Host Dave Sobel sits down with Ken Carnesi, the co-founder and CEO of DNSfilter, to explore the integration of artificial intelligence (AI) within their DNS security solutions. Ken explains how DNSfilter leverages machine learning to enhance threat intelligence by analyzing both proprietary data and third-party feeds. With over 100 different feeds, the challenge lies in reconciling differing opinions on what constitutes a threat. By employing machine learning algorithms, DNSfilter can determine the most accurate threat assessments, significantly improving their response time to emerging threats.
The conversation delves into the complexities of content moderation, particularly in the context of nuanced topics such as adult content and misinformation. Ken highlights the importance of human oversight in categorizing content, as machine learning alone struggles with the subtleties of context and cultural differences. He emphasizes the role of a diverse security intelligence team at DNSfilter, which engages in discussions to reach consensus on difficult categorization decisions. This human element is crucial for addressing the challenges posed by varying interpretations of content across different cultures and languages.
As the discussion progresses, Ken shares insights into decision-making frameworks within the company, particularly when faced with contentious issues like misinformation during election cycles. He notes the importance of collaboration and communication among team members to ensure that decisions are well-informed and balanced. The conversation also touches on the relationships between private companies and public sector agencies, highlighting the challenges of navigating bureaucracy while striving for effective cybersecurity outcomes.
Looking ahead, Ken expresses his excitement about the future of AI in cybersecurity, particularly its potential to enhance detection and automation capabilities. He anticipates that 2025 will be a pivotal year for AI integration, making advanced tools more accessible to businesses. The episode concludes with a reflection on the evolving landscape of cybersecurity and the responsibilities that come with it, particularly for managed service providers (MSPs) who play a critical role in safeguarding national infrastructure.
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
[00:00:01] Dave Sobel here at IT Nation Connect, the opportunity for a bonus episode to sit down with Ken Carnesi, the co-founder and CEO of DNS Filter. Ken, thanks for joining me today.
[00:00:11] Thanks for having me, Dave. Appreciate it.
[00:00:12] I was fascinated to talk to you on two areas, particularly on DNS Filter. One of the things DNS Filter has really leaned into is AI as part of it. Now, I want to unpack a little bit about what that AI means because I understand you're doing a lot with it and I want to make sure I get through the marketing
[00:00:28] to actually tell me a little bit more about how that works and what kind of intelligence you've brought to the product.
[00:00:34] That's a good question. There's even a big push to use it internally in the company this year, but as far as with regards to the threat intel, I actually try to split it into two different areas.
[00:00:47] There's the stuff we generate on our own and then there's the stuff that others bring in, right?
[00:00:52] So, DNS Filter, much like any other kind of DNS-based solution, we're going to ingest third-party feeds and so forth to tell us what's good, what's bad, right?
[00:01:05] So, we bring in about a hundred of those different third-party feeds.
[00:01:09] The challenge with that, for anybody who brings in more than one, is that they rarely agree with each other, right?
[00:01:17] So, you could have potentially a hundred, well, probably not a hundred differing opinions, but two or three different options across a hundred different permutations, right?
[00:01:27] So, we actually leverage machine learning that we built on one side to just look at those feeds and kind of determine, based on a bunch of different heuristics,
[00:01:36] which one of those feeds is correct that this is or is not a threat.
[00:01:41] So, that's sort of one half of how we use it.
[00:01:45] On the other side is what we do in-house completely.
[00:01:49] So, that's been something we've been working on since before.
[00:01:52] It was even like a buzz phase, I'll say, in 2018.
[00:01:56] We initially started out using it for domain categorization.
[00:02:00] So, that would say this is a shopping site or a news site, a porn site, whatever it may be to determine, you know, if you want to block those types of things.
[00:02:08] Since then, in the last few years, we've expanded that to threat identification.
[00:02:12] So, basically, as customer traffic flows through, they request new domains we haven't seen before.
[00:02:20] That triggers our AI or machine learning to go crawl and categorize those sites and figure it out on a hundred, I believe it's about 150 different heuristics.
[00:02:30] You know, this is good, this is bad.
[00:02:31] So, at this point, we're identifying about 70% of the threats that we block.
[00:02:38] We identify them ourselves through that, you know, proprietary machine learning.
[00:02:44] First, maybe like it's on average about 10 days faster than we might see it on one of those different feeds.
[00:02:51] So, yeah, that's...
[00:02:52] So, the reason I wanted to ask about that is that sets a little bit of a tone to give me your perspective.
