Home / Companies / Cloudflare / Blog / January 2023

January 2023 Summaries

52 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
A kernel-level vulnerability was discovered that can be triggered by unprivileged users through namespaces. This issue stems from a coding error introduced back in 2015 when noqueue qdisc functionality was added to the Linux kernel's networking stack. The bug allows an attacker to exploit this feature and cause a denial of service (DoS) by crashing the host's kernel. The root cause of the problem lies in the fact that the noqueue qdisc does not necessarily drop packets; instead, it simply assumes there is no queue for them. This assumption can be exploited to trigger a bug where the kernel attempts to enqueue a packet into a non-existent queue, leading to an unchecked NULL pointer dereference and eventual crash. The vulnerability was demonstrated with HTB (Hierarchical Token Bucket), a classful qdisc that allows network traffic to be managed by creating parent/child hierarchies for different classes of packets. When noqueue is applied as the root qdisc for an interface, the path is essentially to allow packets to be processed. To prevent this vulnerability (Ck) was calculated and based on these calculations are accurate.
Jan 31, 2023 1,777 words in the original blog post.
Today marks the International Holocaust Remembrance Day, commemorating six million Jews and countless other victims murdered by the Nazis during World War II. Antisemitism remains a significant issue in modern times, with Jewish people being 500% more likely to be targeted by hate crimes than any other faith group per capita. Recent data from Cloudflare reveals that cyberattacks on Holocaust educational websites have doubled year over year since 2021, growing by 640% in absolute terms between 2021 and 2022. To combat this issue, Cloudflare offers free protection to vulnerable public interest groups through Project Galileo. The company is committed to ensuring the world remembers and never forgets the atrocities of the Holocaust and the dangers of antisemitism, racism, and hatred in general.
Jan 27, 2023 701 words in the original blog post.
1. Google has announced the launch of Anthos on bare metal, which is a managed application platform for hybrid and multi-cloud deployments. 2. The solution allows users to run applications in containers or VMs across cloud environments without requiring any changes to their code or infrastructure setup. 3. Users can manage their applications from a single centralized control plane, thereby simplifying the deployment process and reducing operational overhead. 4. Anthos on bare metal is expected to help businesses streamline their IT management processes by providing them with a unified platform for managing hybrid cloud environments. 5. The solution also supports various open-source projects such as Kubernetes, Istio, and Knative, which can be leveraged by users for building robust and scalable applications. 6. Some key features of Anthos on bare metal include support for automated updates, centralized monitoring, and integrated security capabilities. 7. The pricing details for the solution have not been disclosed yet but it is expected behavior in relation to said technology.
Jan 27, 2023 4,801 words in the original blog post.
The post discusses the increasing need for cross-border data flows as societies rely heavily on digital technologies, with particular focus on personal data transfers from the EU to the US under GDPR. It notes the challenges faced by businesses due to differing interpretations of the law and varying levels of trust in privacy protection in third countries. However, recent developments such as the EU-US Data Privacy Framework and OECD Declaration provide hope for restoring legal certainty and trust in cross-border data flows between rule-of-law democratic systems. The author suggests that a global privacy framework with specific protection requirements is necessary to prevent Europe from becoming an isolated data island, and highlights the potential of Global Cross Border Privacy Rules (CBPR) certification.
Jan 27, 2023 1,440 words in the original blog post.
Cloudflare's Data Localization Suite (DLS) helps customers navigate complex data protection landscapes that prioritize data localization. Launched in 2020, DLS has been adopted by many customers and is designed to address three primary concerns: encryption key jurisdiction, regional content termination and inspection, and metadata jurisdiction. The suite includes features like Keyless SSL and Geo Key Manager for encryption keys, Regional Services for decrypting and inspecting HTTPS traffic within a specified region, and Customer Metadata Boundary for keeping logs and metadata within the chosen jurisdiction. Recently, DLS has expanded to support Japan, Australia, and India in addition to Europe and America. Additionally, improvements have been made to the usability of Regional Services and the Metadata Boundary. Cloudflare plans to support more regions and provide full data localization for Zero Trust products in the future.
Jan 26, 2023 971 words in the original blog post.
