March 2023 Summaries
55 posts from Cloudflare
Filter
Month:
Year:
Post Summaries
Back to Blog
Cloudflare's new NGINX upgrade mechanism allows for a more efficient and less memory-intensive upgrade process. The standard upgrade mechanism used by NGINX is not suitable at Cloudflare's scale, as it doubles up memory requirements during the release period. To address this issue, Cloudflare customized the NGINX upgrade mechanism to control individual workers rather than treating the entire instance (master + workers) as one. This enables them to start all the workers whilst all the previous ones are still running, reducing memory usage and speeding up the upgrade process.
Mar 31, 2023
1,541 words in the original blog post.
The European Union (EU) Cloud Code of Conduct (CoC) is a tool to demonstrate compliance with the General Data Protection Regulation (GDPR). It provides cloud service providers with detailed guidance on how they can meet their data protection obligations under the GDPR.
The EU Cloud CoC sets out specific requirements and controls that cover areas such as:
- Transparency, Information and Communication
- Lawful, Fair & Transparent Processing
- Data Minimization Principle
- Accuracy of Personal Data
- Storage Limitation
- Integrity and Confidentiality (Security)
- Accountability
These are the same areas covered by the GDPR. Cloud service providers can use compliance with the EU Cloud CoC as a way to demonstrate that they meet these requirements too, providing assurance to their customers of their commitment to privacy and data protection standards.
In addition to supporting cloud service providers in meeting their GDPR obligations, using the code also helps to promote consistency across the industry when it comes to handling personal data securely and responsibly. This is important because the use of cloud services can often involve multiple jurisdictions with different laws and regulations regarding data protection. By adopting a consistent approach through compliance with an approved code such as the EU Cloud CoC, service providers are helping their customers navigate these complexities more easily and effectively.
At present, only one organisation is accredited to assess cloud services for compliance with the EU Cloud CoC; this is SCOPE Europe. However, other monitoring bodies may become accredited in future which would then be able to provide certification for compliance with the code too.
The benefits of using the EU Cloud Code of Conduct include:
- Demonstrating compliance with GDPR requirements through a clear and well-defined framework
- Providing assurance to customers about your commitment to privacy and data protection standards
- Helping to promote consistency across the industry when it comes to handling personal data securely and responsibly
- Supporting cloud service providers in meeting their obligations under different jurisdictions' laws and regulations regarding data protection.
Overall, compliance with the EU Cloud Code of Conduct is a valuable tool for both cloud service providers and their customers in ensuring that personal data is processed securely and responsibly in accordance with GDPR requirements.
Mar 30, 2023
1,586 words in the original blog post.
Cloudflare One is a secure web gateway that provides a unified network-as-a-service platform. It enables businesses to securely manage and monitor their network traffic while providing seamless connectivity between employees, devices, and applications. With features like secure internet access, zero trust security, and remote access VPN, Cloudflare One helps organizations enhance their network security posture and improve overall performance.
Mar 30, 2023
3,235 words in the original blog post.
Over the past 24 hours, pro-Russian hacker groups Killnet and Anonymous Sudan have targeted university websites in Australia with HTTP DDoS attacks. The threat actors are planning to attack more universities, airports, and hospitals in the country starting from March 28th. This is not the first time these hacking groups have been active; in February, they targeted multiple US healthcare organizations, while October saw them calling for attacks on US airport websites. DDoS attacks can overwhelm networks with large amounts of malicious traffic, disrupting services or taking networks offline. To protect against such attacks, businesses need to implement detection and mitigation measures, preferably automated ones. Cloudflare provides free unlimited protection against DDoS attacks for all its customers since 2017, as part of its mission to build a better Internet.
Mar 29, 2023
825 words in the original blog post.
Cloudflare, an American web infrastructure and cybersecurity company, has made three commitments related to human rights during President Biden's Summit for Democracy. The commitments include democratizing post-quantum cryptography, working with researchers on Internet censorship and shutdowns, and engaging with civil society on Internet protocols and the development and application of privacy-preserving technologies. These commitments aim to help secure access to a free, open, and interconnected Internet for all users. The company is also partnering with various organizations to make the Summit a success.
Mar 28, 2023
1,479 words in the original blog post.
Cloudflare has expanded its partnership program with the addition of four new Authorized Service Delivery Partners (ASDP) - Primary Guard (APJC), AZ-AP, Layer8 (EMEA), and Opticca Security (AMER). These partners have demonstrated their expertise in Cloudflare One services and their commitment to delivering high-quality services to customers. The expansion of the partnership program aims to provide exceptional value to mutual customers while strengthening Cloudflare's network of channel partners.
