change in whatever way that actually makes sense. So you can see what's here, the terms that you're at, you can make the changes that you actually need and the underlying cost that's actually behind it. So if you wanna see really quickly, what you have, what's being used, what it's actually costing, and you wanna make changes, you can do that directly through the ui.
Next slide, please. Kay.
[00:27:30] Kate Trojanowski: All right. In the works. So I'll take it back over here for a minute. We have a lot of things in the works. So this is actually a fuller list that we broke down and in the works and on the horizon, and then there's even more on the horizon after that. But that's why we meet quarterly so we can keep up to speed with how things are going and all the moving pieces.
So with that, we're gonna dive in to what's coming soon on the Windows agent, which is DNS precheck for Windows. This is the value prop Zuru had against DNSFilter of how we intercept traffic before it ever leaves the device. You don't have to change DNS at all, which helps with traveling user conflicts first and foremost.
It gives you a different layer of security. So I have a list of those benefits here on the next slide, but we try to just picture that for you in this diagram where Zora intercepts the traffic is before the resolver. So DNSFilter has done the traditional method where you have to update the resolvers to route the traffic through them to do the filtering.
Zoros actually captured it pre DNS. To inspect it, right? So this is that value prop that we're gonna bring into DNSFilter and then give you the option to choose which method or combo of methods that you wanna use, which I'll show you in a second. So again, some of the benefits of that are, you don't have to change the DNS.
So it's one less thing to manage and make sure it's working. Or if you're changing some technology or re-imaging a machine, you don't have to remember to worry about DNS 'cause you didn't change it in the first place. Or you can use your own DNS, right? We're we'll still filter within the parameters of, I'm, I wanna use this local DNS that I own all the data for, and now we can filter in those scenarios.
What's really cool about the pre part is it means you're intercepting before it leaves the device. So if there's bad traffic, it never leaves the machine, it never hits your network, it doesn't have the potential to sprawl elsewhere, right? You nipped it right in the bud. That I think is a really cool way of looking at DNS.
And then there's other benefits where you don't have as many connection challenges. Captive portals is always the favorite one. We've made a ton of progress on that being super stable with DNSFilter, how it is. This is just gonna. Bring it home a step further. VPNs, local domains, you don't have to configure those to work.
It just is moving, so you stop the extra configuration there. Lots of benefits and options here, and we're gonna give you those options to choose. So what you're gonna see when this releases, which it's currently targeted for our 3.0 agent which should be out in August, is we set up this new option at the org level for your roaming client deployments, where you have this connection and filtering mode and.
This can get complicated. So we were like, let's just give 'em two different options. Do you want the standard recommended option that's gonna be the pre-check that's more compatible in most environments or do you want a more strict configuration where it runs through the DNSFilter Resolver which is more locked down in that you own the data through the dashboard and it coming through?
It plays better with zero Trust. VPNs. Zora does work with traditional VPNs very well, but the zero trust ones can sometimes be a struggle where DNSFilter works with those zero trust ones. And then you have standard fail open, strict, fail close. Sometimes you wanna control that narrative too.
So we have a custom option where you'll be able to. Actually pinpoint the exact different ways that you want to filter and connect and fail open if you don't want us to pick for you, right? You're, you guys run it shops, you know what you're doing. You're probably like, I wanna change this. So we're giving you those controls too.
Another benefit of just while we're in here, right? That's org level, that's gonna impact all your endpoints. We're also gonna be adding it into the grid for these bulk selections, single roaming client overrides so that you can start. Picking and choosing based on maybe a scenario of a particular user or a particular group of people.
And you'll notice we've added some other things in there that have been smaller feature requests of being able to enable or disable a device or set a log level or set whether you're getting automatic updates or not at the individual level. Those all won't come at once, but the concept of with precheck giving those options, we're also looking at all the other ones that you've brought to us in canny or to your success team manager to support.
So that's DNS pre-check and I'll hand it back to Ryan for the policy ui.
[00:33:17] Ryan Poppa: Thank you. This is gonna be a little bit of a smaller update than the site side. We have refreshed the policy page and it's something that we are gonna be releasing in probably the next couple weeks. So instead of what you see historically, you're able to come here and manage it.
