March 2022 Summaries
63 posts from Cloudflare
Filter
Month:
Year:
Post Summaries
Back to Blog
In 2021, the World Health Organization (WHO) was the most impersonated brand in phishing campaigns, with over 8.5 million phishing emails blocked by Area 1 Security. This marks WHO's second consecutive win as the back-to-back winner of Area 1’s “ophishal” March Hackness title. Amazon ranked as the runner-up, being impersonated in over 3.2 million phishing emails. Brand phishing continues to be a significant issue for many organizations due to attackers' ability to establish new domains and exploit trusted infrastructure. Advanced detection techniques such as massive-scale web crawling and pattern analytics can help identify phishing campaigns before they reach the inbox.
Mar 31, 2022
953 words in the original blog post.
A set of high profile vulnerabilities, known as Spring4Shell, has been identified affecting the Java Spring Framework and related software components. Four CVEs (Common Vulnerabilities and Exposures) have been released so far, with potential for full remote code execution compromise. Customers using Java Spring and related software components should update to the latest versions by following official Spring project guidance. The Cloudflare WAF team has deployed new managed mitigation rules to protect against these vulnerabilities.
Mar 31, 2022
343 words in the original blog post.
Cloudflare is preparing its infrastructure for the arrival of quantum computers by replacing vulnerable cryptographic algorithms with post-quantum algorithms. The company has focused on making SaltStack, an open-source infrastructure management tool used by many organizations, quantum-secure. In the process, they discovered several security vulnerabilities in Salt's cryptographic protocol and reported them to the developers. Cloudflare is now working on implementing a new transport using WebSocket over mutually authenticated TLS (mTLS) for SaltStack, which could potentially improve performance at scale while making it post-quantum secure.
Mar 31, 2022
1,565 words in the original blog post.
Google recently published an emergency security update to patch a high severity vulnerability (CVE-2022-1096) in all Chromium-based web browsers. To maintain cybersecurity posture, users are encouraged to update their local web browsers promptly. However, this remains a reactive measure against existing threats. Cloudflare offers proactive protection against zero day browser threats through its Zero Trust and Remote Browser Isolation services. These services provide layered defense strategies that inspect and filter traffic, execute all website code in remote browsers, and automatically destroy and reconstruct remote browsers at the end of sessions to minimize attack surfaces. Patching remote browsers is a different process from patching local ones, as it does not require user intervention or work disruption. Cloudflare's Browser Isolation service is available for both self-serve and enterprise customers, offering fast and secure remote browsing for teams worldwide.
Mar 29, 2022
712 words in the original blog post.
The 94th Academy Awards held on March 27, 2022 saw a significant impact on internet traffic, particularly in social media platforms like Twitter and TikTok. There was a spike of 32% more DNS requests for Twitter after Will Smith's altercation with Chris Rock, peaking at 51% more requests during his acceptance speech for Best Actor. TikTok also experienced an increase of 20% in requests following the incident and peaked at 40% more traffic right after Smith's speech. IMDb.com saw a 93% increase in traffic before the Oscars started, with another spike when Ariana DeBose won Best Supporting Actress Oscar for West Side Story. ABC.com and Oscars.com had between 200 to 600% more traffic than usual during the event, while the official Oscars website saw a 1,300% increase in traffic after Questlove's Oscar win and The Godfather reunion. Movie news sites like Variety, Hollywood Reporter, Vulture or E Online experienced an 833% growth in DNS requests on Oscars Sunday compared to the best days of the week, with even higher traffic the next day.
Mar 29, 2022
974 words in the original blog post.
Cloudflare's Magic Firewall, a replacement for network-level firewall hardware, evaluates gigabits of traffic every second against user-defined rules. The system initially used more memory than desired due to the storage of millions of IP addresses in each namespace. To address this issue, Cloudflare leveraged eBPF maps, which exist regardless of a network namespace, allowing them to share data across all namespaces created for customers. This change significantly improved the efficiency of the product and better positioned it for future growth.
Mar 29, 2022
1,654 words in the original blog post.
Area 1 Security's Sixth Annual March Hackness: The Perfect Phishing Bracket reveals the top brands that attackers use in phishing lures, based on an analysis of over 56 million blocked phishing emails. In 2022, more than 77% of brand phishing attempts exploited just the Top 64 brands, with cloud services such as Amazon, Google, and Microsoft being commonly targeted. Additionally, healthcare organizations, social services, and grocery stores/food & beverage retailers were frequently impersonated by attackers. The NCAA basketball tournament-inspired bracket highlights the importance of understanding phishing trends to prevent breaches effectively.
Mar 26, 2022
1,014 words in the original blog post.
Cloudflare has announced a new solution that allows users to create, deploy, and manage tunnels directly from the Zero Trust dashboard, simplifying the process of connecting infrastructure to Cloudflare. This development aims to make it easier for users to build private networks with Cloudflare by reducing the number of steps required from 14 terminal commands to just three simple steps in the dashboard. The new solution also eliminates the need for managing configuration files or tokens locally, as these will be managed by Cloudflare based on user inputs. Additionally, the company is working on a tool to seamlessly migrate locally managed configurations to Cloudflare-managed configurations and plans to add more global configuration options in the future.
