Home / Companies / Cloudflare / Blog / March 2024

March 2024 Summaries

45 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Innovation Week is focused on helping developers bring their ideas to life by providing a full-stack cloud platform that includes frontend, backend, and AI components. The platform aims to be more than just a collection of tools; it strives to ensure seamless integration between these components for an efficient development experience. Additionally, the platform supports connectivity with existing infrastructure or other providers, experimentation through a generous free tier, and smooth transition from demo to production stages. For AI applications, the platform aims to help developers manage loads and infrastructure efficiently without overpaying for idle compute.
Mar 31, 2024 1,295 words in the original blog post.
The text discusses the importance of alert observability in managing on-call personnel's health and improving overall system efficiency. It highlights how Cloudflare uses Prometheus, an open-source monitoring tool, to collect metrics from targets and trigger alerts when conditions are met. The article also explains how Alertmanager, a central hub for handling alerts, can mitigate alert noise by inhibiting, grouping, silencing, or routing alerts to the correct receiver integration. The author emphasizes that analyzing alerts is crucial in reducing unnecessary interruptions and improving on-call processes' efficiency. They explain how Alertmanager2es, a reliable tool for monitoring alerting volume and noise levels, has limitations due to the absence of silenced and inhibited alert states. To overcome this issue, they aggregate all states of alerts (firing, silenced, inhibited, and resolved) into a datastore using open-source tools like vector.dev and ClickHouse. The text also describes various dashboards built on top of the data collected from these alert states, such as Alerts overview, Alertname overview, Alerts overview by receiver, Alerts state timeline, Jiralerts overview, and Silences overview. These dashboards provide insights into all alerts received by the Alertmanager, drill-downs on specific alerts, comparison of alert volume over time, and visibility into failed inhibitions and stale silences. In conclusion, alert observability plays a vital role in preventing burnout among on-call personnel by minimizing interruptions and enhancing their efficiency. It also helps teams make informed decisions about on-call configurations and fosters a proactive monitoring culture.
Mar 29, 2024 2,281 words in the original blog post.
In 2023, newer generic Top-Level Domains (TLDs) have been predominantly used for spam and malicious attacks. These TLDs include those linked to the beauty industry, such as .uno, .sbs, and .beauty, all introduced since 2014. Despite excluding TLDs with fewer than 20,000 emails, our analysis covers unwanted emails considered spam and malicious from more than 350 different TLDs. The most common source of spam and malicious emails is the .com domain, accounting for 67% of all such messages. Cybercriminals often leverage the guise of authenticity to carry out phishing attacks, with 90% of cyber attacks starting with phishing. Cloudflare's Cloud Email Security service helps protect customers from unwanted emails and provides insights into email security trends.
Mar 26, 2024 2,878 words in the original blog post.
Cloudflare's global network spans over 310 cities in more than 120 countries, with thousands of servers across data centers. The company faced challenges dealing with broken servers, as manual troubleshooting and repair processes were time-consuming and inefficient. To address this issue, the Infrastructure Software Systems and Automation team developed an autonomous diagnostics and recovery automation called Phoenix. Phoenix runs at regular intervals to discover Cloudflare data centers with broken servers, performs diagnostics on detection, recovers those that pass diagnostics by re-provisioning, and ultimately re-enables them in the safest and most unobtrusive way possible without requiring any human intervention. It also handles server failures, updates relevant tickets, and reverts the state of the server when needed. The autonomous system is designed to be intelligent and aware of other automations executing certain operations, ensuring that recovery operations do not interfere with ongoing ones in the data center. Phoenix provides transparency by logging every operation and sharing information in communication channels like chat rooms and Jira tickets. It also helps manage error budgets, which define the amount of error that automation can accumulate over a certain period before causing significant harm to the system or excessive noise for SREs. With Phoenix, Cloudflare has not only witnessed the potential of autonomous automated systems but also experienced benefits such as reduced energy wastage and cost savings. The company plans to continue investing in engineering initiatives that focus on building better and smarter systems.
Mar 25, 2024 2,063 words in the original blog post.