Like a lot of the other pages that you have here, you have filters. You have the ability to be able to see pretty quickly and also customize the columns and views behind it. But it's really all about how can we bring the look and feel of our policy page, which is an older look and feel to the new design system that we actually have here.
So no new specific functionality or capabilities here, for the most part, other than the ability to at the top filter based on what you're looking for. However, this is a aligned to the way that everything else works and gives you the capability to, to manage your policies and search through them in a much easier and simpler way than you had previously.
Next slide, please. On top of that, there's a couple changes actually. You edit a policy that's gonna be pretty important. One thing is that you're now forced to save a policy as it comes through. This has been a pretty common ask from a lot of our customers today. It just saves. So again, if mis click or type something wrong, it automatically sets policy.
So in this case, you now have the ability to just hit the save button, discard your changes. So you know that's there. If you look at the top headers, you can now pivot through the different things that actually matter for you, whether you want to change categories, change threats. And one of the new features that we put in place is that there's that little blue dot beside the name.
So if you make a change, whether it's change the policy name, adding a category, adding a new application to appware, changing something in the allow or block list, you can pretty quickly see what you have changed before you hit save or discard to see what you have done. So you don't necessarily make a mistake as it goes through.
Next up something then, and Kate touched a little bit about this on the Windows side or the Windows agent side, we are going to be introducing a very common ask from our customer base. The ability to actually. Point your traffic, your IPV six networks into DNSFilter. So very similar to what you traditionally see on the site side.
I want to be able to take my IPV six network that is just a clean IPV six network. You see a lot of ISPs moving to IPV six, only a lot of locations, especially around the world or moving to IPV six only. That's where the world is actually going. And so for your sites, you're able to enter in the IP address or your IPV six IP address or the site that you're trying to protect.
Enter that in and then protect any network that you actually have by automatically Point to our IPV six resolvers. We'll also be introducing V six for Mac Os. Our Mac Os clients as well as for all those users that are using the relay so that you'll be IP V six ready as your organization transitions.
A really simple one. Again, this is a, it's really a really aligned to the look and feel and making things really simple. A lot of the changes that you just saw on the policy side, if you are A MSP we're changing the way that you actually manage your settings as well. So it's purely just a look and feel thing.
It is aligning to the way that the rest of the UI works, but it should be easier for you to be able to manage things. And as well, if you make changes, you'll get that little blue dot beside the name, which will signify the fact that you've made a change. Are you sure you want to actually do it before you actually move on?
And you can pivot through the different the different tab you actually have in a much simpler and easier way. And each of the individual pages will change as well.
Next up, another really common request for those even though it's called Dough here, which is always a funny name, I always laugh when I see it. DNS over Htt PS it is a way that a lot of organizations want to connect to us. So instead of using the traditional DNS protocol, UDP port 53, or TCP Port 53 you want to be able to point your traffic to us using DOH.
You have routers or devices that support DOH natively, they don't support. Let's say DNS over TCP or something else directly and you want to be able to automatically point your traffic into us. By doing so. Kate talked a little bit about native DOH within our roaming clients or Chrome. We're also gonna be introducing that for sites.
So if you have a device that is in a site or behind a site, instead of actually configuring DNS to point to us, you can just configure your D-N-A-D-O-H setting, whether that's in the OS or a browser like Chrome, Firefox Opera, and et cetera. And then that device will point, will actually resolve and point traffic to us over DNS over H-G-D-P-S versus the traditional DOT.
Again, this provides a lot more flexibility in terms of how you want to connect. You may have a bunch of devices that you have on your network that don't support things like DOT and it gives you the capability to point the traffic in the way that you want to, to us in the way that actually makes sense.
[00:38:12] Kate Trojanowski: Oh. I wasn't expecting that slide to be next but we'll roll with it. So end user behavioral analytics. This is what Brett teed up earlier when we talked about themes, cyber site. So cyber site is coming to DNSFilter. This is a roaming client technology, and what it does is it discerns between what the user did versus what the machine did.