Mar 25, 2022
1,540 words in the original blog post.
An Autonomous System (AS) is a crucial component of the internet, consisting of routable IP prefixes belonging to a single entity such as internet providers or governments. These ASes help connect users and systems to the rest of the internet by advertising how to reach them. Cloudflare has launched new Radar pages for Autonomous Systems, providing traffic statistics and trends that can reveal unusual events like outages, infrastructure anomalies, targeted attacks, or changes from service providers. The AS page offers insights into traffic levels, protocol use, security details, geographical distribution of traffic, and BGP announcements volume. Sudden increases in BGP announcements often indicate disruptive changes to the internet in a specific region or institution associated with an AS. Cloudflare is dedicated to increasing transparency on the inner workings of the internet to keep it more open and secure for everyone.
Mar 24, 2022
348 words in the original blog post.
Cloudflare has introduced mutual TLS (mTLS) authentication support for its Access product, allowing SaaS providers to add an extra layer of security to their customers' domains. This feature is particularly useful for high-security services such as payment processors, where only authorized devices should be able to make requests. By using mTLS, SaaS providers can configure a Root CA for each customer and issue client certificates that will be installed on authorized devices. This ensures that requests bound for the API endpoint only come from valid devices and prevents unauthorized access. The feature is currently in Beta and available for Enterprise customers to use.
Mar 22, 2022
1,110 words in the original blog post.
On March 22, 2022, it was reported that Okta had experienced a compromise involving an outside hacker gaining access to an Okta support employee's account in January 2022. Cloudflare, which uses Okta internally for employee identity management but not for customer accounts, conducted a thorough investigation and determined that they were not compromised as a result of the incident. The company took several steps to ensure security, including temporarily suspending access for users who could have been affected, forcing password resets for employees who had reset their password or modified their Multi-Factor Authentication (MFA) since December 1, and reviewing Okta logs for potential suspicious activities. Cloudflare also advises other Okta customers to enable MFA for all user accounts, investigate and respond to any unusual activity related to passwords and MFAs, and maintain additional security layers in case of breaches.
Mar 22, 2022
1,174 words in the original blog post.
Cloudflare has introduced Health Checks in its Dashboard's Notifications tab, available for Pro, Business, and Enterprise customers. This feature allows users to receive critical alerts on the health of their origin without checking their inbox. Users can now create Health Checks notifications within the Cloudflare Notifications dashboard, which integrates with webhooks, allowing customers to sync notifications with various external services such as Slack, Google Chat, Microsoft Teams, and more. The update also includes a single source of truth for account notifications and simplified configuration for multiple Health Checks.
Mar 22, 2022
2,500 words in the original blog post.
Cloudflare, a platform used by developers, bloggers, business owners, and large corporations for security and performance purposes, has reported that 80.6% of all websites use its reverse proxy service. The company's network processes around 32 million HTTP requests per second on average, with more than 44 million at peak times. Of these, approximately 8% are mitigated by Cloudflare to protect against unwanted or malicious traffic.
Layer 7 DDoS mitigation is the largest contributor to mitigated HTTP requests, accounting for 66% of the total count. Custom WAF Rules contribute to more than 19%, while Rate Limiting accounts for 10.5%. IP Threat Reputation and Managed WAF Rules each account for around 2.5% and 1.5% respectively.
HTTP anomalies are the most common attack vector, with over 54% of HTTP requests blocked by Cloudflare's Managed WAF Rules containing such anomalies. More commonly known attack vectors like XSS and SQLi contribute to about 13% of total mitigated requests. Businesses still rely on IP address-based access lists to protect their assets, with the source IP address or fields easily derived from it being used in approximately 64% of all custom rules.
Bot traffic accounted for around 38% of all HTTP requests during the time period analyzed, with customers allowing 41% of bot traffic to pass through to their origins while blocking only 6.4%. More than a third of non-verified bot HTTP traffic is mitigated by Cloudflare's network.
API traffic trends showed that API endpoints globally receive more malicious requests compared to standard web applications (10% vs 8%) and that SQL injection attacks are the most common attack vector on API endpoints, with command injection attacks also being much more prominent.
Mar 21, 2022
2,421 words in the original blog post.
Cloudflare has added 18 new cities in Africa, South America, Asia, and the Middle East to its global network, bringing the total number of locations to over 270. The addition of these cities helps improve internet performance by reducing latency and enhancing security. One example is Israel, where median response time was reduced from 86ms to 29ms after Cloudflare's deployment in Tel Aviv and Haifa. This improvement is achieved through the Cloudflare ISP Edge Partnership Program, which embeds Cloudflare servers within ISPs' networks, benefiting both parties by reducing back haul traffic and improving internet performance for users.
Mar 21, 2022
594 words in the original blog post.
Cloudflare has reported that it is now the fastest provider in 71% of the top 1,000 most reported networks around the world. The company used Real User Measurements (RUM) to fetch a 100kb file from several different providers and compared its performance with other providers. Since Full Stack Week, Cloudflare has improved its position in p95 TCP Connection Time across top 1,000 networks worldwide. It also aims to be the fastest provider in every country. The company's commitment to building the fastest network allows it to deliver unparalleled performance for all applications, including security applications.