Cloudflare has introduced the public availability of its new tool, the Cloudflare WARP Connector, which aims to simplify secure bidirectional, site-to-site, and mesh-like connectivity without disrupting existing network infrastructure. The new connector is an extension of warp-client that can act as a virtual router for any subnet within the network to on/off-ramp traffic through Cloudflare. It offers solutions for various private network use cases such as VOIP servers, securing access to CI/CD pipelines, and preserving true source IP addresses. The WARP Connector is currently deployable on Linux hosts and can be accessed directly from the dashboard.
Mar 20, 2024 1,434 words in the original blog post.
Cloudflare has developed Zinc, an in-house infrastructure system built in Rust, which is now an essential part of system engineering, platform management, and provisioning at the company. Zinc provides first class data models for logical and physical infrastructure assets such as servers (nodes), network devices, and data centers. It enables powerful APIs, integrations, and interfaces for efficient fleet management on top of this data. Tasks such as assigning workloads to nodes, scheduling any type of data center maintenance, querying data about their fleet, or even managing the repair cycle of faulty nodes are greatly simplified through Zinc and its integrations with other Cloudflare systems. The system also provides a native web interface and command line tooling for interacting with Zinc’s data, creating a central pane of glass where the ability to expand, build, and monitor their fleet has never been easier.
Mar 19, 2024 2,069 words in the original blog post.
Cloudflare Workers has introduced a new integration with Vitest, allowing developers to write unit and integration tests using the popular testing framework that execute directly in their runtime, workerd. This integration provides users with the ability to test anything related to their Worker, including unit tests within the same runtime as Cloudflare Workers run on in production, and integration tests for Workers triggered by Cron Triggers or fetch() events. The new testing integration also supports complex applications that interact with various Cloudflare products such as KV, R2, D1, Queues, and more. Additionally, users have access to Vitest features like snapshots, mocks, timers, and spies.
Mar 15, 2024 3,201 words in the original blog post.
On March 14, 2024, internet connectivity was disrupted in several African countries due to multiple undersea cable failures. West and central African nations were most affected, along with South Africa. The outages impacted a total of 11 African countries, including The Gambia, Guinea, Liberia, Côte d'Ivoire, Ghana, Niger, Nigeria, Benin, Cameroon, Togo, and South Africa. Submarine cables are crucial for internet connectivity as they carry over 90% of intercontinental data traffic. Microsoft reported that multiple fiber cables on the West Coast of Africa were impacted, reducing total capacity supporting their cloud platform in South Africa. The disruptions also affected MainOne's website and services.
Mar 14, 2024 599 words in the original blog post.
Let's Encrypt, a public certificate authority (CA), has been using two distinct certificate chains since its launch. One chain is cross-signed with IdenTrust, a globally trusted CA, and the other is Let’s Encrypt’s own root CA, ISRG Root X1. On September 30, 2024, Let’s Encrypt’s certificate chain cross-signed with IdenTrust will expire. To prepare for this change, on May 15, 2024, Cloudflare will stop issuing certificates from the cross-signed chain and will instead use Let’s Encrypt’s ISRG Root X1 chain for all future Let’s Encrypt certificates. This change may impact legacy devices and systems that exclusively rely on the cross-signed chain and lack the ISRG X1 root in their trust store, potentially causing TLS errors or warnings when accessing domains secured by a Let’s Encrypt certificate. Cloudflare recommends updating the trust store to include the ISRG Root X1 for those concerned about the change impacting clients.
Mar 14, 2024 871 words in the original blog post.
Researchers from Ben Gurion University discovered a novel side-channel attack that can be used to read encrypted responses from AI assistants over the web. The attack involves intercepting the stream of a chat session with an LLM provider, using network packet headers to infer the length of each token, extracting and segmenting their sequence, and then using dedicated LLMs to infer the response. To mitigate this vulnerability, Cloudflare added padding to token responses with random length noise to obscure the length of tokens in the stream, thereby complicating attempts to infer information based solely on network packet size. This protection is now automatically applied to all users of Workers AI and AI Gateway.
Mar 14, 2024 1,383 words in the original blog post.