Mar 27, 2023
1,510 words in the original blog post.
Cloudflare's developer platform has introduced WebAssembly (Wasm) support for their Pages Functions projects, enabling developers to build server-side applications with languages other than JavaScript. Wasm is a low-level language designed to run on the web and provides programming languages like C/C++, C#, or Rust with a compilation target. Using WebAssembly in Cloudflare's Pages Functions works similarly to how it does in Workers, allowing developers to import compiled binary .wasm files and use their features within their functions code. This update also supports two other module types: text and binary, which can be imported as strings or data blobs, respectively. To demonstrate the new feature's potential, Cloudflare has developed a small demo app that calculates distances between two points on Earth using Rust-generated WebAssembly, showcasing how developers can build powerful applications with this new support.
Mar 24, 2023
1,032 words in the original blog post.
Cloudflare introduced a new feature called "DCV Delegation" to help customers manage certificate renewals more easily. The feature allows customers who manage their DNS externally to delegate the DCV process to Cloudflare. Customers can now place a CNAME record at their Authoritative DNS provider, which allows Cloudflare to auto-renew all future certificate orders.
Mar 23, 2023
2,047 words in the original blog post.
Cloudflare Workers now support a variety of Node.js core APIs, including util, path, fs/promises, events, buffer, assert, and more. This update enhances the compatibility of existing worker scripts with Node.js APIs and allows developers to use familiar patterns when building new workers. The supported APIs cover a wide range of functionality, from high-level abstractions like EventEmitter to lower level utilities like Buffer for manipulating binary data.
Mar 23, 2023
1,803 words in the original blog post.
The sharing of local port between TCP socket bindings and connect()'s can be a complicated affair in modern kernels such as those found on Linux systems. When trying to use the same local port for both bind() and connect(), one must keep in mind several factors that influence whether or not this is possible, including the fastreuse state of the bind bucket, as well as any existing owners of the desired local address. The situation can become even more complex when taking into account additional socket options such as SO_REUSEADDR and IP_BIND_ADDRESS_NO_PORT. To better understand these details, we have provided a detailed walkthrough using real-world examples and code snippets from the Linux kernel source code itself. Ultimately, while sharing local ports between bind() and connect() may be possible under certain circumstances, it is generally recommended to rely on the kernel's default behavior when assigning ports to avoid potential issues with reuse.
Mar 20, 2023
2,863 words in the original blog post.
Cloudflare Security Week 2023 included numerous announcements such as the release of Fraud Detection, WAF Attack Score Lite, and enhanced capabilities for Super Bot Fight Mode. Additionally, they launched DMARC Management to help customers manage their email security policies, and partnerships were announced with IBM and KnowBe4.
Mar 20, 2023
1,637 words in the original blog post.
Cloudflare Access now fully supports wildcard and multi-hostname application definitions, addressing limitations of single hostname support. Previously, users experienced difficulties with Single Page Applications and organizations had to create numerous Access applications for identical services due to the requirement of a unique app per unique hostname. To address these issues, two major changes were introduced: Multi-Hostname Applications and Wildcard Support. With Multi-Hostname Applications, teams can protect multiple subdomains with one Access app, simplifying the process and reducing the need for multiple apps. Moreover, Access takes care of JWT cookie issuance across all hostnames associated with a given application. Wildcard Support allows administrators to define applications using wildcards anywhere in the subdomain or path of a hostname, enabling protection of hundreds of applications with a single policy. These features are now available in open beta on the Cloudflare One Dashboard.
Mar 18, 2023
546 words in the original blog post.
Cloudflare has introduced Account Security Analytics and Events to provide its Enterprise customers with visibility over HTTP traffic across all their domains. This feature is designed to improve time efficiency by eliminating the need for customers to monitor each domain individually. The new views, which are similar to zone-level dashboards, offer insights into sampled logs and top filters based on various source dimensions such as IP addresses, Host, Country, ASN, etc. The main difference between Account Security Events and Analytics is that the former focuses on current configurations on every zone, while the latter provides a wider perspective of all HTTP traffic across all zones under an account. This feature will be available to all Cloudflare Enterprise customers this week.
Mar 18, 2023
1,050 words in the original blog post.
Cloudflare has announced the general availability of a new region for its Regional Services that enables users to limit their traffic to ISO 27001 certified data centers within the EU. This feature is designed for customers with strict requirements regarding which data centers can decrypt and service their traffic. With this update, configuring the Data Localization Suite becomes more flexible, allowing each individual hostname to be set up for different regions directly on the dashboard's DNS tab. Additionally, a new User Interface (UI) has been introduced, making it easier to configure data localization settings.