Mar 21, 2022
1,233 words in the original blog post.
The article discusses how HTTP/3 can be used for proxying TCP-based applications, including DNS-over-HTTPS and generic HTTPS traffic. It explains that QUIC is designed to run on top of UDP and provides its own layer of security, packet loss detection, data recovery, and congestion control. The article also introduces MASQUE, a working group formed in June 2020, which has been designing solutions for proxying non-TCP applications like HTTP/3. It outlines the process of encapsulating datagrams using QUIC's unreliable datagram extension and how an application can initialize an end-to-end tunnel to inform a proxy server where to send UDP datagrams. The article also discusses the challenges related to path MTU, nested tunneling for improved privacy proxying, and IP tunneling. It concludes by stating that MASQUE is helping design an HTTP-based solution for UDP and IP that complements the existing CONNECT method for TCP tunneling, allowing proxy protocols to be used more widely.
Mar 20, 2022
2,250 words in the original blog post.
Traffic proxying is a valuable privacy tool that encapsulates one flow of data inside another, helping establish boundaries on the internet. MASQUE is a collaboration effort to design efficient proxy protocols based on IETF standards. Forward proxying involves a client establishing an end-to-end tunnel to a target server via a proxy server. TCP provides a reliable byte stream for applications like HTTP and TLS, while various proxy protocols are used for proxying TCP end-to-end, including SOCKS, Transparent TCP proxies, Layer 4 proxies, and HTTP CONNECT. The IETF chose to focus on using HTTP as a substrate via the CONNECT method, which supports different versions of HTTP like HTTP/1.1, HTTP/2, and HTTP/3. QUIC is a new secure and multiplexed transport protocol that provides reliable and ordered streams for applications like HTTP/3. Moving forward, the MASQUE Working Group aims to standardize technologies enabling proxying for datagram-based protocols like UDP and IP.
Mar 19, 2022
2,205 words in the original blog post.
Cloudflare has announced the general availability of Client Zero Trust Sessions, a feature that requires periodic authentication to control network access. This enhances the security of Cloudflare's Zero Trust Network Access (ZTNA) by enabling granular application policies and addressing issues related to open sessions on lost or stolen devices. The feature was beta-tested during 2021 CIO Week, with feedback incorporated into the public version. It requires users to reauthenticate with their identity provider before accessing certain resources, with frequency determined by administrators based on the resource.
Mar 18, 2022
1,110 words in the original blog post.
Starting from March 18, 2022, users can build Zero Trust rules that require periodic authentication to control network access. This feature was initially available for web-based applications but has now been extended to TCP connections and UDP flows. The Zero Trust client-based sessions are designed to enhance the security of Cloudflare's Zero Trust Network Access (ZTNA). These sessions require users to reauthenticate with their identity provider before accessing specific resources, providing an additional layer of security for sensitive business applications. During the beta period, improvements were made based on customer feedback and issues identified by Cloudflare's own security team. In the future, options for step-up multifactor authentication and automated enrollment will be added.
Mar 18, 2022
511 words in the original blog post.
Cloudflare has introduced a new API-driven Cloud Access Security Broker (CASB) through the acquisition of Vectrix, aimed at helping IT and security teams detect security issues in their SaaS applications. The CASB looks at both data and users in SaaS apps to alert teams to issues ranging from unauthorized user access and file exposure to misconfigurations and shadow IT. Upcoming updates include new integrations with popular services like Google Workspace, GitHub, Zoom, Slack, Okta, Microsoft 365, and Salesforce, as well as SaaS asset management features and remediation guides with automated workflows. The beta version of Cloudflare CASB is now open for sign-up, allowing users to deploy popular integrations like Google Workspace on day one and provide direct access to the Product team for feedback and suggestions.
Mar 18, 2022
848 words in the original blog post.
The article discusses the security risks associated with Internet of Things (IoT) devices and how they can be exploited by hackers. It highlights a real-life example of the Mirai botnet attack in 2016, where millions of IoT devices were compromised to launch DDoS attacks. The article also mentions an incident involving Cloudflare's potential vendor for physical security cameras, Verkada, which was hacked and allowed a hacker to access their internal support tools.
The author then discusses the use of Cloudflare One as a solution to secure IoT devices by isolating them without deploying on a separate network. This approach provides security guarantees without requiring additional hardware and can be managed from a single dashboard, offering simplicity, adaptability, and superior security compared to other methods.
The article concludes with the author's plans to begin rolling out Cloudflare One internally at their data center sites as part of a Physical Security initiative to keep their most trusted assets secure.
Mar 18, 2022
1,022 words in the original blog post.
The text discusses a collaboration between Azure Active Directory and Cloudflare Access to provide integrated solutions for customers. This partnership aims to enhance security and access management by offering features such as single sign-on, multifactor authentication, conditional authentication, policy-oriented access control, and an additional layer of security for internal applications. The integration also offers performance benefits through the use of Cloudflare's global network. Additionally, the text highlights how this partnership can be used to secure both on-premise legacy applications and Azure hosted applications. It concludes by mentioning future plans to strengthen these integrations with Microsoft Azure.