The global political landscape is set to change significantly over the next 12 months with elections occurring in more than 80 nations. Alongside this, new technologies such as AI are capturing our imagination and posing new security challenges. In light of these developments, the role of CISOs has never been more important. Cloudflare's Chief Security Officer, Grant Bourzikas, shared his views on the biggest challenges currently facing the security industry in a recent blog post. Over the past week, Cloudflare announced several new products and features aimed at addressing these crucial challenges for CISOs around the globe. These include features that span across Cloudflare's product portfolio, from application security to securing employees and cloud infrastructure. Additionally, stories have been published on how Cloudflare takes a Customer Zero approach to using its services to manage security within the company. Among the new products and features announced during Security Week are: Firewall for AI, Defensive AI framework, AI Assistant for Security Analytics, Magic Cloud Networking, Security Center enhancements, Data Loss Prevention (DLP) enhancements, user risk scoring in Cloudflare One, eliminating VPN vulnerabilities with Cloudflare One, behavior-based user risk scoring in Cloudflare One, Log Explorer, simpler migration from Netskope and Zscaler to Cloudflare, API protection with JWT Validation, Express Cloudflare Network Interconnect, SASE anxiety for VeloCloud customers, free network flow monitoring for all enterprise customers, building secure websites with Cloudflare Pages and Turnstile Plugin, General Availability of WAF Content Scanning, URL Scanner API enhancements, adherence to CISA's Secure by Design principles, post-quantum Internet updates, Advanced DNS Protection system, Linux kernel security tunables, securing Cloudflare with Cloudflare Zero Trust journey, network performance update, and launching email security insights on Cloudflare Radar. In the coming months, Cloudflare will continue to focus on making the internet better by supporting global democracy during the 2024 voting season, navigating Magecart threats, enhancing URL Scanner API, promoting secure client-side posture, and sharing insights into email security trends. The company is also preparing for its next Innovation Week in early April, which will be focused on the developer community.
Mar 11, 2024 1,464 words in the original blog post.
Cloudflare has introduced URL Scanner, a tool that helps detect and safeguard against malicious websites by scanning and analyzing them. Since its launch in March on Cloudflare Radar, the tool has executed almost a million scans. The integration with Security Center in the Cloudflare Dashboard allows users to access the URL scanner directly from the Investigate Portal, enhancing their cybersecurity workflow. The URL Scanner API is a powerful asset for developers, enabling custom scans to detect phishing or malware risks and analyze website technologies. Developers can now search scans by hostname, specific URL, or any URL the page connected to during the scan. Future plans include additional features like searching by IP address, ASN, and malicious website categorisation.
Mar 08, 2024 2,044 words in the original blog post.
Cloudflare's threat operations and research team, Cloudforce One, has released two new tools to enhance its services for customers. Requests for Information (RFIs) allow users to submit specific queries directly into the analysis queue of the team, while Priority Intelligence Requirements (PIRs) help prioritize intelligence requirements. These tools are designed to streamline access to critical information and improve threat intelligence capabilities for Cloudforce One customers. The team has also utilized Cloudflare Workers and Pages platforms to build an internal pipeline for investigations on behalf of their clients, as well as conducting their own internal investigations of threats and attackers.
Mar 08, 2024 1,735 words in the original blog post.
Cloudflare has been sharing benchmarking results since June 2021 to compare its network performance with other networks. As of February 15, 2024, Cloudflare was the fastest provider for 95th percentile TCP Connection Time in 44% of networks and within 2 ms or 5% of the fastest provider for 10% of the networks measured. The company uses Real User Measurements (RUM) to collect data on various performance metrics, such as TCP Connection Time, Time to First Byte (TTFB), and Time to Last Byte (TTLB). One reason behind Cloudflare's faster connectivity is its adoption and usage of HTTP/3, which allows for faster connection setup times. The company plans to continue identifying areas where it can improve and share updates on its journey to become the fastest network worldwide.
Mar 08, 2024 1,400 words in the original blog post.