Mar 18, 2023
765 words in the original blog post.
Cloudflare, an American web infrastructure and website security company, announced the launch of its DMARC Management tool as a part of its email security suite. DMARC (Domain-based Message Authentication, Reporting & Conformance) is a protocol that helps prevent email spoofing and protects against phishing attacks. The new feature aims to simplify the process of managing DMARC records for administrators by automatically generating RUA and RUF domain names in DNS records, processing received reports, and presenting findings in an intuitive format on the Cloudflare dashboard. This will help organizations improve their email security posture and reduce the risk of falling victim to cybercrime. The tool is currently available as a beta version and can be accessed by joining the waitlist.
Mar 17, 2023
1,564 words in the original blog post.
On March 17th, 2023, Cloudflare announced the integration of its cloud email security solution, Area 1, with KnowBe4's Security Awareness Training platform. This integration allows mutual customers to provide real-time coaching to their employees when a phishing campaign is detected by Cloudflare's email security solution. Phishing attacks are becoming more sophisticated, and despite various solutions to stop them, human error remains the weakest link in this chain of events. Therefore, it is essential to educate individuals on how to recognize and avoid such threats. The integration allows for seamless integration of Cloudflare's advanced email security capabilities with KnowBe4's Security Awareness Training platform and its real-time coaching product, SecurityCoach. This provides an added layer of security that detects and prevents email-based threats in real-time while also training employees to recognize and avoid such threats. The integration is currently available for customers using Cloudflare Area 1 email security and can be set up by creating a private key and public key in the Area 1 dashboard and then registering Cloudflare Area 1 email security with SecurityCoach in the KMSAT console.
Mar 17, 2023
932 words in the original blog post.
Over 10,000 organizations rely on Cloudflare Access to connect their employees, partners, and contractors securely through a Zero Trust solution. With new customizable login, blocks, and application launcher pages, users will experience a seamless transition when accessing applications protected by Cloudflare Access. As more large enterprises adopt this solution, IT administrators can now modify these pages to better communicate with their users while reducing confusion caused by generic error messages. Interested customers can provide feedback on the upcoming closed beta release of page customization in Cloudflare Access.
Mar 17, 2023
725 words in the original blog post.
Cloudflare built a managed service for parsing and storing DMARC reports using their platform's features. This was made possible by leveraging Cloudflare Workers and Durable Objects, as well as other tools like R2 storage buckets and the PostalMime library. The system is designed to handle large volumes of data while maintaining performance and scalability. Additionally, an open-source version of a worker for processing DMARC reports was released by Cloudflare to aid developers in building similar services.
Mar 17, 2023
1,943 words in the original blog post.
Cloudflare's performance in new sessions of their Zero Trust platform has been rated as faster than Zscaler, Netskope, and Cloudflare's own previous performance. The company attributes this to its network architecture that helps it get closer to users for both new and existing sessions, improving the overall user experience.
Mar 17, 2023
2,391 words in the original blog post.
The paper by Ding, Nguyen, and Gong proposes using artificial intelligence to improve power analysis side-channel attacks on post-quantum cryptographic systems. While this approach does not fundamentally change the nature of such attacks or break any cryptographic schemes, it can increase their effectiveness in certain scenarios, such as when multiple traces are available. However, these improvements might not be sufficient to make real-world power side-channel attacks more feasible or dangerous than they already were.
Mar 16, 2023
2,730 words in the original blog post.
Cloudflare has announced that it now supports quantum-resistant cryptography. This marks a significant step forward in securing the internet against potential threats from future quantum computers, which could break many of today's widely used encryption algorithms. The company is making post-quantum key agreement available to all its customers as part of its efforts to prepare for the rise of quantum computing and protect data privacy.
Cloudflare is currently supporting the Kyber algorithm, one of several candidates selected by NIST for standardization in 2024. Users can enable this feature using TLS 1.3 or HTTP/3 protocols. This implementation makes Cloudflare the first global CDN provider to offer quantum-resistant security features.
In addition to supporting post-quantum cryptography, Cloudflare is also working on transitioning its internal systems and contributing to open source projects related to this technology. The company plans to release vendor-agnostic roadmaps later in 2023 to help other organizations upgrade their systems for quantum resistance.
Overall, these moves by Cloudflare represent a proactive approach towards addressing the potential security risks posed by quantum computers and ensuring continued protection of users' data and privacy on the internet.