Mar 18, 2022
1,161 words in the original blog post.
Cloudflare has announced a new feature that enables customers to route traffic from user devices with its lightweight roaming agent (WARP) installed to any network connected with its Magic IP-layer tunnels (Anycast GRE, IPsec, or CNI). This allows users to upgrade to Zero Trust over time, providing an easy path from traditional castle and moat architecture to next-generation security. The company believes that the future of corporate networks lies in SASE, where security and network functions shift from physical or virtual appliances to true cloud-native services. Cloudflare One, its combined Zero Trust network-as-a-service platform, allows customers to connect to its global network from any traffic source or destination with a variety of "on-ramps" depending on their needs.
Mar 18, 2022
1,027 words in the original blog post.
Cloudflare has introduced Domain Scoped Roles and Domain Groups to simplify user access management for enterprise account owners. These features allow users to be granted access to sets of domains, making it easier to manage permissions and reduce the risk of unauthorized changes. The new system is based on Bach, a policy-based authorization system that provides more granular control over permissions and resource scoping. Domain Scoped Roles are currently available for enterprise customers in an Early Access period, with plans to expand these capabilities to more products in the future.
Mar 18, 2022
1,453 words in the original blog post.
The Security team at Cloudflare uses their own products to protect the company's network, customers, and employees from evolving security threats. They have deployed Cloudflare Gateway and WARP to shield remote devices and networks from threats, and use Cloudflare Access and Purpose Justification for granular access controls. The team also leverages Workers to scan Pull Requests for security bugs. By using their own products, the Security team not only improves the company's security posture but also contributes valuable feedback to help build better products for customers.
Mar 18, 2022
1,051 words in the original blog post.
Cloudflare is working towards improving its observability capabilities by focusing on monitoring, analytics, and forensics. The company aims to provide a single pane of glass for all network activity, allowing customers to gain visibility into the internal state of their systems. Observability at Cloudflare includes monitoring health, analytics for visualizing data, and forensics for answering specific questions about events. These features are particularly important in the context of security to validate mitigating actions taken by Cloudflare's security products. The company is continuously adding more notification types and improving its analytics capabilities to offer customizable dashboards and notifications. Additionally, Cloudflare plans to enhance log storage on R2 and bring the power of logs to the dashboard across all products.
Mar 18, 2022
1,363 words in the original blog post.
Cloudflare has introduced SSH (Secure Shell Protocol) command logging as part of its Zero Trust platform, aiming to enhance security and visibility for remote machines management. Traditional SSH security methods have limitations in terms of tracking user actions and preventing lateral movement within a network. The new feature captures all commands run during an SSH session, including across multiple jump-hosts or bastions, providing a clear picture of events in case of accident, suspected breach, or attack. It also supports secure TLS inspection of all traffic from user devices and eliminates the need for complex logging software on individual machines. The logs captured by Cloudflare are immediately encrypted to ensure only authorized security users can inspect SSH commands.
Mar 18, 2022
686 words in the original blog post.
Cloudflare's Security Team focuses on people, proof, and transparency to ensure dependable security services for its customers. The team is highly technical, diverse, and shares knowledge with local and global communities through industry groups and conferences. They undergo several audits a year to maintain compliance with various standards such as PCI DSS, SOC 2 Type II, ISO 27001, and ISO 27701. In addition, they are assessing their global network against FedRAMP, ISO 27018, and C5 standards this year. The team is committed to transparency during security incidents, communicating promptly with customers about the issue and its resolution. They also have a proactive approach to vendor communication and provide access to their security certifications and assessment results via their Trust Hub.
Mar 18, 2022
1,059 words in the original blog post.
Cloudflare has announced multiple new integrations with CrowdStrike, combining their expansive network and Zero Trust suite with CrowdStrike's Endpoint Detection and Response (EDR) and incident remediation offerings. The partnership aims to simplify the adoption of Zero Trust for IT and security teams. Joint customers can now identify, investigate, and remediate threats faster through multiple integrations, including integrating Cloudflare's Zero Trust services with CrowdStrike Falcon Zero Trust Assessment (ZTA) and joining the CrowdXDR Alliance to share security telemetry and insights.
Mar 17, 2022
989 words in the original blog post.
Cloudflare and Aruba are collaborating on a solution that will allow Aruba customers to connect their EdgeConnect SD-WANs with Cloudflare's global network. This integration aims to enhance the security of corporate traffic using Cloudflare One, while maintaining granular control over inter-branch and internet-bound traffic policies from Aruba EdgeConnect appliances. The partnership simplifies connecting to Cloudflare's edge using existing SD-WAN investments, offering increased security and control without requiring a complete network overhaul.
Mar 17, 2022
1,038 words in the original blog post.
Packet captures are essential tools for network and security engineers, providing valuable insights into traffic patterns and helping diagnose issues. With more network functions moving to cloud-native services, obtaining packet captures across all network traffic becomes crucial. Cloudflare's global network now offers on-demand packet captures, allowing users to regain visibility by capturing packets across their entire network in one place. This feature is available for customers who have purchased the Advanced features of Magic Firewall and can be accessed through the Packet Captures API.