Cloudflare has launched a new Email Security section on its Radar platform to provide insights into email security trends across various metrics. The new section covers malicious email tracking, threat categorization, dangerous domains, adoption of email authentication methods, and protocol usage. It aims to help users better understand the state of email security and real-time trends in email-borne threats. The data is available through the Radar API for further analysis and customization.
Mar 08, 2024 2,550 words in the original blog post.
LavaRand is a system that uses physical sources of entropy to enhance the security of the internet. Initially, it was based on lava lamps in Cloudflare's San Francisco office, but has since diversified with new sources such as double pendulums in London and mobiles in Austin. These installations provide unpredictable and visually appealing randomness that is harnessed by LavaRand to refresh the entropy pools of Cloudflare servers periodically. The drand protocol, developed by the League of Entropy, allows for distributed and verifiable public randomness, which can be used in applications ranging from online gaming to timelock encryption.
Mar 08, 2024 3,289 words in the original blog post.
Cloudflare Gateway has introduced protocol detection support for its secure web gateway (SWG), allowing users to detect, log, and filter network protocols regardless of source or destination port. This feature simplifies policy setting without relying on well-known ports and reduces the risk of over/under-filtering activity that could disrupt user productivity. Currently available to Enterprise users, it supports a growing list of protocols including HTTP, HTTPS, SSH, TLS, DCE/RPC, MQTT, and TPKT. The new feature is designed to manage devices via protocols like SSH, which are still extensively used despite the rise of RESTful APIs and GraphQL. It helps prevent over-blocking or under-blocking legitimate traffic, reducing support tickets for administrators. Gateway protocol filtering can be set up by specifying the protocol within a Gateway Network policy on the Zero Trust dashboard. The feature is currently available to Cloudflare One Enterprise account holders and will soon expand to Pay-as-you-go and Free customer accounts, along with an expanded list of supported protocols.
Mar 08, 2024 617 words in the original blog post.
Cloudflare has introduced beta availability of Log Explorer, an extension of its Security Analytics feature that allows users to investigate HTTP and Security Event logs directly from the Cloudflare Dashboard. This reduces time to resolution and overall cost by eliminating the need for third-party security analysis tools. Log Explorer enables engineers and SOC analysts to search through their logs, filter based on any field, switch between basic filter mode or SQL query interface, select fields to display, view log events in tabular format, and find HTTP request records associated with a Ray ID. The feature is built on top of Cloudflare R2 using the Delta Lake protocol for strong consistency and high performance. Future developments include tighter integration with Analytics, addition of more datasets, custom retention periods, and integrated custom alerting.
Mar 08, 2024 1,483 words in the original blog post.
In 2024, over 80 national elections are expected to occur worldwide, impacting approximately 4.2 billion individuals. Elections play a crucial role in democracy by allowing citizens to shape their government and hold leaders accountable. Cloudflare has been supporting state and local governments running elections for free for the past seven years. The company provides security, performance, and reliability tools to facilitate democratic processes. As election officials face increasingly complex challenges in ensuring secure elections, Cloudflare supports various players in the election space by offering protection against threats such as voter manipulation and physical violence.
Mar 07, 2024 2,388 words in the original blog post.
The Advanced DNS Protection system is a robust defense mechanism designed to protect against sophisticated DDoS attacks targeting DNS servers. It leverages new techniques and complements existing systems, providing top-tier security for digital infrastructure. Currently in beta, the system is available at no additional cost for all Magic Transit customers. Advanced DNS Protection helps detect and mitigate randomized DDoS attacks by building a data model of each customer's expected DNS queries based on historical records. It inspects every DNS query sent to its users and passes or drops them accordingly, taking into account individual settings and tolerance levels for unexpected DNS queries.
Mar 07, 2024 2,167 words in the original blog post.
Cloudflare has introduced WAF Content Scanning, a malware file detection and prevention solution that helps protect web servers from security threats related to file uploads. The feature is now generally available and will be rolled out to existing customers by the end of March 2024. It allows users to scan files up to 15 MB in size for potential malware, with improvements made to the dashboard visibility and overall analytics experience. WAF Content Scanning operates in stages, including activation and configuration, scanning engine detection, integration with WAF, and handling of file types and limitations. The feature is available as an add-on license for Enterprise WAF customers.