[00:02:58] As someone who's been using this and teaching models and getting access to a station, what are you finding that the models are particularly great at doing?
[00:03:06] And what are you finding that they're not very good at doing?
[00:03:09] Yeah, that's a really good question.
[00:03:11] I mean, so, we operate not just in the United States, for one thing.
[00:03:16] We operate in, I think we have 100 customers in 195 different countries.
[00:03:21] So, most of the countries on the planet.
[00:03:22] Most of the...
[00:03:23] I don't even know how many there are, but there's more than that, so not everything yet.
[00:03:27] But we have, obviously, a lot of different languages we have to deal with.
[00:03:31] So, that's actually kind of one big challenge in the first place is you're not going to just like...
[00:03:37] I mean, there are certain parts of the model that are going to flow through images, things like that.
[00:03:42] You know, malware is malware, stuff like that.
[00:03:44] But running through translation layer, it's not that simple.
[00:03:48] So, you know, handling, I think, translation and nuances between languages, especially some of the ones that may be less popular, definitely a challenge for sure.
[00:03:59] And then also, sort of anything new, right?
[00:04:02] Like mimicking output of a human, that tends to be kind of difficult.
[00:04:07] Like it requires a lot of different training.
[00:04:09] You would think it's not just training on what's bad, but you actually have to do a lot of training on what's good.
[00:04:16] And often that's through like human-led interactions where, you know, you'd have to say, you did a bad job categorizing this site or this domain and it's because of X, Y, Z.
[00:04:26] Or you did a good job and it actually needs positive reinforcement to be told why.
[00:04:32] So, you know, the challenge there, though, is that it takes thousands and thousands of these kind of repetitive trainings just to improve, you know, simple behavior.
[00:04:41] So, I'm also curious, the other area I would think that you've also got an interesting set of insight into is content moderation.
[00:04:47] Because you've got to make determinations about what content is like.
[00:04:52] And this is an area that there's a lot of subtlety to it.
[00:04:55] You know, when you think about the idea of, you know, we talk about sex broadly, right?
[00:05:00] Okay, well, then we can have it in, there's medical versions of that.
[00:05:03] There's versions that are acceptable in conversations.
[00:05:06] There's guns that are potentially cultural choices.
[00:05:08] You know, there's a whole wide variety of that.
[00:05:11] And so, give me a little bit of the lessons you've learned about thinking about that framework.
[00:05:17] And I particularly am interested in understanding that because a lot of what we're talking about now is data classification.
[00:05:21] This is an area where you have a lot of experience in thinking about how that works.
[00:05:25] What are some of the things you've learned around content?
[00:05:28] Yeah, well, first off, you're absolutely right.
[00:05:30] You know, so that is definitely a challenge, especially when it comes to images, right?
[00:05:35] Because, I don't know, honestly, like when you're identifying like pornographic sites, for example, through machine learning,
[00:05:44] a lot of times it's image analysis.
[00:05:46] And if there's a lot of skin, for example, that could trigger something that may or may not fall into that category.
[00:05:52] But really, honestly, that's not a part that we have a great answer for.
[00:05:56] I mean, it comes down to a human team still.
[00:05:58] We have a security intelligence team at DNS Filter.
[00:06:02] And, you know, part of their mandate is, of course, the domain categorization outside of threats, too.
[00:06:07] So, we really try to have just a broad range of thinking and beliefs on the team so that they can have educated conversations amongst themselves.
[00:06:16] And then, you know, if something, if they can't agree on it, they'll kind of bring it to the executive team and we'll try to assist.
[00:06:22] But it's really actually, when it gets very, very nuanced, that comes down to a debate, really.
[00:06:29] I have to be honest.
[00:06:30] Well, you've actually, that's interesting because you've led me to one of the questions that I often like to talk to about leaders.
[00:06:35] And I think this might also be a way of, how do you approach decisions?
[00:06:39] Like, I would think that there's a way, this is a great example of the kind of decisions as a leader you're going to have to get involved with.
[00:06:44] Do you have like a particular framework for thinking about decision making that you apply?
[00:06:49] You know, I think we all just kind of keep each other in check.
[00:06:52] I don't know that there's really a framework.
[00:06:54] It's actually a lot more straightforward than you think most of the time.
[00:06:58] I believe where it's been a bigger challenge, for example, because I keep tying to the adult content chart,
[00:07:05] is actually more recently has been everything that we saw with all the elections, actually.
[00:07:10] Okay.