Mar 17, 2022
991 words in the original blog post.
In this article, the author discusses how Cloudflare has evolved its bot management toolset over time, particularly in response to changes in traffic patterns and increasing mobile app usage. The company started with a static machine learning (ML) detection model that used common bot user agents to identify bad bots. As attackers became more sophisticated, new sets of model features were generated, and the heuristics were able to accurately identify various types of bad bots.
The author then delves into how Cloudflare builds and deploys its ML models. Data gathering and preparation involve leveraging the amount and variety of traffic on their network to create training datasets. They identify samples that are clearly bots or not-bots, perform statistical analysis of features, and use ANOVA f-value for feature selection. Model building and evaluation involve using an internal pipeline backed by Airflow and choosing the Catboost library for binary classification model training.
Before deploying a new model to customer traffic, Cloudflare performs offline monitoring and uses SHAP Explainer to interpret the model's predictions. They also test models in shadow mode and active mode before officially releasing them as stable. The author highlights how they improved mobile app performance by incorporating validated mobile request datasets into their model training process, resulting in a significant reduction in false positive rates for Android traffic and other edge cases.
In conclusion, the article emphasizes the importance of continuous improvement and adaptation to changing patterns of traffic in developing effective bot management tools.
Mar 17, 2022
1,690 words in the original blog post.
Magic Transit, a service by Cloudflare, now extends its capabilities to customers with any size network, including home networks and offices. The service protects entire networks from DDoS attacks and provides built-in performance and reliability. It offers Cloudflare-maintained and Magic Transit-protected IP space as a service. Magic Transit's architecture uses Anycast technology to absorb all traffic destined for a customer's network at the location closest to its source, providing security protections such as DDoS mitigation and cloud firewall. The new offering allows customers with smaller networks to direct their network traffic to dedicated static IPs and receive benefits of Magic Transit, including industry-leading DDoS protection, visibility, performance, and resiliency.
Mar 17, 2022
799 words in the original blog post.
Cloudflare has announced the winners of its annual Channel and Alliance Partner Awards for 2021. The awards recognize partners who have demonstrated outstanding performance in driving growth and innovation with Cloudflare's platform, particularly amidst global disruptions. Among the winners are Accenture Federal Services (GSI Partner of the Year), Rackspace Technology (MSP Partner of the Year), Optiv (Channel Partner of the Year), GuidePoint Security (Rising Star Partner of the Year), and many others across different regions including Americas, APJC, and EMEA. These partners have played a crucial role in delivering internet security, performance, and reliability for organizations worldwide.
Mar 17, 2022
771 words in the original blog post.
Clientless Web Isolation, a new on-ramp for Browser Isolation that integrates Zero Trust Network Access (ZTNA) with remote browsing benefits, is now generally available. This solution enables secure browsing across teams and devices without needing to install any software or configure certificates. It also allows deep linking into isolated browsing, integration with third-party secure web gateways, and secure access to sensitive data on Bring Your Own Device (BYOD) endpoints. Clientless Web Isolation is available for all Cloudflare Zero Trust subscribers who have added Browser Isolation to their plan.
Mar 17, 2022
485 words in the original blog post.
Cloudflare has introduced Advanced Rate Limiting, an improved throttling technology that allows counting requests based on virtually any characteristic of the HTTP request, regardless of its source IP. This new feature is designed to protect against brute force attacks, scraping, and targeted DDoS attacks by allowing users to define rate limiting rules using all fields of the HTTP request, including URI, method, headers, cookies, AS Number (ASN), value of a query parameter, or bots fingerprint. Advanced Rate Limiting is now part of the Web Application Firewall (WAF) and can be used on all traffic for Enterprise customers without any caps.
Mar 16, 2022
1,320 words in the original blog post.
Over the past decade, the internet has evolved from static websites to API-driven applications that support various aspects of life. This growth has led to an increase in complexity on the back end, as developers need to manage APIs and monitor requests. To address this issue, Cloudflare has introduced its API Gateway, which aims to replace existing gateways at a lower cost while offering advanced features for security, management, and monitoring of APIs. The new gateway includes Discovery, Schema Validation, Abuse Detection, mTLS, Authentication, Routing & Management, API Analytics, Logging, Quota Management, and more. These features are designed to protect APIs from various threats while providing a comprehensive solution for managing and monitoring them.
Mar 16, 2022
1,893 words in the original blog post.
Cloudflare introduces Friendly Bots, a new feature designed to help manage and validate good bots on the internet. The company previously relied on manual submissions for bot verification, which could take weeks or months. With Friendly Bots, users can instantly auto-validate any traffic using IP lists, rDNS, and other methods. This allows customers to create custom policies that allow, rate limit, or log specific bot traffic. The feature also streamlines the dashboard experience by providing easier verification, instant feedback, better sourcing, and no arbitration for bot categorization. Additionally, Cloudflare Radar now displays a list of many verified bots in real-time, with plans to add specific Verified Bots as Bot Tags in their Logs product.
Mar 16, 2022
1,412 words in the original blog post.