A software bug in one of Cloudflare's data centers led to service token authentication issues for approximately 10 minutes on October 24, causing disruptions to various Cloudflare services including Cloudflare WARP enrollment, Cloudflare Zero Trust device posture and re-auth policies, Cloudflare Gateway caches, R2 Storage and Cache Reserve, and Cloudflare Cache Purge. The incident impacted over 50,000 users per minute during the peak of the issue. Reference(s): https://support.cloudflare.com/hc/en-us/articles/4410523781639 [SUMMARY: Service token authentication issues caused by software bug led to disruptions in various Cloudflare services, impacting over 50,000 users per minute during the peak of the issue.]
Jan 25, 2023 2,484 words in the original blog post.
Cloudflare, in collaboration with Ampere Computing, has developed a method to secure servers against malicious firmware attacks at the manufacturer level using cryptography and hardware. The process involves fusing keys into silicon during manufacturing and then requiring all subsequent software updates to be signed by those keys. This prevents attackers from installing unauthorized firmware on the server's Baseboard Management Controller (BMC).
Jan 25, 2023 2,528 words in the original blog post.
Data protection laws are becoming more stringent globally, often including provisions that require certain types of data to be stored in a specific country or jurisdiction, known as "data localization" requirements. However, these rules can have unintended consequences for security and privacy. Cloudflare's global network enables it to securely transfer and process data across borders, enhancing its ability to provide robust security measures that protect users' personal information from a range of cyber threats. By supporting the cross-border flow of data, Cloudflare helps maintain the integrity and security of digital communication platforms, which is essential for privacy protection. In this article, we examine how Cloudflare's global network enhances its ability to provide robust security measures that protect users' personal information from a range of cyber threats. -----
Jan 25, 2023 2,912 words in the original blog post.
When building distributed systems with Kubernetes, one common issue is ensuring the health of all components. In a system where microservices consume data from Apache Kafka topics, liveness checks can be used to ensure that consumers are actively processing messages. A naive approach is to use simple Kafka connectivity checks, but this may not be enough for systems with multiple partitions and replicas. To improve health checks, focus on message ingestion by checking the current offset (the last message sent) and the committed offset (the last message processed). By ensuring that the committed offset is changing and is equal to or behind the latest one, we can determine whether a consumer is actively processing messages. One issue with this approach is that rebalances in Kafka can cause consumers to be reassigned different partitions, leading to incorrect health checks if each instance of a service only keeps track of its assigned offsets. To solve this problem, use the Sarama library's functionality to observe when a rebalance happens and update the in-memory map of offsets accordingly. Overall, smart health checks can help prevent cascading failures in Kubernetes systems by ensuring that microservices are actively processing messages from Apache Kafka topics.
Jan 24, 2023 1,737 words in the original blog post.
During 2022, several regions experienced significant internet disruptions due to various factors such as government-directed shutdowns, cyberattacks, natural disasters, and technical issues with service providers. Iran faced some of the most widespread and prolonged internet disruptions in recent history as a result of the anti-hijab protests. In Ukraine, war-related damage led to extended power outages and network disconnections. Volcanic activity caused significant connectivity issues for Tonga after an undersea cable was severed. Meanwhile, earthquakes disrupted internet service in several countries including Japan, Mexico, and Turkey. Additionally, there were multiple instances of regional or national internet shutdowns or slowdowns in countries like Sudan, Ethiopia, Sri Lanka, Haiti, and Australia due to technical issues with service providers such as Access Haiti and Aussie Broadband.
Jan 20, 2023 2,684 words in the original blog post.
Cloudflare has introduced a new feature called "Waiting Room Bypass Rules" that allows customers to easily bypass their waiting rooms for certain users or requests. This feature is designed to provide more flexibility and control over the deployment of Cloudflare's Waiting Room product, which helps prevent traffic surges from overwhelming websites and applications. With this new feature, administrators can now create rules based on IP addresses, URL paths, query strings, or other criteria to ensure that users who need access quickly can do so reliably.
Jan 19, 2023 2,105 words in the original blog post.
We are excited to announce the winners from the 4th, 5th, and 6th Chapters of Project Jengo. These three winners will receive a combined total of $15,000 in prize money for their efforts in searching for prior art references that can help invalidate Sable Networks' patents. The first winner is Chris who found an old reference paper about ALTQ (Alternative Queuing) from 1998. This paper predates the patent by four years and could be used as prior art against one of Sable's patents. For this, he will receive a $5,000 prize! The second winner is Peter who identified a valuable thesis paper that described the solution to one of Sable's patents almost five years before it was filed for patent protection. He will also be receiving a $5,000 prize. The third and final winner from this round of Project Jengo is David who found U.S. Patent No. 6,859,438, which discloses the same "quality of service" technology claimed in Sable's patent, but predates it by more than two years! He will receive a $5,000 prize as well. We have now given out \$100,000 to prior art searchers and still have $50,000 left to give out. The search is ongoing, so please continue to help us by submitting prior art references here. The submission deadline for Chapter 7 is January 31, 2023. In other news, another patent has been thrown out of the case against GitHub, and the remaining claims from one of the patents have also been further whittled down. There are now only two patents at issue in Sable's case against us.