Mar 16, 2023
1,669 words in the original blog post.
Cloudflare has made its Super Bot Fight Mode configurable by rewriting it as a new managed ruleset in the WAF, allowing users to create exceptions using "Skip" rules. This will enable customers to better manage their website security and accommodate different use-cases, such as WordPress loopback requests. The company plans to integrate this feature with its Cloudflare WordPress plugin in the future. Additionally, they aim to extend similar customization options to Free plan users for the original Bot Fight Mode, allowing more free customers than ever before to join in the fight against bots.
Mar 16, 2023
605 words in the original blog post.
Today, Cloudflare announced a significant security enhancement for its Keyless SSL offering. The new feature allows customers to securely connect their private keys stored on their own hardware with Cloudflare's proxy services without exposing the location of the key server to the public internet. This is achieved through the use of Cloudflare Tunnels, which creates a secure channel between the customer's key server and Cloudflare's infrastructure. The integration will add an extra layer of protection for industries with strict compliance requirements that may prohibit sharing private keys.
Mar 16, 2023
729 words in the original blog post.
In this blog post, IBM and Cloudflare discuss how they collaborate to provide product innovation and address the needs of their mutual customers. Since 2018, the two companies have been integrating Cloudflare's application security and performance products into IBM Cloud. They aim to help clients in highly regulated industries meet their resiliency, performance, security, and compliance requirements. Key features discussed include Bot Management for detecting and mitigating bot-based threats and Keyless SSL, which allows customers to maintain control over their private keys while benefiting from Cloudflare's WAF and other services.
Mar 16, 2023
660 words in the original blog post.
On March 15, 2023, Cloudflare announced the release of "WAF Attack Score Lite" and "Security Analytics" for its Business plan customers. The company initially released these features for Enterprise customers in December 2022. WAF Attack Score is a machine learning layer that complements managed rules to detect unknown attacks, providing an extra layer of protection during the time gap between rule updates. It currently focuses on three types of attacks: SQL Injection (SQLi), Cross Site Scripting (XSS), and Remote Code Execution (RCE). WAF Attack Score Lite features include attack detection, mitigation through custom rules or rate limiting, and visibility over traffic through Security Analytics dashboard. These features do not block traffic automatically but offer insights to create blocking rules.
Mar 15, 2023
1,017 words in the original blog post.
Cloudflare uses machine learning to detect Domain Generation Algorithm (DGA) domains and DNS tunneling, two techniques used by attackers to evade detection and control using domain names that look like random strings. The company trains a model that extends a pre-trained transformers-based neural network to identify DGA domains, achieving an accuracy of over 99% on test data. For DNS tunneling detection, Cloudflare uses a two-stage model consisting of a gradient boosted decision tree and a neural network model. The first stage makes quick yes/no decisions about whether the domain might be a DNS tunneling domain, while the second stage refines the categorization to distinguish legitimate applications from malicious ones.
Mar 15, 2023
2,271 words in the original blog post.
In 2022, Cloudflare's Channel Partner Award winners were announced, recognizing the outstanding commitment of partner companies and individuals in working closely with Cloudflare to deliver innovative security and performance solutions globally. The year was marked by significant growth for Cloudflare and its partners, including a record-setting 5-star rating in CRN's Partner Program Guide and an increase in new customer bookings acquired through partners of over 28%. As the demand for Zero Trust architectures grows across industries, Cloudflare partners will play a more strategic role in the company's growth moving forward. Congratulations to all the award winners for their dedication and commitment to enhancing internet security and reliability worldwide.
Mar 15, 2023
1,101 words in the original blog post.
Cloudflare has announced plans to launch Fraud Detection, a new service that uses machine learning algorithms to detect fraudulent activity on websites and in mobile applications. The service will analyze user behavior and transaction data to identify suspicious patterns, such as account takeovers, carding abuse, and expediting. The company aims to help businesses prevent financial losses and protect their customers from fraud. Cloudflare's Fraud Detection service is expected to be available for early access in the second half of 2023.
Mar 15, 2023
1,826 words in the original blog post.
Cloudflare API Gateway is a powerful tool for managing APIs, but it has limitations when it comes to discovering endpoints and protecting them. In this blog post, we introduced two new features that enhance the capabilities of API Gateway: Machine Learning (ML) Discovery and Schema Learning.
ML Discovery uses machine learning algorithms to analyze traffic data and automatically identify and categorize APIs without requiring any previous information from customers. This feature enables customers to discover hidden endpoints that they may not have known about, allowing them to better protect their APIs.