Envoy Media Group, a digital marketing and lead generation company, uses Cloudflare's Bot Management to monitor automated traffic and filter out bad traffic. The company developed its own multichannel marketing platform called Revstr, which handles content management, marketing automation, and business intelligence. By integrating Cloudflare's Bot Score into their machine learning models, Envoy has seen a significant increase in the accuracy of predicting conversion rates for leads. This allows them to focus on more profitable segments and improve overall organizational performance.
Mar 16, 2022
1,431 words in the original blog post.
Cloudflare has announced that it will provide a Cloudflare Web Application Firewall (WAF) Managed Ruleset to all its plans for free. This move is aimed at helping keep the internet safe, especially for small application owners and teams who may not have the time to keep up with fast-moving security patches. The ruleset provides mitigation rules for high profile vulnerabilities such as Shellshock and Log4J among others. The Free Cloudflare Managed Ruleset is automatically deployed on any new Cloudflare zone and can be configured further by overriding all rules, specific rules or disabling the entire ruleset.
Mar 15, 2022
888 words in the original blog post.
Cloudflare has redesigned its Web Application Firewall (WAF) based on customer feedback and research, consolidating firewall rules, managed rules, and rate limiting rules under the new WAF category. The updated structure aims to provide a one-stop solution for web application security by distinguishing malicious from clean traffic. Changes include renaming "Firewall" to "Security," moving related features under this category, and launching advanced rate limiting rules as part of Security Week. Additionally, customers will receive a free set of managed rules to protect against high profile vulnerabilities. The redesign aims to improve the visibility of active protection rules and make it easier for users to find security products in the dashboard while accommodating future additions and consolidations of WAF features.
Mar 15, 2022
1,121 words in the original blog post.
Cloudflare has introduced a new Machine Learning WAF detection system that complements its existing Web Application Firewall (WAF) features. The new tool identifies bypasses and malicious payloads without human intervention, providing better protection against a broader range of old and new attacks. This machine learning-based detection system runs on all traffic, improves detection rates based on past traffic and feedback, and offers a new definition of performance by identifying bypasses and anomalies before they are exploited or identified by human researchers. The secret sauce is a combination of innovative machine learning modeling, a vast training dataset built on the attacks blocked daily, data augmentation techniques, an evaluation and testing framework based on behavioral testing principles, and cutting-edge engineering that allows for negligible latency in assessing each request.
Mar 15, 2022
1,043 words in the original blog post.
Cloudflare has introduced new tools for Software-as-a-Service (SaaS) providers using its underlying infrastructure. These include the ability for Enterprise customers to create and deploy different sets of Web Application Firewall (WAF) rules for their clients, allowing them to segment customers based on security requirements. Additionally, a Free tier of Cloudflare for SaaS has been introduced for Free, Pro, and Biz plans, offering 100 custom hostnames free of charge for provisioning and testing across accounts. Furthermore, the custom hostname price has been lowered from $2 to $0.10 per month. These updates aim to enhance security for all customers and make SaaS infrastructure more accessible.
Mar 15, 2022
1,106 words in the original blog post.
Cloudflare has been positioned as a Leader in the IDC MarketScape for Worldwide Commercial CDN 2022 Vendor Assessment. The company is recognized for its innovative approach, leveraging economies of scale and network effects to deliver fast-paced product development. Its offerings include serverless platform Cloudflare Workers, analytics dashboard with actionable insights, unified SASE solution Cloudflare One, and a strategic partnership with JD Cloud & AI for enhanced operations in China. The company's global network spans 250 cities across more than 100 countries, serving millions of customers.
Mar 15, 2022
1,171 words in the original blog post.
Cloudflare Zaraz is a tool that can be used to manage and load third-party tools on the cloud, improving speed, privacy, and security. It works well with Content Security Policy (CSP), which prevents malicious content from being run on websites. Despite initial concerns about potential conflicts between CSP and Cloudflare Zaraz, it has been confirmed that there is no such issue. In fact, when auto-inject is enabled, Cloudflare Zaraz enhances the response header by appending a nonce value in the script-src policy to ensure compatibility with existing security measures. This allows for seamless integration between website owners and third parties while maintaining high levels of security and efficiency.
Mar 15, 2022
1,192 words in the original blog post.
On March 14, 2022, it was announced that Cloudflare customers can now push their logs directly to IBM Security QRadar SIEM. This direct integration leads to cost savings and faster log delivery for both parties as there is no intermediary cloud storage required. The integration enables security teams to gain centralized visibility and insights across various aspects of an organization's environment, helping detect, investigate, and respond to threats more efficiently. Cloudflare and IBM have partnered together for years to provide a single pane of glass view for their mutual customers, and this new enhanced integration further strengthens their collaboration.
Mar 14, 2022
484 words in the original blog post.
Cloudflare is set to make email security technology available at no additional cost to all paid self-serve plans after the acquisition of Area 1 closes in Q2 2022. The integration will provide users with a more feature-packed version of Zero Trust solution and automate DNS email security records such as SPF, DKIM, DMARC, etc. Additionally, threat data sources from Area 1 will be connected into existing Cloudflare products to improve threat intelligence. Enterprise customers can access the highest flexibility and support levels for purchase.
Mar 14, 2022
699 words in the original blog post.