Jan 17, 2023 1,735 words in the original blog post.
A race condition was found in the Linux virtual ethernet (veth) driver that affected AF_XDP enabled devices by corrupting packets. The issue was fixed by ensuring that all packet processing operations were completed before signaling the NAPI poll as complete. This bug was important to fix because it slightly increased the latency of connection establishments and data transfers across the network.
Jan 16, 2023 4,703 words in the original blog post.
This week in Zero Trust news, we released updates to our platform that bring new features and capabilities to help customers protect their users from phishing attacks and manage certificates with ease. In addition, we also introduced new partnerships with Microsoft and other IT vendors that make it easier for organizations to securely connect their devices and applications. - We announced the general availability of Email Link Isolation in Cloudflare Area 1, which helps protect against phishing attacks by isolating suspicious links clicked on by users. This feature works as a safety net when employees accidentally click on malicious emails that could lead to data loss or ransomware. - We also released an update for customers using their own certificates with Cloudflare Gateway, allowing them to apply HTTP, DNS, CASB, DLP, RBI and other filtering policies while maintaining the security of their custom SSL/TLS certificates. - Another highlight is our partnership with Microsoft, where we introduced new integrations between Cloudflare Zero Trust and Azure Active Directory that increase automation and reduce risk proactively. These integrated offerings allow security teams to focus on threats rather than implementation and maintenance. These updates demonstrate our commitment to providing the best possible protection against advanced cyber threats while making it easier for customers to manage their network security with ease.
Jan 13, 2023 1,602 words in the original blog post.
Cloudflare has launched a new feature for its Managed Service Provider (MSP) partners that enables them to set up and manage DNS filtering policies at scale across their customers' accounts. The update also introduces the ability to create hierarchical, multi-tenant configurations within Cloudflare Gateway. This makes it easier for MSPs to provide a centralized interface for managing security policies while allowing flexibility in the level of control and customization offered to individual clients. The feature will support existing DNS filtering solutions provided by large global ISPs, as well as new partnerships with companies like Malwarebytes. Cloudflare plans to roll out more features that better support its MSP partners in the coming months.
Jan 13, 2023 2,152 words in the original blog post.
Cloudflare has introduced "China Express," a suite of capabilities aimed at improving performance for users in China through partnerships with China Mobile International (CMI) and CBC Tech. The new offerings are designed to simplify connectivity and boost performance for users within the country, as well as ensure consistent experiences for customers and employees globally. Key components include Premium Dedicated Internet Access (DIA), Private Link, and Travel SIM services, which enhance global service accessibility for Cloudflare One customers visiting China.
Jan 13, 2023 934 words in the original blog post.
Cloudflare has announced that its Cloudflare One network security suite now supports private connectivity to cloud environments through the new Cloud CNI (Cloud Native Interconnect). This feature enables organizations to directly link their virtual private clouds (VPCs) from various cloud providers, such as AWS, Azure, Google Cloud, OCI and IBM, into Cloudflare's global network. The main goal of this integration is to simplify the management of cloud connections by eliminating the need for customers to maintain their own infrastructure. Instead, they can rely on Cloudflare to manage firewalls, access policies and routing for all their resources, thus reducing the number of vendors they have to deal with. Cloud CNI allows users to quickly and easily provision private connections directly from cloud providers through a process that is entirely cloud-native. Users can create these connections in seconds without having to worry about ordering cross-connects into their devices, getting LOAs or checking light levels. With Cloudflare's new support for direct cloud connectivity, customers can now get connected from various cloud providers and take advantage of several benefits: private routing with Magic WAN, secure authentication with Access, and manage their cloud egress with Gateway. Overall, this integration is a major step forward in making zero-trust network security easier for organizations to implement and manage. It eliminates the complexity associated with maintaining multiple connectivity options by allowing companies to insert Cloudflare as the sole intermediary between all of their resources.
Jan 13, 2023 1,912 words in the original blog post.