Schema Learning is another new feature that helps customers protect their APIs by automatically learning the expected format of API request bodies. By analyzing successful requests to an API endpoint, Schema Learning can create a schema that accurately reflects the input requirements for that endpoint. This allows customers to implement API schema validation in just a few clicks, even if they don't know the expected format ahead of time.
Overall, these new features greatly enhance the capabilities of Cloudflare API Gateway and make it easier for customers to discover and protect their APIs.
Mar 15, 2023
2,675 words in the original blog post.
Cloudflare API Gateway introduces Sequence Analytics, a feature that identifies patterns of requests and enables customers to define positive security models on API request sequences. This helps detect unknown threats and protect against abuse. The feature is now available for all API Gateway customers.
Mar 15, 2023
1,517 words in the original blog post.
Cloudflare has introduced early access to its new Radar URL Scanner, a free tool that compiles a comprehensive report about any given URL. The scanner provides various technical details including phishing and SSL certificate information, HTTP request and response data, page performance metrics, DNS records, and more. It can also indicate whether cookies are set securely or if they're HttpOnly to mitigate potential XSS attacks. The technology tab enumerates the technologies used in a webpage, while the network tab shows all HTTP transactions along with associated DNS records. The DOM tab lists hyperlinks and global JavaScript variables from within the page. In the future, Cloudflare plans on adding more features such as API endpoints for private scans, security recommendations, and integrations with its Security Center. This tool aims to make the internet more transparent and secure by enhancing threat modeling and providing insights from aggregate trends observed.
Mar 15, 2023
804 words in the original blog post.
In response to the increasing sophistication of cyber threats, traditional perimeter-based security models are no longer sufficient. To address this issue, a Zero Trust security model has emerged, requiring all users and devices to be authenticated and authorized before accessing applications and data. Cloudflare Access and Ping Identity offer a comprehensive solution for organizations seeking to implement Zero Trust security controls. These services can enforce strong authentication and access controls through features such as single sign-on (SSO) and policy enforcement. Furthermore, they can help secure legacy applications that may lack modern security features. In addition, full integration support is now available for PingOne customers, and user and group synchronization via SCIM will be added in the future to streamline access management and improve the overall user experience.
Mar 14, 2023
749 words in the original blog post.
Sumo Logic, a pioneer in continuous intelligence software, has expanded support for automated normalization and correlation of Zero Trust logs for its Cloud SIEM product in collaboration with technology partner Cloudflare. The updated content helps joint Cloudflare customers reduce alert fatigue tied to Zero Trust logs and accelerates the triage process for security analysts by converging security and network data into high-fidelity insights. This functionality complements the existing Cloudflare App for Sumo Logic, designed to help IT and security teams gain insights, understand anomalous activity, and better trend security and network performance data over time.
Mar 14, 2023
720 words in the original blog post.
In the first half of 2023, a significant increase in account takeover attempts was observed. This trend is consistent with the growing number of botnets targeting login endpoints across various platforms. Additionally, nearly 8% of traffic generated by non-verified bots was mitigated due to vulnerability scanners and other potentially unwanted activities.
Mar 14, 2023
2,475 words in the original blog post.
During Security Week, Cloudflare is adding two new integrations for Atlassian Confluence and Jira to their Cloud Access Security Broker (CASB) platform. CASB aims to provide security operators clear visibility and control over the security of their SaaS apps like Google Workspace, Microsoft 365, Slack, Salesforce, Box, GitHub, and Atlassian products. With these new integrations, users can now scan Confluence for security vulnerabilities such as publicly shared content or unauthorized access. They can also monitor Jira for issues like account misuse and oversharing of sensitive data. Cloudflare CASB offers a single view to identify potential security risks across an organization's entire SaaS footprint, including Confluence and Jira.
Mar 14, 2023
575 words in the original blog post.
The Descaler Program offers resources and support to help organizations migrate their security services from Zscaler to Cloudflare One. The program includes three main components: technical toolkits for automated data extraction, trusted partner engagements, and business components such as ROI calculations and contract escape hatches. By joining the Descaler Program, customers can enjoy improved user experience, better connectivity, and increased agility for future security initiatives.
Mar 14, 2023
1,502 words in the original blog post.
Microsoft and Cloudflare have partnered to provide enhanced data protection for businesses. With the new integration between Cloudflare One's Data Loss Prevention (DLP) and Microsoft Purview Information Protection, customers can now track sensitive data movement across all their corporate traffic in a few clicks. This collaboration allows users to retrieve sensitivity labels from their Microsoft account and build rules to control the movement of classified data. The integration extends the power of Microsoft's sensitivity labels to any application within an organization's network, enhancing overall data protection and security.