Cloudflare has started deploying backup certificates on Universal Certificate orders for Free customers who use Cloudflare as an Authoritative DNS provider. The company plans to issue backup certificates for all types of certificates in its pipeline, including Advanced Certificates and SSL for SaaS certificates. Backup certificates are designed to be ready for deployment immediately when events like key compromises or mass revocations require re-issuance of primary certificates. This feature aims to ensure that Cloudflare's customers remain secure and online during emergencies.
Mar 14, 2022
1,560 words in the original blog post.
Cloudflare is launching a new threat investigations portal called Investigate in its Security Center. This will allow all customers to access data on diverse security threats and improve the efficacy of their network and application security products. The portal will initially provide IPs and hostnames for query, followed by autonomous system details next month. Annotations in the dashboard will also be rolled out to streamline workflows and tighten feedback loops. Cloudflare's unique position in the network enables it to refine raw data and combine intelligence from all its products to provide a holistic picture of the security landscape. The company plans to add more data types and properties, integrations with partners, and additional features like file scanning portals and CVE search in the future.
Mar 14, 2022
1,447 words in the original blog post.
Cloudflare has partnered with New Relic to create a direct integration that provides end-to-end visibility into applications and services running across stacks. This integration allows customers to analyze logs from various sources, including Cloudflare's HTTP request logs, application logs, and origin server logs. The partnership aims to improve customer experience by enabling faster troubleshooting and investigation of issues. New Relic provides an open, extensible observability platform that automatically correlates events from applications, infrastructure, serverless environments, mobile errors, traces, and spans with logs for easier identification of problems. A quickstart guide is available for setting up the integration between Cloudflare Logpush and New Relic.
Mar 14, 2022
606 words in the original blog post.
Security Week is an initiative by Cloudflare to emphasize the importance of cybersecurity and announce new product enhancements, partnerships, and features. The company has been working on various aspects of security, including protecting websites, managing automated traffic, securing non-HTTP traffic, and developing a forward proxy security strategy with its Zero Trust platform. With the increasing threat landscape, Cloudflare aims to make security more accessible and integrated into its network services while partnering with other cybersecurity companies for better user experience.
Mar 13, 2022
1,556 words in the original blog post.
WhatsApp has partnered with Cloudflare to provide a system that assures users that the code run when they visit WhatsApp on the web is the code that WhatsApp intended. The new system, called Code Verify, compares a hash of the code executing in a user's browser with a hash held by Cloudflare, enabling users to easily see whether the code running is the correct version. This collaboration aims to improve privacy and security on the web and help other organizations verify the code delivered to users is the intended one.
Mar 10, 2022
1,089 words in the original blog post.
Stream Connect is now in open beta, allowing users to translate between SRT (Secure Reliable Transport) and RTMP (Real-Time Messaging Protocol). This feature aims to provide an alternative for authors of new broadcasting software and video streaming platforms. SRT offers lower latency and better resilience against unpredictable network conditions compared to RTMP, which has not been developed since 2012. Stream Connect is priced at $1 per 1,000 minutes regardless of video encoding parameters. The platform also supports adding or removing RTMP or SRT outputs without restarting the source stream and can run on every Cloudflare server worldwide.
Mar 10, 2022
1,001 words in the original blog post.
On March 8, it was reported that .fj domains had gone offline, causing some hostnames within the Fiji top-level domain (ccTLD) to become unreachable. The issue impacted traffic to Cloudflare customer zones in the .com.fj second-level domain, with HTTP traffic dropping by approximately 40%. It was suggested that the problem could be DNSSEC related, and further investigation confirmed this as the cause. Around midnight UTC, the .fj zone started being signed with a key not in the root zone DS, possibly due to a scheduled rollover without checking for updates first. The issue was resolved when the DS was updated around 1400 UTC. Misconfigurations at the ccTLD level can have significant impacts on accessibility of websites and applications within that domain.
Mar 09, 2022
657 words in the original blog post.
1.1.1.1 sees approximately 600 billion queries per day, with most being sent over cleartext UDP and TCP. To improve end-user privacy, the adoption of encrypted protocols such as DNS-over-TLS or DNS-over-HTTPS is encouraged. Discovery of Designated Resolvers (DDR) is a mechanism that allows clients to automatically upgrade non-secure connections to secure ones. 1.1.1.1 now supports the latest version of DDR, enabling more encrypted DNS on the Internet and helping with standardization efforts.
Mar 08, 2022
1,637 words in the original blog post.
A zero-day vulnerability called TP240PhoneHome has been discovered in the Mitel MiCollab business phone system (CVE-2022-26143). This vulnerability can be exploited to launch UDP amplification attacks, with an amplification factor of 220 billion percent. Cloudflare customers are protected against this attack. The vulnerability has been exploited since February 18, 2022, and Mitel has issued a high severity security advisory advising their customers to block exploitation attempts using a firewall until a software patch is made available. Cloudflare Magic Transit customers can use the Magic Firewall to block external traffic to the exposed Mitel UDP port 10074. The vulnerability was discovered in the Mitel MiCollab platform, which is used by critical infrastructure such as municipal governments, schools, and emergency services.
Mar 08, 2022
969 words in the original blog post.