Traditionally, DNSFiltering you get, you can get insights and reports and data and Facebook was hit 10,000 times, but did they actually go there? TBD couldn't tell you, right? Cyber site brings in that layer and it has. So many different use cases. What you see here is our overview screen.
So this gives you an overview of not only where the user physically went to, what they clicked on, what application they were in, but how long they spent there. This can help you with license management, with shadow IT detection with your managing end customers. Where is time going in their business and as their kind of business advisor is that where they want the time to be spent.
And so this will be the first screen that we see come over and it'll again, will be Windows RC specific and then we'll keep knocking off other rcs with it to discern. User versus machine. Where this gets cool and where I'm super excited about it is the cybersecurity use cases. So this is a timeline screen.
Really we tee this up in terms of incident response. I got an alert in my EDR, something went wrong. I can now come see exactly what the user was doing at a very narrow time span and dig in. What did they click that maybe spawned this attack chain? Were they even logged into their computer at that time?
Were they in on it, not in on it. Getting us that fine tuned granular details to help aid in faster incident response and recovery and allow you. Through nature of us being a DNSFilter provider, if you know the URL right, you can now go block that for all your other customers and users and make sure that they don't get themselves into trouble.
And then this next screen, our UX team's been part at work and I'm so excited with the stuff that they're coming up with us in product. So this screen doesn't actually exist in source, but as we looked to lift and shift the feature over to DNSFilter came up with this opportunity to show you where there's risky behavior.
So in this view, what is cool is like they. Got blocked when they went to the malicious domain site. They got blocked when they hit the botnet, but we still, because they physically opened that website or launched a phishing email campaign, we still know it attempted to go there. So we can tie that data to the user and show you who's getting into trouble more frequently than others.
Not just from a threat perspective, but also just content blocks, maybe. They're going to sites you don't want them on day to day. And then we can see that trend over time of who's the riskiest people that you may need to handhold or give more training or keep an eye on so that your overall environment can be protected.
So these aren't. All the screens, but these are the immediate ones we're tackling. And you'll see this evolve over time into our longer term plan which is getting those threat profiles of those users and getting more proactive with that's not normal behavior. And combine that with a feature that we have called device isolation, where you can actually lock that down to everything on the machine, can't do anything until we can see what's going on.
So you're gonna see this keep evolving quarter over quarter into that proactive device isolation model. But these are the screens we're gonna start with, and then we'll keep moving each quarter from there. So definitely excited to see how this evolves and gets adopted in this community. But that adds privacy concerns, right?
We do have customers that are privacy conscious. They might be in a country where they have to be privacy conscious. We know cyber site can be invasive and because of that we had to look at re-imagining our PII data protection. This is a feature that already exists in the platform, already, something you can use.
We are just gonna revamp the UI and add a few other options to ensure not only cyber site is included in this moving forward, but any other use case of getting DNS or full URL data that could have a privacy concern, that you have more streamlined options to set that and then manage by override, depending on if you're, if you have multiple organizations.
If they have different needs. So really streamlining that experience and the robustness of what you consider private and not private, depending on the ecosystem, because depending on the ecosystem there can be some gray areas. So really just giving you more control when those gray areas come up.
And then I think this is the last slide. Before we hit our Q&A, and I'll just reiterate like this isn't every single thing we're doing right. There's lots of little other things that get worked in that we don't highlight on the roadmap webinar. But if there is something that you're hoping for reach out and we'll make sure it gets featured in the next one.
But, so this one, identity sync. We have a longstanding identity sync tool, but as that market evolves into clientless options, our intra version today I think is an on-prem tool. I've seen the cam canny comments. People are frustrated. It's coming. So what's cool about the way that we're approaching this is yes, you could still have the on-prem active directory install version of the sync tool, but we're also doing a.
A clientless intra. And the way we're setting up this framework is to make it agnostic so that we can add other providers in the future, like Google Okta, et cetera, into here. And so what these sync tools do is it allows you to assign the policy per user as they travel across different networks and devices.
So that's getting a revamp and then managing that into what we call collections, which is the grouping of those users and what policies you want to apply based on that. That's getting a lift in its UI to make it more user friendly, to get the particular individuals you're looking for into the collections easier.