Mar 14, 2023
693 words in the original blog post.
A new phishing campaign has emerged targeting the recent collapse of Silicon Valley Bank (SVB). The emails pose as official communications from SVB, notifying recipients that their bank account details have changed and directing them to a fake website to verify their personal information. Threat actors are exploiting fear and uncertainty around the situation in an attempt to steal sensitive data or financial fraud. Cloudflare has provided mitigation strategies for businesses and individuals to protect against this campaign, including using secure email gateways, regularly updating systems and applications, leveraging advanced threat protection measures, and raising employee awareness through regular training and simulations.
Mar 14, 2023
1,265 words in the original blog post.
In the digital world, security is crucial for businesses of all sizes. Cloudflare's Mutual Transport Layer Security (mTLS) helps secure a wide range of network services and applications such as APIs, web applications, microservices, databases, and IoT devices. mTLS enhances standard TLS by validating both the client and server during the connection establishment process. It uses cryptographically signed certificates for authentication, which are harder to spoof than passwords or tokens.
mTLS is useful when a managed list of clients need access to a server. Some common use cases include communications between APIs or microservices, database connections from authorized hosts, and machine-to-machine IoT connections. mTLS support on Cloudflare Workers allows communication with resources that enforce an mTLS connection, making it easier to implement security measures for businesses in the digital age.
Mar 13, 2023
669 words in the original blog post.
Cloudflare has introduced Aegis, dedicated IPs for sending traffic, aimed at helping enterprises transition their systems to Zero Trust models. The new feature allows organizations to lock down services and applications at an IP level, providing an additional layer of security when used with mTLS (Mutual TLS). By using a private egress IP allocated by Cloudflare, customers can restrict network access control lists and improve application security without exposing their endpoints to the public Internet. Aegis also pairs well with other Cloudflare products such as Access, CNI, Workers, and Tunnel for enhanced protection.
Mar 13, 2023
1,454 words in the original blog post.
Cloudflare introduced Page Shield, an advanced security feature that prevents malicious JavaScript from running on websites and protects against data theft. The technology aims to provide a positive security model by blocking untrusted scripts without impacting vetted tools. Page Shield leverages Content Security Policies (CSPs) to enforce where JavaScript files are allowed to be loaded from, thus reducing the attack surface available for potential exploits. The feature also supports the connect-src directive, which ensures browsers only send data to specified destinations.
Source: https://cloudflare.com/products/page-shield/
TAGS:
security, cloudflare, web development, content security policies
Mar 13, 2023
1,422 words in the original blog post.
The new features in Cloudflare's DNS filtering service provide enhanced anti-phishing security through automatic detection of confusable or similar domain names that are registered to phish brands. The system uses a combination of machine learning algorithms and pattern recognition techniques to identify potential threats, enabling organizations to proactively block access to these malicious sites before they can harm users. In addition, customers using Cloudflare's Zero Trust product suite can easily enforce blocking rules against matched domains for even greater protection against phishing attacks.
The new features are currently available in beta mode for Enterprise customers and include:
1. Private scanning of domains to detect confusable or similar domain names that may be used for phishing brands.
2. Ability to save queries and set up alerts on matched domains.
3. Integration with Cloudflare's Zero Trust product suite, allowing users to create blocking rules against matched domains.
These enhancements represent a significant step forward in the ongoing battle against cybercrime, providing organizations with powerful new tools to protect their employees and customers from falling victim to sophisticated phishing attacks.
For more information about these features or to sign up for beta access, visit Cloudflare's website at www.cloudflare.com
Mar 13, 2023
1,356 words in the original blog post.
Cloudflare introduces an innovative approach to secure hosted applications using Cloudflare Access without the need for installed software or custom code on application servers. This solution aims to replace Virtual Private Networks (VPNs) and provides Zero Trust policies in hosted applications, verifying users' identities before they can access the application. Previously, Access required installed software or custom code to prevent bypass from an origin server IP address. However, using Cloudflare Tunnel and JSON Web Token (JWT) Validation posed challenges such as cumbersome installation processes and ongoing maintenance requirements.
Cloudflare's new approach leverages Cloud Network Interconnect (CNI) and a new product called Aegis. CNI enables secure connections between on-premises or cloud infrastructure and the Cloudflare network, while Aegis provides reliable IP addresses for traffic from Cloudflare to users' infrastructures. By combining Access, CNI, and Aegis, the only configuration required is an allowlist rule based on the inbound IP address. This solution ensures that all requests are verified by Access and other security products like DDoS and Web Application Firewall without requiring software or application code modification.