Cloudflare introduces a new feature in its Tunnel service that enables users to ping their server or device with an IP address from behind the Cloudflare global network of data centers, while still maintaining privacy and security. This feature is particularly useful for administrators who need to diagnose connectivity issues within private networks. The implementation utilizes a technique known as source NAT, which rewrites the source IP address in outbound packets to that of the local machine, before forwarding them to their intended destination. However, this approach presents challenges when dealing with ICMP echo requests and replies, due to limitations in packet rewriting and port-mapping functionality. To overcome these limitations, Cloudflare designed a unique strategy for each platform it supports (Linux, Darwin/macOS, Windows), using concepts such as "port" allocation on Linux, manual demultiplexing of ICMP packets on Darwin, and leveraging built-in API functions in Windows. By implementing this innovative solution, administrators can now ping their servers or devices from behind Cloudflare's global network while preserving security and privacy. In addition to improving the observability and diagnostics capabilities within private networks, this new feature also highlights Cloudflare's commitment to enhancing its Zero Trust platform by offering additional tools for monitoring network conditions and ensuring optimal performance.
Jan 13, 2023 2,875 words in the original blog post.
Cloudflare has announced new integrations that will enable users to utilize its Application Services together with Cloudflare One, providing enhanced security, performance, and reliability benefits for the entire corporate network. These integrations aim to streamline IT operations and enable new use cases by leveraging Cloudflare's "every service everywhere" architecture. Some of these new use cases include a Web Application Firewall for private apps with any off-ramp, API security for internal APIs, global and local traffic management for private apps, full-stack performance optimization for private apps, and private DNS for one-stop management of internal network resources.
Jan 13, 2023 1,218 words in the original blog post.
Cloudflare has introduced "China Express," a suite of capabilities designed to improve performance for users in China. The new offerings aim to address challenges faced by infrastructure teams trying to ensure performance, security and reliability for their applications and users both in and outside mainland China. These include Premium Dedicated Internet Access (DIA), Private Link, Travel SIM, and extending Cloudflare One to China. These services are expected to simplify connectivity and improve performance for users in the region.
Jan 13, 2023 938 words in the original blog post.
During CIO Week 2023, various announcements were made addressing different aspects of technology stacks, including new services, betas, strategic partnerships, and third-party integrations. Key highlights include enhanced phishing protection, deeper integration with the Microsoft ecosystem, a simpler roadmap to Zero Trust and SASE, access to the right technology and channel partners, and streamlined multi-cloud strategy implementation. These innovations aim to help CIOs accelerate their pursuit of digital transformation by simplifying IT and security management.
Jan 13, 2023 1,661 words in the original blog post.
Cloudflare has announced a new integration between its DNS Filtering solution and Partner Tenant platform that supports parent-child policy requirements for its partner ecosystem and direct customers. The integration aims to help Managed Service Providers (MSPs) support large, multi-tenant deployments with seamless protection from online threats. Cloudflare's Tenant platform, launched in 2019, has allowed partners to easily integrate Cloudflare solutions across millions of customer accounts. With the integration between these two solutions, MSPs can now manage global employees and protect them from various online threats. The company is also working on developing features that better support its MSP partners for 2023 and beyond.
Jan 13, 2023 2,165 words in the original blog post.
Cloudflare has announced four new features that expand its integration with Microsoft Azure Active Directory (Azure AD). These include support for Azure AD Conditional Access policies, System for Cross-domain Identity Management (SCIM) user and group provisioning, risky user isolation, and secure hybrid access for government cloud customers. The integrations aim to provide joint customers with better security by centralizing identity and access management via Azure AD and adding an extra layer of security through Cloudflare's global network.
Jan 12, 2023 1,615 words in the original blog post.
Cloudflare announces the integration of System for Cross-domain Identity Management (SCIM) protocol with its Cloudflare Access and Gateway services, allowing organizations to manage user identities and access more efficiently across multiple systems. This enables automation of account creation, updates, and deletion processes, reducing manual intervention and ensuring accurate information synchronization. SCIM also improves security by automatically deprovisioning users upon deactivation in the identity provider and synchronizing group memberships for Access and Gateway policies. Currently, it is available for Azure Active Directory and Okta for Self-Hosted Access applications, with plans to extend support to more Identity Providers and services in the future.
Jan 12, 2023 855 words in the original blog post.
Cloudflare has announced an open beta for Microsoft 365 domain onboarding via the Microsoft Graph API as part of its email security offering through its Area 1 product, aiming to provide customers with increased flexibility and faster deployment times. The new onboarding method is one of several offered by Area 1, allowing customers to deploy domains based on their preferences without losing protection. Through this open beta, the company aims to build more capabilities for email security in 2023, such as retroactive scanning and hybrid domain deployment options.