That is in the works on the horizon as well, and as promised Q&A.
[00:45:50] Brett Cheloff: Awesome. Great job. Feel free to use the Q&A box. I have it open and I will be the mc asking our awesome product managers here. Each one of these questions, I'm gonna start with one that came in through the actual webinar chat and answer that directly. Are the ZORA features being referenced here being rolled into existing plans, or will there be an uplift on licensing to use those features?
So as it currently stands, we're packaging the initial releases of cyber site that align with Zorus into the PRO plan and above There will be like enterprise level features in the future that would require you to go above pro. But as a stands we're aligned to the pro. So if you have pro at the things that you just saw, that's what, will come out as part of that due to the fact that it's an endpoint based technology. So anything below pro doesn't really make a lot of sense 'cause we can't do that level of granular detail on the networks. And on top of that, I just in case it got missed I think it's really important to note that cyber site is not just your web traffic, it's also your thick client activity that's installed on those devices as well to truly give you the full picture of what the users across your company or the companies you serve are actively using.
So that is the answer for that one. We did get a question. This is towards you, Kate, around the Mac agent and the changes there. Will the New Mac agent require a certain Mac OS level? And if so, is there a floor to that or how far back does it.
[00:47:37] Kate Trojanowski: Like what version of Apple do you need to be on?
[00:47:40] Brett Cheloff: Yeah. Is there any kind of requirement there that's from a Mac agent standpoint, a New Mac agent style?
[00:47:49] Kate Trojanowski: I'd have to go look to be exact, but I'm pretty sure that feature starts in big serve, which has been out. So whatever was like 2020s release and beyond is where this comes into play.
Apple likes to name things fun. It should help me remember, but I, big sir, is what is sticking out in my brain of where the OS needs to be to switch to this.
[00:48:15] Brett Cheloff: Got it. Next one's also towards you. So did you say there was a deadline date for having Chromebook os Manifest V two extension updated to V three?
The answer was yes. What was the date again, Kate? Yes.
[00:48:30] Kate Trojanowski: So Chrome's actually already deprecated it at the end of June, but they're giving enterprise businesses a little more leeway. So that deadline is August 19th. The only reason we're sitting in beta still is for adoption. We haven't seen any challenges.
So if you're open to beta, we can get you rolling onto that now. And like I said, August 19th, we're reaching the end of July here. So we're gonna mark this ga very soon. And look out for the marketing emails too, because they'll send reminders to make sure that you're in loop.
[00:49:09] Brett Cheloff: Awesome. This one's a jump ball. So are there any plans to address VDI compatibility with the roaming agent or just from a blanketed install standpoint to give us visibility on user activity? Right now on our multi-session a VD Windows 11 hosts, we point our hosts to our off-prem DC DNS server and have our DC point to DNSFilters, DNS servers, as for as a forwarded.
So we can only see the internal host ip accessing the sites, not the users.
[00:49:43] Ryan Poppa: So I'll try to answer that question. This is a longstanding issue, and it isn't something that we necessarily control in a VDI environment. We don't get user information as you're sending DNS requests. So unfortunately there isn't anything that we can do in the short term.
And so it's an unfortunate consequence of VDI and what Citrix and Microsoft and others have done, how DOH or DS over HDP might be able to help with this a little bit because DOH is set at the user level and not the system level. And that might be a way to get around VDI, but no promises yet. We're still evaluating.
[00:50:20] Brett Cheloff: I also would like to add that once precheck is in for at least VDI and Windows environments the precheck not changing DNS, you'll still get DNS records linked to the logged in user in those VDI environments. So that style of DNSFiltering can help in scenarios like that.
Alright, next question. So this might be more of a support related question, but we'll we'll help you out with it. We just onboarded a customer, very restricted policy. We're seeing that when they get to a block page, they get that your connection is not private, meaning the certificate's not installed.
What's the best practice way of getting around this? He's saying without having to install DNSFilters, certificates on all computers. Which that is the answer unfortunately, is installing the certificate, typically done through your RMM. I do think it's important to note, and I don't think Kate touched on it 'cause I'm not exactly sure we're doing it right away, but part of DNS precheck allows for the block page to be hosted locally.