[00:07:10] Because there is a ton of election interference going on.
[00:07:14] There's a lot of what might be considered fake news.
[00:07:17] Okay.
[00:07:18] News that is trustworthy or not, that's where it came into play a lot.
[00:07:22] Interesting.
[00:07:23] Recently, you know.
[00:07:24] So the good thing is we actually keep good tabs with government agencies, government partners and everything
[00:07:31] who will feed us lists of what is, you know, misinformation or maybe somebody who's trying to go, you know,
[00:07:38] modify an outcome or an election result or, you know, opinion base or something like that.
[00:07:45] So a lot of that gets given to us.
[00:07:47] But, you know, you do have a lot.
[00:07:51] A lot of the confusion tends to come from customer tickets, actually, where a customer might go and say, you know, believe it or not, we get a lot that'll be like CNN's fake news or something like that.
[00:08:04] And you're like, well, you know, that's pretty clear that you may disagree with it.
[00:08:08] It's not fake news.
[00:08:09] But, yeah, I mean, we just really have to keep each other in check.
[00:08:13] It's hard to have a framework around it because you never know what's going to come in.
[00:08:17] Gotcha.
[00:08:17] I'd actually be, you brought it up.
[00:08:19] And so I'm really interested to get your perspective then on kind of that as a leader in public private partnership there.
[00:08:24] Like, how are you finding working with your security counterparts in, you know, public sector, like at other particular agencies you're working with?
[00:08:33] And how do those relationships work?
[00:08:34] Yeah.
[00:08:35] So nothing really direct and official, I would say.
[00:08:39] It's interesting.
[00:08:40] Like, they all, the leaders of a lot of those agencies, they do want a good outcome.
[00:08:44] They want to keep us safe.
[00:08:45] You know, they don't want these things to happen.
[00:08:47] But, you know, lawyers get involved, let's say.
[00:08:50] And there's a lot of red tape, a lot of issues.
[00:08:53] So there's been some really big leaders in the industry, I'll say, that get us all together into a particular group where you might see, you know, leaders from DNS filter, other filtering companies, ISPs, telcos, you know, cybersecurity companies.
[00:09:08] And we actually, a lot of these lists are built just communicating with each other in a Slack channel.
[00:09:14] You know, it's an invitation to a community that you kind of have to earn your way into, you know.
[00:09:20] And that tends to mean you're a trusted party, you know, you're not introducing too much bias or anything like that.
[00:09:28] And, you know, obviously there might be somebody from an agency in there potentially saying, hey, just take a look at this and make a decision of what you think.
[00:09:37] But, yeah, it's really more the private part of a public-private partnership that's getting this all done.
[00:09:43] Interesting.
[00:09:44] And I'm glad you gave me some insight into that because it's another example of community work, particularly at a conference where we're talking about a lot of that.
[00:09:51] And I'm going to use that to sort of pivot a little bit to something you and I were talking about before the broadcast.
[00:09:56] And I'm really curious to get your take on, you know, you've got a lot of thinking around the idea of kind of this dynamic that I'm looking at now between platform plays in the MSP space and integration plays.
[00:10:09] Because if we, one of the things we've been hearing here at IT Nation is they're leaning very much into this idea of a MSP platform.
[00:10:15] You were at Kaseya's Datocon last week.
[00:10:18] It's another area where they're talking about, you know, very much a platform play.
[00:10:22] Now, without necessarily having to talk about specific platforms, I'd really like to talk about it from a strategy perspective because that's one set of approaches.
[00:10:30] And then the other generalized thought on this is the idea of bringing together, integrating products, potentially bringing best of breed style positions together.
[00:10:40] Tell me about how you're thinking about those two approaches as you're looking at the marketplace.
[00:10:46] Sure.
[00:10:46] Well, I'd have to say that this is maybe new to the MSP space, but it's been something that I've had to deal with for years outside the MSP space, you know, because we service other organizations too, of course.
[00:11:01] And you see it with, like, for example, you know, if you think about Cisco or Cisco is a big one for us, right?
[00:11:07] Cisco Umbrella is a big competitor.
[00:11:09] You have a lot of, like, these, what you would consider sazzy plays in the space.
[00:11:13] Okay.
[00:11:14] And we're always having to fight against that because it's like if you're going to go buy something and that company makes a bunch of other different aspects that probably make up a complete package, let's say, you know, it tends to be more cost effective, of course.
[00:11:29] So I've always been taking the approach of more of the best in breed, like you're talking about.