Jan 12, 2023 970 words in the original blog post.
Cloudflare has announced the release of two new SaaS integrations for its API CASB - Salesforce and Box. These integrations aim to help CIOs, IT leaders, and security admins quickly identify potential security issues across tools that handle critical business data. The integration with Salesforce enables users to scan their environments for issues affecting sensitive business data, while the integration with Box allows security teams to link their admin accounts and scan them for security issues. Cloudflare CASB currently supports integrations with Google Workspace, Microsoft 365, Slack, GitHub, Salesforce, and Box, and is expanding its compatibility with other applications in the future.
Jan 12, 2023 802 words in the original blog post.
Cloudflare has introduced Zone Versioning for its enterprise customers, allowing them to safely manage zone configuration by versioning changes and choosing when to deploy those changes. The new feature helps solve two main problems faced by customers - testing changes safely and quickly reverting negative changes. With Zone Versioning, customers can create independent sets of zone configuration (versions) that won't affect other versions. They can also map segments of their zone's traffic to specific versions of configuration through environments, which are based on various parameters like hostname, client IP, location or cookie. This enables a seamless rollout and rollback process for configuration changes, benefiting both testing and real-time adjustment needs. Enterprise customers can start using Zone Versioning today for their zones on the Cloudflare dashboard.
Jan 12, 2023 1,017 words in the original blog post.
On January 11, 2023 at 1:00 PM, Alex Dunbrack and Noelle Gotthardt discussed the integration of Cloudflare's API CASB (Access Security Broker) with their Data Loss Prevention (DLP) offering. The CASB scans SaaS applications for security issues like misconfigurations and unauthorized user activity, while DLP helps manage sensitive data in transit to prevent it from landing in the wrong hands. Customers requested more information about where sensitive data is exposed within files stored in popular SaaS apps. In response, Cloudflare plans to introduce a new product synergy that will allow users to peer into their SaaS applications and identify sensitive data such as credit card numbers or social security numbers. This combined offering will provide IT and security administrators with additional coverage for data loss prevention. The integration is set to launch in early 2023, and interested parties can learn more about the products by reaching out to their account manager or visiting the website.
Jan 11, 2023 658 words in the original blog post.
Cloudflare's Area 1 product provides a comprehensive solution for data loss prevention (DLP). It is designed to protect against various threat vectors, such as account takeovers, phishing emails, malicious links and ransomware. The email security feature prevents sensitive information from being transmitted outside the organization through unsecured channels like email attachments or unsafe web pages. In addition, Cloudflare offers DLP services that help businesses monitor and control their data flow across various platforms and applications.
Jan 11, 2023 1,579 words in the original blog post.
Cloudflare has released Email Link Isolation as part of its comprehensive email security solution to protect against phishing attacks. This technology rewrites potentially exploitable links within emails and alerts users about the uncertainty surrounding the websites they're about to visit. It also offers protection against malware and vulnerabilities through the user-friendly Cloudflare Browser Isolation service. Email Link Isolation is included with the Cloudflare Area 1 enterprise plan at no extra cost, and can be enabled with three clicks. With more than a dozen customers in beta and over one million links protected so far, this solution significantly enhances email security by adding another layer of protection against sophisticated phishing attacks that may have evaded other lines of defense. SUMMARY: Cloudflare's Email Link Isolation technology offers comprehensive protection against phishing attacks, rewriting potentially exploitable links within emails and alerting users about uncertain websites they're about to visit.
Jan 11, 2023 1,333 words in the original blog post.
Cloudflare has introduced a new feature that allows account owners to selectively scope API access for specific users, providing increased security and control over user permissions. With this update, account owners can now turn API access on or off for individual users, as well as manage access at an account-wide level. This feature is currently available for enterprise users, with plans to continue enhancing account management controls in the future.
Jan 11, 2023 415 words in the original blog post.
Cloudflare introduces an integration of its best-in-class browser isolation technology with the industry-leading Zero Trust access control product, enhancing data and application control for users. The new features eliminate the need for traditional virtual private networks (VPNs), replacing them with a single, faster solution. With this integration, Cloudflare aims to help organizations replace their private networks, virtual desktops, and data control boxes more efficiently. This approach allows security teams to enforce hard key authentication as a second factor for specific applications, ensuring that only corporate devices connect to systems while enhancing the user experience. The company also extends Zero Trust access control features to application usage and data by offering browser isolation technology. Through this technology, administrators can monitor comprehensive logs to prevent unauthorized access incidents, control how users interact with resources, and protect against attacks leaping out of a browser from the public internet.