This approach provides enhanced security at both Layer 7 (application) and Layer 3 (network) levels, ensuring private, performant connectivity back to Cloudflare. Access, Cloud CNI, and Aegis are generally available for all Enterprise customers.
Mar 13, 2023
1,256 words in the original blog post.
Phishing attacks have become increasingly common and sophisticated in recent years, often involving the impersonation of popular brands and high-ranking individuals. To protect yourself from these scams, it's important to remain vigilant and look out for certain warning signs. These include requests for sensitive information or immediate action, poor grammar and sentence structure, and any offers that sound too good to be true. By following best practices for email security, such as using two-factor authentication and being cautious when clicking on links from unknown senders, you can significantly reduce your risk of falling victim to a phishing attack.
Mar 13, 2023
1,761 words in the original blog post.
In March 2023, a dinner gathering was held with CISOs and CSOs from various industries such as banking, gaming, ecommerce, and retail companies to discuss their security challenges. The primary focus of the discussions revolved around convincing business and product teams to adopt secure practices instead of discussing specific technical issues. It was highlighted that phishing attacks are becoming increasingly frequent in 2023, emphasizing the need for secure tools to prevent human mistakes.
Cloudflare's strategy involves simplifying security measures by integrating multiple products into one platform and utilizing machine learning to enhance detection capabilities. This approach aims to help organizations protect their infrastructure from a wide range of threats while reducing dependence on third-party vendors. Additionally, Cloudflare is working on enhancing its threat intelligence services for easier access and actionable insights for customers.
Overall, the main goal is to make it harder for humans to make mistakes by providing secure tools that integrate seamlessly with existing processes without adding extra workload for internal teams. By simplifying security measures and leveraging advanced technology like machine learning, Cloudflare aims to help organizations improve their overall security posture while ensuring smooth operations across various industries.
Mar 12, 2023
1,463 words in the original blog post.
1. Understanding the problem
- The customer needed assistance in updating their system's firmware, specifically the BIOS and drivers for their Broadcom network adapter.
2. Analyzing the requirements
- The customer wanted a solution that could be automated to minimize manual effort.
3. Designing the solution
- We decided to use an open-source tool called iPXE, which allows us to boot and install systems from remote locations over a network.
- We created a customized iPXE script that would automate the firmware updating process for both BIOS and Broadcom network adapter's firmware.
- The script also included error handling mechanisms such as trapping errors using 'trap', checking whether the required hardware is present or not before proceeding with updates, etc.
4. Implementation of the solution
- We configured iPXE to boot from a remote server and execute our customized firmware updating script.
- The script first checks if any new updates are available for both BIOS and Broadcom network adapter's firmware.
- If updates are available, it downloads them and applies them automatically without requiring user intervention.
- After applying the updates, the system is then rebooted to ensure that all changes have been properly applied.
5. Testing the solution
- We tested our implementation by simulating various scenarios such as having different versions of firmware already installed, checking whether the error handling mechanisms work as expected, etc.
6. Deployment and handover to customer
- Once we were satisfied with the performance of our solution, we handed it over to the customer along with detailed documentation explaining how they can use it in their environment.
7. Ongoing support and maintenance
- We offered ongoing support and maintenance services to the customer to ensure that our solution continues to work effectively even after deployment. This includes monitoring for any new updates released by manufacturers, updating our scripts accordingly, addressing any issues or bugs reported by the customer, etc.
In conclusion, this case study demonstrates how open-source tools like iPXE can be leveraged to automate complex tasks such as updating system firmware. By designing and implementing a customized solution tailored specifically to meet our customer's unique requirements, we were able to provide them with an efficient, reliable, and cost-effective method for keeping their systems up-to-date while minimizing manual effort.
Mar 10, 2023
1,529 words in the original blog post.
Indonesia faces challenges in providing fast and reliable internet due to its geography, infrastructure, and market dynamics. The country consists of over 18,000 islands spanning three time zones, making it difficult for fiber optic cables to connect the entire population. Additionally, Indonesia relies heavily on submarine fiber optic cables, which are prone to damage from human activities and seismic activity. While there are plans for new cable systems, internet costs in Indonesia remain significantly higher than other regions. The market is dominated by three major ISPs, leading to refusal to peer or exchange traffic without expensive payments. Despite these challenges, Cloudflare has established a carrier-neutral local point of presence and edge partnership points of presence in the country, resulting in improved network performance for its customers.