Is that gonna be part of that precheck Kate? That's not
[00:51:37] Kate Trojanowski: gonna be in V1 but it'll evolve to get there thought.
[00:51:42] Brett Cheloff: Yeah, so I think what's important to note is as these features come over on the Zuora side, the block page is actually hosted locally, which is why you're not getting that certificate thing.
Keep in mind, if it's a network block, you're still gonna get the certain problem, so can't stress that enough. But if it's an endpoint block, it would be hosted locally and doesn't require something like that. So it will evolve to that point. But as for now. I would recommend using whether you have an RMM tool or of nature, be able to deploy that certificate to the devices on that network, and then you will stop seeing the, your connection is not private.
All right, so we got a question. Does Zuru work alongside Threat Locker? Are or are they competing product services? Technically, they're a competitor now too. They have DNSFiltering. I don't think it's as robust as DNSFilter and zora, but they absolutely have that. And we do pair nicely side by side with them.
If you choose to use our filtering services through them can't stress enough. Like for instance, our security intelligence team, we invest a lot of time and money in owning and training our threat intelligence to make it world class. Most people and other vendors do not own their threat intelligence and have a team like ours.
And we really strive to make that the best out there to be the thought leaders of that type of DNS security and protection.
So I'm sorry if I missed this earlier, but is there any plans to address issues with DNSFilter roaming agent, when there are connectivity issues on Windows hosts? Be it the user cannot connect to the internet specific services, is there a bypass mode or a, so this is almost like a fail open question in our strategy around fail open, so I do think, Kate touched on the DNS precheck item, DNS precheck by design is a fail open. You have the choice to fail close if you choose, but if it can't be looked up properly, it will allow them to go there. For instance, if the infrastructure is down, which, happens from time to time, even Netflix goes down and we can't watch our shows.
But the the idea there is to have an elegant fail open model regardless of style. So we've even been actively working on a fail open model, even owning the DNS resolver as well. That's still in progress to mature and get out there, but once pre-check goes out, you'll have that elegant experience of fail open.
But until then, right now owning the DNS, we strive to keep our, our DNS resolvers uptime at five nines, and we continue to work that out and move that forward. And I think that is it. So I'm seeing a lot of just to address it, I am seeing a lot of questions around just like Zora's DNSFilter.
What's the story here? What's the long term, I went with one product, what should I do? Kind of statement. The sentiment right now and what we're working towards. Long term. Yeah. Years away. We want to be one platform, one product that is capable of doing way more than what, Zuru and DNSFilter do alone today.
There's so many ideas that we have that we're gonna expand into. And if you've already are on zuru today or you're on DNSFilter today, and where should I be? You should be where the feature set makes most sense for you and what you're trying to do today. If you're heavy into cyber site and that data is important to you, you should stay on Zorus.
If you love the way that the filter works from a pre-check standpoint on Zorus, great. If you love what you got on DNSFilter side today, but you're really eager to do cyber site, we're actively, moving that type of stuff over and those features over and it's all features of Zoros will move over, including things like GYP blocking, the elegant unblock request style.
'cause that came up as a question too, that I answered privately. All of that will move over. And once we get to the end state, which is gonna take a lot of time, so no panicking or anything like that, and we're still investing in our products, both sides there will be a migration process, but it will be as automated as humanly possible once we get there.
But that's, way out. We're talking a long time. So with that being said though the fact that we already switched networks over to DNSFilter is a big win in the sense that you're already on the DNSFilter network if you're using Zorus today anyway. There's not much to migrate after that other than your settings and configuration.
With that, I want to thank everybody we're on an hour exactly. Thank you so much for joining our first roadmap webinar. We'll see you all in three months with our next update and never be too scared to come hit us up in any of the shows that we might be at in the future. We love talking to our customer base and our partners, and we will see you on the flip side.
Watch the session now for updates directly from our Product team leaders, including:
- Recent product highlights
- A sneak peek of upcoming enhancements
- Answers to many of your burning questions
- And More!