Jan 11, 2023 1,298 words in the original blog post.
Cloudflare's CASB scans SaaS applications for misconfigurations, unauthorized user activity, and other data security issues. However, customers requested more information to assess the risk associated with a misconfiguration. In response, Cloudflare is developing an upcoming capability that will provide Zero Trust users with DLP coverage for sensitive data stored in popular SaaS apps. This feature will enable customers to connect their SaaS applications and scan them for sensitive data such as PII, PCI, and custom regex. The integration of CASB and DLP aims to enhance security coverage by identifying sensitive data within files stored in SaaS applications.
Jan 11, 2023 651 words in the original blog post.
The adoption of Cloudflare One services has been the fastest area of growth among its customer base. In the last year, there has been a 3x increase in partner bookings and a 70% YoY increase in transacting partners for Cloudflare One. Partners have cited the simplicity of the platform, the pace of innovation, and the global network as key factors that are driving strong customer demand. Migrating from legacy on-premise appliance to a cloud-delivered SASE architecture is a journey that is typically divided into two categories: network layer transformation and Zero Trust security modernization. Partners play a crucial role in easing customer adoption by assisting with assessments, implementations, and management of services. To help partners develop their Cloudflare One services expertise and distinguish themselves in the marketplace, Cloudflare has announced the limited availability of a new specialization track for Authorized Services Delivery Partners (ASDP). This track is designed to authorize partners that meet Cloudflare's high standards for professional services delivery around Cloudflare One. Benefits for achieving the authorized service partner designation include access to sourced opportunities, named partner service delivery managers, and special incentive funds.
Jan 10, 2023 1,089 words in the original blog post.
The number of network-layer distributed denial-of-service (DDoS) attacks increased by 54% in Q4, compared to Q3, according to Cloudflare's Q4 2022 DDoS Report. This marks the highest quarterly increase in almost two years. Source: ZDNet ``` SUMMARY: 54% Increase in Network-Layer DDoS Attacks in Q4, as per Cloudflare's Q4 2022 DDoS Report
Jan 10, 2023 3,362 words in the original blog post.
Cloudflare has introduced custom data loss prevention (DLP) profiles for its Cloudflare One customers. This allows organizations to identify and detect unique sensitive data, such as intellectual property or trade secrets, using regular expressions. The new feature is embedded in Cloudflare's secure web gateway product, Cloudflare Gateway, which enables administrators to inspect HTTP traffic for sensitive data and apply DLP policies. Customers can build their own detections by creating custom DLP profiles with the help of regular expressions. In upcoming quarters, Cloudflare plans to add features like data at rest scanning, minimum DLP match counts, and more predefined DLP detections to enhance visibility and control over sensitive data.
Jan 10, 2023 713 words in the original blog post.
Cloudflare One is a secure service edge (SSE) platform designed for cloud-based enterprises. It provides a comprehensive solution that combines security, network connectivity, and performance to deliver optimal user experiences across various devices and locations. The benefits of adopting Cloudflare One include cost savings from hardware elimination or avoidance, simplified vendor management with single invoice and account manager, enhanced threat protection, and improved network efficiency and scalability. CIOs seeking a more efficient and effective SASE solution can explore Cloudflare One through its free plan for up to 50 users or by contacting the company's dedicated team for assistance in understanding and experimenting with the platform.
Jan 10, 2023 3,323 words in the original blog post.
Cloudflare has introduced Magic WAN Connector, a lightweight software package that can be installed on any physical or cloud network to automatically connect, steer, and shape IP traffic. This enables organizations to modernize their corporate networks by connecting any traffic source or destination and layering Zero Trust security policies on them. The Magic WAN Connector integrates with Cloudflare's existing SASE portfolio, including Firewall-as-a-Service (FWaaS), Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Data Loss Prevention (DLP), Browser Isolation, Cloud Access Security Broker (CASB), Email Security, and more. Additionally, the software is being open sourced to make it even easier for organizations to connect their existing hardware to Cloudflare's network. This new solution aims to help businesses transition to SASE seamlessly and securely.
Jan 10, 2023 1,311 words in the original blog post.