[00:11:34] Okay.
[00:11:35] You know, in the MSP space particularly, I think that it is kind of a, we have a really big responsibility in the MSP space.
[00:11:43] And I mean, we as in all of us, the MSPs most especially.
[00:11:49] You're actually a very big part of critical national infrastructure, as I'm sure you're aware.
[00:11:55] You know, there's a big responsibility, in my opinion, to be operating at the highest level of security effectiveness that we can.
[00:12:02] So I just, you know, I don't think that there's something inherently bad necessarily with these platform plays.
[00:12:09] But I think that I get concerned when you hear a lot about margin and cost, I'll say, you know, lower cost, higher margin.
[00:12:19] That's the pitch of pretty much any platform play.
[00:12:23] And when you see people getting into the space that really themselves as a larger organization may not even have a background in cybersecurity originally,
[00:12:33] it just, I think, should introduce the question more frequently of what is actually powering these sort of,
[00:12:40] these platform plays that didn't exist yesterday or a couple weeks ago or something and they exist today.
[00:12:47] That doesn't mean it's bad.
[00:12:48] I'm not, I'm not here to say it's bad.
[00:12:50] It could be better than DNS Bill Shirt for all I know.
[00:12:53] But I think, you know, it does beg the question of like, there are things to consider other than price.
[00:12:58] And for me, I think we have a very big responsibility in that space.
[00:13:02] So I don't disagree because I'm with you in terms of the fact that we need to be collectively working toward more security, you know, broadly.
[00:13:10] There's also the question that at the appropriate level of security, and I really like to get your sense of framework on that
[00:13:15] because you talk about being the best, you know, the best in class and best in class.
[00:13:20] That would mean different things for different customers.
[00:13:24] I'm going to use two entirely extreme examples intentionally, right?
[00:13:27] So on the high end, I could have the CIA and classified information at the highest level.
[00:13:34] So we talk about that has a particular security profile.
[00:13:37] And then if I take a small retail business that is, you know, has a, that is purely selling transactional bits in an area that is non-classified,
[00:13:50] that is non-secure, that isn't healthcare or regulated industry.
[00:13:53] Like I can have a big spectrum and there's all the things in between that.
[00:13:57] How do you think about matching that when you're like, well, because best in breed, best in class sounds great, but how do I match the right one to the right problem?
[00:14:09] And how do I, how do you measure that?
[00:14:11] That's a really good question.
[00:14:14] You know, nobody's actually ever asked me that before, but, but, but I think I have a decent answer.
[00:14:20] And that's, um, I, if I put myself into the shoes of the MSP, okay.
[00:14:26] I think it comes down to what it is you're protecting a little bit for sure.
[00:14:32] Uh, but also like what is the worst case scenario of providing not a good level of protection?
[00:14:38] Uh, in an ideal world, I, I think, you know, uh, if you have high standard of conduct, let's say, hopefully as an MSP, you're not going to, uh, provide inadequate, knowingly, uh, you know, inadequate protection to a customer.
[00:14:55] Um, and you should walk away if they're not willing to pay for that.
[00:14:58] I believe let somebody else take that on, uh, who, who's willing.
[00:15:02] Um, but you know, maybe you kind of have to offer that to the customer a little bit if you can have informed them, like, you know, there's a good, there's a better, there's a best or something like that.
[00:15:12] But, um, what I mean by what you're protecting is like that.
[00:15:16] Yeah.
[00:15:16] I mean, it's very easy to understand, like at the high level, some sort of, you know, healthcare type material, CIA, stuff like that.
[00:15:24] Classified material, manufacturing stuff.
[00:15:27] That's all really, really potentially critical stuff that you want to protect, right?
[00:15:32] But that doesn't mean that, um, always that information getting out is going to have a different impact to the business or to the person, uh, that you're protecting.
[00:15:42] If that makes sense, you know, like if somebody's personal information gets out, um, somebody, you know, a small business who maybe operates on really thin margins, you know, they, yeah.
[00:15:52] They may only make a hundred thousand dollars a year or something like that, bringing it in.
[00:15:56] But, you know, and they only have $5,000 in their bank account at any given point in time.
[00:16:01] That $5,000, not worth so much compared to maybe some of the other customers you might be protecting.
[00:16:07] But to them, losing that $5,000, that might be a life-changing event.
[00:16:13] So, I just think, you know, you have to consider what you're, what you're protecting.
[00:16:17] Maybe not just the sub-blood.
[00:16:19] Yeah.