Mar 07, 2024 1,802 words in the original blog post.
Cloudflare has released a free version of its network flow monitoring product, Magic Network Monitoring, for all Enterprise Customers. The tool helps improve network visibility by providing insights and analytics on traffic volume, top protocols, sources, destinations, ports, and TCP flags. It can be configured in as little as 30 minutes via self-serve onboarding. The free version will be rolled out to all Enterprise Customers over the next month.
Mar 07, 2024 861 words in the original blog post.
Cookies are small files of information that web servers generate and send to web browsers, allowing websites to remember user preferences and login statuses. While cookies can be useful for personalizing user experiences, they also raise privacy concerns as they can be used for tracking and advertising purposes. To address these issues, the ePrivacy Directive requires website owners to specify what cookies are being used and obtain user consent before storing them. However, many websites do not allow scanner bots to crawl through pages and collect cookies due to security measures or authentication requirements. To overcome this challenge, Page Shield Cookie Monitor has been developed to provide a single dashboard view of all first-party cookies being used by websites without requiring any configuration or scanners if Page Shield is enabled. This tool helps website administrators, developers, and compliance team members better understand cookie usage on their sites. Cookies can be classified as first-party or third-party. First-party cookies are set by the website owner and are used to track state against a given website, while third-party cookies are often set by large advertising networks or social networks to track user journeys across multiple websites. The use of cookies for tracking has led browsers like Firefox, Safari, and Google Chrome to start blocking third-party cookies by default, but this does not mean the end of tracking users for advertising purposes; technology advancements have allowed tracking to continue using first-party cookies. To inventory all cookies used when a website is accessed, developers can use browser developer consoles or cookie scanners, which may require additional configurations and could open up potential attack surfaces. Page Shield Cookie Monitor simplifies this process by collecting and displaying all first-party cookies in one place without requiring any scanner. This tool also allows users to filter the list based on domain or path, examine individual cookies, and receive alerts for newly detected cookies.
Mar 07, 2024 1,152 words in the original blog post.
This tutorial guides users through integrating Cloudflare Pages with Turnstile to secure their websites against bots. It covers deploying Pages, embedding the Turnstile widget, validating tokens on the server side, and monitoring Turnstile analytics. The integration ensures a seamless user experience while protecting websites from malicious bots. Both Cloudflare Pages and Turnstile are currently available for free to all users.
Mar 07, 2024 1,618 words in the original blog post.
On January 19, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued Emergency Directive 24-01 to mitigate Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities. U.S. Federal agencies were directed to apply a mitigation within three days. However, further monitoring revealed that threat actors continued exploiting the vulnerabilities. CISA then instructed agencies to disconnect all instances of these products from their networks and perform several actions before bringing them back into service. The incident highlights the risks associated with legacy security paradigms and emphasizes the importance of adopting modern solutions like Cloudflare's Secure Access Service Edge (SASE) platform, which offers Zero Trust principles and least privilege access control.
Mar 06, 2024 926 words in the original blog post.
Cloudflare has announced the integration of MASQUE into Zero Trust WARP for all customers. MASQUE is a protocol that extends the capabilities of HTTP/3 and leverages QUIC transport to efficiently proxy IP and UDP traffic without sacrificing performance or privacy. The integration aims to address the rising demand from Zero Trust customers for features and solutions only MASQUE can deliver, such as making WARP traffic look like HTTPS to avoid detection and blocking by firewalls, and providing FIPS-compliant encryption. This move is part of Cloudflare's ongoing mission to help build a better Internet through enhanced privacy, security, scalability, reliability, and speed.
Mar 06, 2024 1,489 words in the original blog post.
The Linux kernel is crucial to many modern production systems as it manages memory, mediates access to hardware, and enforces security policies. This post discusses various Linux kernel security configurations used at Cloudflare to prevent or minimize potential system compromises. These include secure boot, restricted kernel pointers, Kernel Address Space Layout Randomization (KASLR), kexec_load() disablement, and the Lockdown LSM module. The use of these features helps ensure the integrity and security of Linux systems.
Mar 06, 2024 3,454 words in the original blog post.