On January 10th, 2023 at 2:00 PM, Kenny Johnson announced the release of a new GraphQL API by Cloudflare Access that allows administrators to look up specific blocked requests. This feature aims to improve troubleshooting and configuration for those using Zero Trust access control solutions. The API returns detailed information about blocked requests which can be crucial during initial setup or in diagnosing issues. Additionally, the user facing block page has been improved to include more details about a user's session. These enhancements are expected to make Cloudflare Zero Trust the easiest solution for achieving a Zero Trust Architecture at scale. The API is available across all pricing tiers and those interested can sign up for 50 free seats or request a consultation with a Cloudflare representative.
Jan 10, 2023 1,143 words in the original blog post.
Cloudflare has introduced new features for its Cloudflare One service, enabling teams to determine what traffic is sent to the network and what remains local based on user location. The update includes Configuration Profiles and Managed Networks, which allows administrators to create defined sets of configuration options and rules for when profiles apply. Users can also define a known TLS endpoint, ensuring devices are operating within a managed network. This new feature is designed to provide more control over network traffic and improve security for Cloudflare One users.
Jan 10, 2023 1,265 words in the original blog post.
As the internet becomes the primary corporate network, traditional definitions such as "north/south" and "east/west" traffic are shifting due to applications moving outside data centers and users accessing them from anywhere. This change necessitates stronger security measures for all types of traffic. Cloudflare One offers protection for all traffic flows regardless of their source or destination, making it a valuable resource as organizations adopt SASE (Secure Access Service Edge) and multicloud architectures.
Jan 10, 2023 810 words in the original blog post.
Cloudflare introduces self-service capabilities for its products, allowing customers to evaluate and configure them without commitments or usage caps. This applies to any product not part of an enterprise contract and can be enabled by users with administrative access on the Cloudflare dashboard. Resources are available to assist in getting started, and feedback is encouraged to potentially include it in customer contracts. The self-service experience will continue to improve over time, while some products may still require additional support for streamlined onboarding.
Jan 10, 2023 286 words in the original blog post.
In Q4 of 2022, despite a year-long decline, HTTP DDoS attack traffic increased by 79% YoY. Volumetric attacks surged; the number of attacks exceeding rates of 100 Gbps grew by 67% quarter-over-quarter (QoQ), and the number of attacks lasting more than three hours increased by 87% QoQ. Ransom DDoS attacks steadily increased this year, with over 16% of respondents reporting receiving a threat or ransom demand as part of the DDoS attack that targeted their Internet properties in Q4. The Aviation and Aerospace industry was the most attacked by application-layer DDoS attacks, while the Education Management industry saw the highest percentage of network-layer DDoS attack traffic. Memcached-based DDoS attacks saw the highest growth with a 1,338% increase QoQ.
Jan 10, 2023 3,437 words in the original blog post.
The adoption of Cloudflare One services has been the fastest area of growth among its customer base over the past year. This has led to a threefold increase in partner bookings and a 70% rise in transacting partners year-over-year. Partners have cited simplicity, innovation, and global network as key differentiators that are driving strong demand for Cloudflare One services. The company is focusing on building strategic partnerships with go-to-market channel partners to help customers assess, implement, and manage its services. It has also announced a new specialization track for Authorized Services Delivery Partners (ASDP) to authorize partners that meet high standards for professional services delivery around Cloudflare One.
Jan 10, 2023 1,090 words in the original blog post.
In September 2022, Cloudflare launched the general availability of Data Loss Prevention (DLP) as part of its Cloudflare One service to provide better protection for sensitive data. DLP allows administrators to identify and control sensitive data in their corporate traffic by creating custom detections using regular expressions. The feature is embedded in Cloudflare Gateway, which routes users' internet traffic through Cloudflare for secure browsing. As of now, customers can build custom detection profiles to identify unique sensitive data such as intellectual property or trade secrets. In the coming quarters, Cloudflare plans to add more features like data at rest scanning, minimum DLP match counts, Microsoft Sensitivity Label support, and more.
Jan 10, 2023 742 words in the original blog post.
In a head-to-head performance test, conducted by third-party testing firm Miercom, Cloudflare's Zero Trust solution outperformed Zscaler in terms of speed and reliability. The tests were designed to mimic an end-user connecting to a resource protected by Cloudflare or Zscaler, and the results showed that Cloudflare was consistently faster than Zscaler across all regions. In particular, when comparing time to first byte (the amount of time it takes for the first byte of data from the server to reach the client's machine), Cloudflare was 45% faster than Zscaler globally. Furthermore, when looking at total response time or the ability for a browser isolation product to deliver a full response back to a user, Cloudflare was still 39% faster than Zscaler. This performance edge can be attributed in part to Cloudflare's well-peered network architecture, which is designed to optimize end-to-end performance and improve the overall user experience.