[00:16:19] Oh, it makes sense.
[00:16:20] You, you've given a lot of different qualifiers in there because it is the analysis of their specific needs and guests to the, to the level of product.
[00:16:28] That's a, it's a really interesting way to, to put that.
[00:16:30] So, as I'm sort of wrapping, one of the things I've liked talking about with, uh, with guests, particularly here is, so we're talking in the November timeframe of 2024.
[00:16:38] Yep.
[00:16:39] You know, we're all sort of thinking about what next year looks like.
[00:16:42] Give me sort of the, the one thing you're tracking to say, this is what I'm looking to see sort of as a, as a interesting thing for 2025, a trend that you really closely follow.
[00:16:54] Yeah, I think it's, uh, it's absolutely, I mean, it's, I'm assuming you mean in the cyber space or just intentionally broadly, intentionally broadly.
[00:17:04] There's a lot of things, you know, I, I think that, uh, personally, I'm curious to see what next year looks like, uh, from a business perspective for everybody.
[00:17:12] I think that, uh, we've all felt like that things have slowed down a little bit this past year.
[00:17:18] It's been tough.
[00:17:19] Uh, you know, I'm relatively new in business, I'll say, or at least operating at this level.
[00:17:25] Um, but you know, everybody feels it here.
[00:17:27] Maybe it's just cause it's an election year.
[00:17:29] It always happens.
[00:17:30] I don't know.
[00:17:30] So that's top of my mind, of course, uh, because I'm trying to grow a business here, uh, from a, uh, from a security standpoint, definitely.
[00:17:39] I think that the, uh, the AI stuff is really interesting to me.
[00:17:43] I mean, I don't, I, I'm using that intentionally broadly too, but I'm very curious to see the proliferation.
[00:17:49] And how it's going to affect so many different things in the cyberspace, both on the good guy side and on the bad guy side.
[00:17:57] Uh, I think there's a lot of really interesting use cases that we have to find, uh, in terms of detection and automation within the businesses.
[00:18:05] Uh, and I'm, I'm just curious to see, I think it's going to be the first year where, uh, it's going to become really, I mean, it's already pretty accessible, but I can see trying to roll it out in my own company without three different teams that not everybody's like fully grasping it yet.
[00:18:21] It's not fully accessible to everybody.
[00:18:23] I think that's going to change a lot this year, particularly with it being included in like iOS devices.
[00:18:29] And I think 18.2 is coming up soon.
[00:18:32] It's going to be chat GPT integration.
[00:18:34] I mean, I'm just really, really excited to see how that's going to pan out.
[00:18:38] Cause that's, I'm spending an inordinate amount of my time talking to chat GPT lately and building out all sorts of tools at work.
[00:18:45] I mean, I think people hate me at work.
[00:18:48] I think you're investing a little bit in product to me and that is a positive.
[00:18:52] We're going to leave it on.
[00:18:53] Ken, really appreciate you joining me today.
[00:18:55] This has been fascinating.
[00:18:56] Thank you.
[00:18:56] Appreciate your time.
[00:18:59] Are you ready to get your brand in front of the tech leaders shaping the future of managed services here at the business of tech?
[00:19:06] We offer flexible sponsorship opportunities to meet your needs, whether it's live show sponsorship, podcast, advertising, event promotion, or custom webinars from affordable exposure options to exclusive sponsorships.
[00:19:20] Our offerings are designed to fit businesses and vendors of all sizes looking to make an impact.
[00:19:26] Prices start at just $500 per month, making our packages a fraction of typical event sponsorship costs.
[00:19:35] Be a part of the conversation that matters to IT service providers worldwide.
[00:19:41] Join us at MSP radio and amplify your message where it counts.
[00:19:45] Visit MSP radio.com slash engage today to explore all the ways we can help you grow.
[00:19:54] The business of tech is written and produced by me, Dave Sobel under ethics guidelines posted at business of dot tech.
[00:20:02] If you like the content, please make sure to hit that like button and follow or subscribe.
[00:20:07] It's free and easy and the best way to support the show and help us grow.
[00:20:12] You can also check out our Patreon where you can join the business of tech community at patreon.com slash MSP radio or buy our why do we care merch at business of dot tech.
[00:20:25] Finally, if you're interested in advertising on the show, visit MSP radio.com slash engage.
[00:20:32] Once again, thanks for listening to me.
[00:20:34] I will talk to you again on our next episode of the business of tech.
[00:20:41] Part of the MSP radio network.