The text discusses the challenges faced by VeloCloud customers due to frequent changes in ownership, product names, and strategies. It highlights that architecture is crucial for a successful SASE deployment and criticizes the approach of combining separate technologies from different vendors. The article then introduces Cloudflare's Magic WAN as an alternative solution, emphasizing its global network infrastructure and focus on any-to-any connectivity. It provides guidance on transitioning from VeloCloud to Cloudflare, including consultation sessions, product workshops, and customer success services.
Mar 06, 2024 1,323 words in the original blog post.
Magic Cloud Networking is a new feature by Cloudflare that leverages the innovative technology of Nefeli Networks to provide secure, easy, and seamless connection to public cloud environments. This solution aims to simplify cloud networking management and operations by using familiar concepts to create reliable, cost-effective, and secure networks across multiple cloud providers. Magic Cloud Networking addresses common difficulties in managing cloud networks such as poor end-to-end visibility, different technology, new security risks, and multi-vendor scenarios. It focuses on improving the third layer of networking planes - the management plane - by simplifying, unifying, and automating it. The feature integrates with Cloudflare One to provide a single interface for managing public cloud networks.
Mar 06, 2024 1,953 words in the original blog post.
Cloudflare has announced a significant update to its Cloudflare Network Interconnect (CNI) service, now called Express CNI. This new version aims to make CNIs faster and easier to deploy. Express CNI is a cable that connects a customer's network router directly to Cloudflare, facilitating the direct exchange of information between networks instead of via the internet. It offers improved security, reliability, and speed compared to traditional methods. The update also simplifies how Magic Transit and Magic WAN customers connect to Cloudflare by eliminating the need for GRE tunnels. Additionally, Express CNI is now available in more global locations as new network hardware is installed.
Mar 06, 2024 1,333 words in the original blog post.
The National Institute of Standards and Technology (NIST) is currently working on developing post-quantum cryptographic standards to protect against quantum computing threats. Post-quantum cryptography refers to cryptographic algorithms that are thought to be secure against both classical and quantum computers. NIST has been running a public competition since 2016, with the aim of selecting one or more new public-key cryptographic algorithms for standardization in the post-quantum era. In December 2022, NIST announced its first set of draft standards for post-quantum cryptography: key establishment and digital signatures. The selected algorithms are Kyber (for key establishment) and Dilithium, Falcon, and SPHINCS+ (for digital signatures). Key establishment is the process by which two parties agree on a shared secret over an insecure channel. Digital signatures provide message integrity and non-repudiation of origin. NIST's draft standards for post-quantum cryptography are significant because they represent the first concrete steps towards securing our digital infrastructure against quantum computing threats. However, it is important to note that these algorithms are not yet ready for widespread deployment. NIST plans to continue its public competition and expects to announce additional post-quantum cryptographic standards in the coming years. In summary, NIST's draft standards for post-quantum cryptography represent a major milestone in the ongoing effort to secure our digital infrastructure against quantum computing threats. While these algorithms are not yet ready for widespread deployment, they provide valuable insights into the types of cryptographic techniques that may be needed in the post-quantum era.
Mar 05, 2024 9,168 words in the original blog post.
Cloudflare emphasizes the importance of balancing privacy and security in its network solutions. The company deploys products like Access and Zero Trust Agent for employees while maintaining a strong focus on user privacy. It uses organizational controls such as Acceptable Use Policy, employee privacy notices, and role-based access controls to secure its globally distributed workforce. Technological controls include Cloudflare One services, Secure Web Gateway, remote browser isolation sessions, data loss prevention, and cloud email security. The company also ensures that privacy is respected by building privacy-first security products, communicating transparently with employees about the collected data, and providing mechanisms for addressing employee concerns.
Mar 05, 2024 1,600 words in the original blog post.