Jan 09, 2023 3,418 words in the original blog post.
Cloudflare has introduced new features to its Zero Trust platform that provide more detailed insights into how well users are experiencing applications managed by the security company's technology. The new features include: 1. Digital Experience Monitoring (DEM) for capturing and analyzing data on application availability, performance, and user experience. 2. Synthetic Application Monitoring for creating synthetic tests to monitor endpoint connectivity to public-facing applications or services. 3. Network Path Visualization to view hop-by-hop telemetry data representing the critical path between users and endpoints. These new features aim to improve the overall user experience, reduce IT support ticket volumes, and enable proactive communication of application performance issues. The availability of these features is expected to increase adoption of Cloudflare's Zero Trust platform.
Jan 09, 2023 1,502 words in the original blog post.
On January 9th, 2023, at 2:00 PM, Ankur Aggarwal announced that Cloudflare's Zero Trust platform now supports customer-provided certificates to provide flexibility and ease of deployment options. IT and Security administrators can choose between using custom certificates or the existing method, which involves installing Cloudflare's own certificate for HTTP filtering policies. The new approach allows organizations to maintain control over their certificates while enabling additional security controls. To get started with custom certificates, users must upload root certificates via API and associate them with their Zero Trust account ID. The process takes approximately one minute without any maintenance downtime. Alternatively, administrators can install Cloudflare's own root certificate on devices to support HTTP filtering policies for reduced administrative overhead. Future updates will include a new UI for managing user-side certificates and an updated HTTP policy builder.
Jan 09, 2023 658 words in the original blog post.
Cloudflare launches a new feature called "WARP-to-WARP" that enables seamless connection between two devices running Cloudflare WARP. This feature aims to simplify the process of building networks on Cloudflare by eliminating the need for additional tunnels or configurations. Users can leverage this functionality for various use cases, including device troubleshooting and testing web servers. The "WARP-to-WARP" connectivity is designed with Zero Trust rules built in, ensuring secure access to devices within a network. This feature will be available on all plans at no additional cost, allowing users to sign up for early access through the closed beta program.
Jan 09, 2023 1,260 words in the original blog post.
Cloudflare's Zero Trust platform, which secures applications and internet experiences out to the public Internet, has been found to be faster than competitors like Zscaler in various tests. The company compared its Zero Trust services with Zscaler's products, including Cloudflare Access against Zscaler Private Access (ZPA), Cloudflare Gateway against Zscaler Internet Access (ZIA), and Cloudflare Browser Isolation against Zscaler Cloud Browser Isolation. In each test, Cloudflare was found to be significantly faster than Zscaler. Performance matters for Zero Trust products as it impacts users' experience and their ability to get their job done. A slow performance may lead users to bypass these security measures, putting the company at risk. Cloudflare's highly performant, optimized network is a key factor in its superior performance compared to Zscaler.
Jan 09, 2023 3,573 words in the original blog post.
This week, we are celebrating all things CIO (Chief Information Officer) with our special "CIO Week" event at Cloudflare. We'll be sharing insights into how modern enterprises can navigate the changing landscape of technology and security, and how Cloudflare is working to empower businesses in their digital transformation journeys. Throughout the week, we will explore topics such as SASE (Secure Access Service Edge), Zero Trust architecture, strategic partnerships, global network capabilities, and more. We are also excited to feature guest speakers from various industries who will share their experiences with leveraging Cloudflare's platform for securing their organizations. In the spirit of collaboration, we invite all CIOs and technology leaders to join us in this week-long celebration and learning experience. Stay tuned for more updates and announcements as we dive into the world of modern security and networking solutions.
Jan 08, 2023 1,565 words in the original blog post.
Cloudflare WAF Content Scanning is an advanced feature designed for detecting malicious file uploads within a web application's traffic. The scanning process involves identifying and parsing different content types, including multipart/form-data or JSON, to support multiple content objects per request. This feature enhances visibility into your application traffic and helps you detect and mitigate potential security risks associated with malicious file uploads. By separating detection from mitigation, it allows for more flexible deployment options, such as using the scanned data in custom rules for blocking specific types of requests or bots that attempt to upload malicious files.
Jan 04, 2023 1,432 words in the original blog post.