Security researchers have observed a spike in DDoS attacks using UDP port 10074, targeting various sectors including broadband access ISPs and financial institutions. The devices abused for these attacks are MiCollab and MiVoice Business Express collaboration systems produced by Mitel, which incorporate TP-240 VoIP-processing interface cards and supporting software. Approximately 2600 of these systems have been incorrectly provisioned so that an unauthenticated system test facility has been inadvertently exposed to the public Internet, allowing attackers to leverage these PBX VoIP gateways as DDoS reflectors/amplifiers. Mitel is aware of this issue and has been actively working with customers to remediate abusable devices with patched software that disables public access to the system test facility. The researchers recommend using standard DDoS defense tools and techniques, such as flow telemetry, packet capture, network access control lists (ACLs), destination-based remotely triggered blackhole (D/RTBH), source-based remotely triggered blackhole (S/RTBH), and intelligent DDoS mitigation systems to detect, classify, trace back, and safely mitigate these attacks.
Mar 08, 2022
2,166 words in the original blog post.
On International Women's Day 2022, Cloudflare celebrates women's achievements and advocates for gender equality. The company highlights the importance of breaking biases in various aspects of life, including communities, workplaces, and educational institutions. As part of their celebration, they have planned numerous events and activities throughout March to honor Women's History Month. These include a focus on intersectionality and allyship, an internal leadership panel featuring women leaders at Cloudflare, and discussions with other Employee Resource Groups (ERGs). The company encourages everyone to take action as allies by educating themselves, amplifying women's opinions, taking action in the workplace, and advocating for diversity.
Mar 08, 2022
769 words in the original blog post.
Cloudflare, CrowdStrike, and Ping Identity have launched the Critical Infrastructure Defense Project (CriticalInfrastructureDefense.org) in response to potential cyber attacks on US critical infrastructure due to sanctions resulting from the Russian invasion of Ukraine. The project offers a suite of products for free for at least four months to US-based hospitals, energy, and water utilities. The companies aim to provide an integrated solution based on Zero Trust security approach, which includes network security, endpoint security, and identity solutions. They have also created a recommended security triage program to help organizations prioritize their cybersecurity efforts during this period of heightened risk.
Mar 07, 2022
639 words in the original blog post.
Cloudflare has been closely monitoring the Russian invasion of Ukraine, taking steps to protect its employees, customers, and network. The company extended its services to Ukrainian government and telecom organizations at no cost to ensure they can continue operating during the conflict. Additionally, under Project Galileo, Cloudflare is expediting onboarding for any Ukrainian entities requiring full protection. To preserve customer data integrity, encryption key material was moved out of Ukraine, Russia, and Belarus data centers. The company continues to monitor internet availability in Ukraine and take steps to ensure its services will continue operating if connectivity remains available. Cloudflare has also complied with new sanctions issued against Russian financial institutions, influence campaigns, and the governments of Donetsk and Luhansk by closing off paid access to its network and terminating customers tied to sanctions. The company believes that providing more internet access in Russia is crucial during this time, as it allows ordinary citizens to access world news beyond what is provided within the country.
Mar 07, 2022
1,286 words in the original blog post.
James Allworth, a representative of Cloudflare, discusses the company's mission to help build a better internet by making essential tools for protecting an online presence available to as many people as possible. He highlights free resources offered by Cloudflare, including protection for public-facing infrastructure, internal-facing infrastructure, and personal devices. Additionally, he mentions Project Galileo and the Athenian Project, which provide further services to vulnerable public interest groups and election entities respectively. All these services are made available in an effort to enhance online security amid increasing cyberattacks.
Mar 04, 2022
1,780 words in the original blog post.
Cloudflare's analysis of internet traffic in Ukraine reveals a significant decrease in overall request volumes since the invasion began, with Kyiv showing a gradual increase in internet usage after an initial drop. Other cities like Lviv and Uzhhorod have experienced increased internet traffic as people move westward to escape fighting. In contrast, Kharkiv has remained at roughly 50-60% of its usual rate since the invasion began. Some areas with intense fighting have experienced large drops in traffic or partial outages. Cyberattacks against Ukrainian domain names and networks have also increased, with layer 7 DDoS attacks being the largest. Social media usage has seen varied patterns, while messaging apps like Signal have experienced dramatic growth since the invasion began.
Mar 04, 2022
1,293 words in the original blog post.
Apple's new Internet privacy service, iCloud Private Relay, allows users with iOS 15, iPadOS 15, or macOS Monterey on their devices and an iCloud+ subscription to browse the web more securely and privately. The system uses modern encryption and transport mechanisms to relay traffic from user devices through Apple and partner infrastructure before sending it to the destination website. Cloudflare is proud to work with Apple as a partner in this initiative, operating portions of Private Relay's infrastructure.
Website operators can ensure the best possible experience for end users using iCloud Private Relay by keeping their geolocation databases up-to-date and ensuring that any systems relying on IP address as a signal or way of indexing users properly accommodate many users originating from one or a handful of addresses. Cloudflare's products, including its network, 1.1.1.1, Cloudflare Workers, and software like quiche, are well-suited to support Private Relay.
Mar 02, 2022
1,847 words in the original blog post.