The text discusses a new feature set by Cloudflare aimed at providing better visibility and control over customers' security posture. It addresses the growing complexity of cyber threats and expanding attack surface, which complicates maintaining a strong security posture for customers. The new features will provide comprehensive insights into customers' security configurations and state of their deployments across Cloudflare's suite of products. This improvement is not just about leveraging technology but also promoting a culture of proactive security management. The latest update in the Security Center focuses on delivering detailed insights into Cloudflare's deployment status across digital assets, identifying applications where critical services might not be fully configured or optimized. Users can now take proactive steps to close any gaps in their security framework and make decisions swiftly to ensure defenses stay ahead of potential threats.
Mar 05, 2024 838 words in the original blog post.
Cloudflare has introduced a new feature that allows its customers to protect their APIs from broken authentication attacks by validating incoming JSON Web Tokens (JWTs) with API Gateway. This update addresses four main feature requests and includes support for the Bearer token format, multiple JWKS configurations, validation of JWTs sent in cookies, and exclusion of any number of managed endpoints in a JWT validation rule. Broken authentication is the top threat on the OWASP Top 10 and the second-highest threat on the OWASP API Top 10. JSON Web Token Validation in API Gateway enforces a positive security model for authenticated API users, helping to prevent these attacks.
Mar 05, 2024 1,953 words in the original blog post.
Cloudflare has introduced two enhancements to its Data Loss Prevention (DLP) service: Optical Character Recognition (OCR) support and predefined source code detections. OCR allows customers to identify sensitive information within images or scanned documents, while predefined source code detections enable organizations to scan inline traffic for common code languages and block HTTP requests to prevent data leaks. These features are designed to help businesses protect their sensitive data and reduce the risks of breaches, regulatory non-compliance, and reputational damage. The capabilities are available within Cloudflare's DLP engine, which is part of its broader suite of security services for web, SaaS, and private applications.
Mar 05, 2024 770 words in the original blog post.
Today, Cloudflare is launching early access to the Deskope Program, designed to help existing Netskope customers migrate to Cloudflare One for a faster and easier security experience. The company is also expanding its Descaler Program to Authorized Service Delivery Partners, who will have exclusive access to the Descaler toolkit to assist with customer migration to Cloudflare. The Deskope Program follows the same approach as the Descaler process, including tools, processes, and partners for a frictionless technical migration. It is designed to minimize manual effort and reduce potential errors, ensuring accurate translation and optimization of configurations from Netskope to Cloudflare's environment.
Mar 05, 2024 982 words in the original blog post.
Today, Cloudflare is launching early access to the Deskope Program, designed to help existing Netskope customers migrate to Cloudflare One for a faster and more secure experience. The company also announced the expansion of the Descaler Program to Authorized Service Delivery Partners, who will have exclusive access to the Descaler toolkit to assist with customer migration. Deskope follows the same approach as the Descaler process, including tools, processes, and partners for a seamless technical migration. The program is completed through architecture workshops, technical migration tooling, and trusted partner engagements. Cloudflare's commitment to speed, simplicity, and cost-effectiveness makes it an attractive option for customers looking to migrate from Netskope to Cloudflare One.
Mar 05, 2024 982 words in the original blog post.
Cloudflare introduces an AI assistant that enables users to query their security event data using plain language, making it easier to discover anomalies and potential security attacks. The new tool leverages the Workers AI platform to generate time series charts based on natural language requests. Users can now ask questions such as "Compare attack traffic between US and UK" or "Show requests to /admin with a Bot Score over 30" without needing complex filters. This feature is currently in beta for Business and Enterprise customers, with future updates including more advanced query capabilities and automatic WAF rule generation.
Mar 04, 2024 1,084 words in the original blog post.
Cloudflare has introduced new capabilities to its secure access service edge (SASE) platform, Cloudflare One, which uses AI/machine learning techniques to detect risk based on user behavior and improve security posture across organizations. The platform simplifies the process of tracking risk changes within a business by employing user risk scoring. This approach enables administrators to specify behavioral rules and generate dynamic user risk scores, allowing for continuous evaluation and verification in a Zero Trust environment. User risk scoring detects user activities and behaviors that could introduce risk to an organization's systems and data, assigning a score of Low, Medium, or High to the involved users. This feature is sometimes referred to as user and entity behavior analytics (UEBA) and helps teams detect possible account compromise, company policy violations, and other risky activities.