Mar 10, 2023
1,112 words in the original blog post.
Today marks International Women's Day, with a global theme of #EmbraceEquity to highlight the need for equitable actions in achieving true inclusion and belonging for all genders. This year's focus is on understanding the difference between equity and equality and addressing gender-based challenges such as unconscious bias and microaggressions in the workplace. To promote equity, various resources are suggested, including reading about intersectionality, recognizing the importance of diverse support groups like Womenflare at Cloudflare, and participating in discussions surrounding equity and allyship. The goal is to foster an environment that celebrates women's achievements and champions equity for everyone.
Mar 08, 2023
669 words in the original blog post.
The solution to our problem was to implement a weighted traffic routing module in a Cloudflare Worker. This allowed us to route email traffic between two ESPs without having to make major changes to existing services or introduce new, heavyweight microservices. By using environment variables, we could easily configure the percentage of traffic to send to each vendor and quickly respond to outages by updating these variables and deploying the change in a few milliseconds.
This approach simplicity
Mar 08, 2023
2,058 words in the original blog post.
The White House has released its National Cybersecurity Strategy as part of an effort to improve the nation's cyber defenses. The strategy outlines five pillars aimed at strengthening the United States' ability to prevent, detect and respond to cyber threats. Pillar one focuses on securing critical infrastructure while pillar two is about advancing a resilient digital ecosystem. Pillar three is centered around disrupting and dismantling threat actors, pillar four involves investing in privacy preserving technologies, and pillar five seeks to build international partnerships and assist allies and partners. The strategy aims to encourage the private sector to work with the government in defending against cyber threats.
Mar 07, 2023
1,631 words in the original blog post.
This article describes the development process of Scout, a live tester for API endpoints. The system was built using Pytest and Cloudflare Workers, allowing users to easily write self-explanatory tests for their APIs. With this tool, users can validate requests and responses against OpenAPI schemas and test behaviors over specific resources while getting alerted through multiple means if something goes wrong. The Scout service is in charge of scheduling test suites periodically and providing a reporting harness for the test suites as well as multiple metrics. The system has been tested to have good coverage and reliability, allowing users to verify an API version prior to its deployment to production.
Mar 07, 2023
2,071 words in the original blog post.
On March 20, 2023, Cloudflare is updating the Zero Trust navigation in its dashboard to provide a more seamless experience across all products and services. This update will enable users to manage their Zero Trust organization alongside other application and network services, developer tools, and more with ease. Key changes include quicker navigation, easier switching between accounts, and improved access to resources and support. The purpose of this update is to improve user experience and accommodate the growing capabilities and reach of Zero Trust within Cloudflare's ecosystem.
Mar 07, 2023
647 words in the original blog post.
Prometheus is a powerful monitoring solution that excels at handling high cardinality time series data. However, this strength can also be its weakness as it can lead to overloaded instances when dealing with large numbers of metrics or labels. To tackle this issue, we developed two custom patches for Prometheus - one enforcing a total limit on the number of stored time series and another that provides graceful degradation by capping the number of time series per scrape while allowing appends to existing time series after reaching the limit. These patches help prevent overloaded instances, improve performance, and provide a safety net for dealing with high cardinality data. Additionally, we maintain extensive internal documentation to guide engineers through the entire process of working with metrics in Prometheus, from defining metrics to visualizing them in dashboards.
Mar 03, 2023
6,846 words in the original blog post.
Oxy is a Rust-based multipurpose proxy framework developed by Cloudflare. It leverages the safety and performance benefits of Rust to provide a flexible and scalable solution for modern services, supporting various communication protocols and business logic. The development team has adopted an iterative approach to development, constantly seeking out new opportunities to reuse existing solutions and improve their codebase.
Mar 02, 2023
2,916 words in the original blog post.
Prospector is an open-source application built on top of Cloudflare's Workers platform, which enables developers to build serverless applications that can be run globally with low latency. The application uses several tools from the Cloudflare suite, including D1 (a serverless SQL database), Queues (a task queue for background processing), and Pages (a platform for deploying static websites).
Prospector is designed to track keyword matches on websites by periodically scraping their content using Puppeteer. When a new match is found, the application sends an email notification to the user with details about the match.
The application can be easily deployed and managed using wrangler, Cloudflare's command-line tool for Workers. It uses TypeScript for development, which provides improved type safety and editor support.
Overall, Prospector showcases how developers can use Cloudflare's suite of tools to build powerful and scalable applications that require real-time data processing and background task execution.
Mar 02, 2023
2,265 words in the original blog post.