Mar 04, 2024 910 words in the original blog post.
The Cloudflare security research team discovered a malicious script on a customer's website, which was designed to steal Personally Identifiable Information (PII), including credit card details. The script was hosted at the domain cdn.jsdelivr.at and used obfuscation techniques to hide its true intentions. It employed data encoding and decoding functions, targeted specific input fields on the website, and transmitted stolen data secretly to a server controlled by attackers. Proactive detection measures such as Page Shield's machine learning algorithm were able to identify this novel Magecart-style attack with high accuracy. To enhance security against similar threats, Cloudflare recommends implementing Web Application Firewall (WAF) Managed Rule Product, deploying ML-based WAF Attack Score, using Page Shield, and activating Sensitive Data Detection (SDD).
Mar 04, 2024 1,427 words in the original blog post.
Email remains the largest attack vector for cybercriminals attempting to compromise organizations, with phishing attacks continuing to be prevalent due to their ubiquity in business communication. The advent of large language models (LLMs) has led to new applications of generative AI capabilities, including creating more authentic phishing content. LLMs can enhance phishing emails by translating and revising them into more superficially convincing messages or by writing personalized, organizationally-authentic messages using harvested data from compromised accounts. Business Email Compromise (BEC) attacks are particularly devastating financially and benefit from LLMs to make their messages sound more authentic. However, these AI-generated emails still rely on users performing an action that can't be easily spoofed, and they contain other signals like sender reputation and metadata. With the right mitigation strategy and tools in place, organizations can reliably stop LLM-enhanced attacks.
Mar 04, 2024 2,591 words in the original blog post.
Generative AI has become a powerful tool for both good and malicious purposes. It can enhance human productivity but also be used by attackers to create sophisticated phishing attacks and social engineering schemes. To combat these new challenges, Cloudflare developed Defensive AI, which uses data from its vast network to improve the effectiveness of security solutions across various areas such as application security, email security, and Zero Trust platform. One example is API Anomaly Detection for API Gateway, designed to protect APIs from attacks that aim to damage applications, take over accounts, or exfiltrate data. Another area where AI improves security is in the Web Application Firewall (WAF), which uses machine learning models to identify new malicious payloads and extend protection to undiscovered attacks. In email security, Cloudflare Email Security leverages AI models to analyze all parts of a phishing attack and determine risk. The company also introduced behavior-based user risk scoring for its Zero Trust security solution, which detects anomalies in users' behavior and signals that could lead to harm to the organization. Overall, Cloudflare is using AI to enhance various aspects of digital asset protection against evolving threats and bad actors.
Mar 04, 2024 1,693 words in the original blog post.
The United States Cybersecurity and Infrastructure Agency (CISA) and its international partners are promoting 'Secure by Design' principles to encourage software manufacturers to prioritize security in their product development process. This involves designing products with strong security capabilities that are configured by default. Cloudflare, a cybersecurity company, supports these principles and has implemented them in its products and services. The 'Secure by Design' approach is crucial as the world becomes increasingly reliant on technology and internet-connected devices, which can be exploited by attackers if not properly secured. By adhering to CISA's guidelines, manufacturers can enhance security benefits for customers, boost their brand reputation, and reduce long-term maintenance and patching costs.
Mar 04, 2024 2,190 words in the original blog post.
Cloudflare has announced the development of Firewall for AI, a protection layer designed specifically for applications using Large Language Models (LLMs). The toolkit will include Rate Limiting and Sensitive Data Detection features, as well as a new validation layer that analyzes user prompts to identify attempts at exploiting the model. This announcement comes amid growing concerns about the security of AI models and their potential vulnerabilities. Firewall for AI aims to provide a comprehensive solution for securing applications using LLMs by detecting vulnerabilities and offering visibility to model owners.
Mar 04, 2024 2,277 words in the original blog post.
As Chief Security Officer at Cloudflare, I've witnessed an increase in sophisticated security threats and incidents globally. Boards and executives are putting pressure on security organizations to prevent breaches while maintaining only slight budget increases. This has led to regulatory scrutiny for global security leaders who must meet the expectations of executives to protect their companies. In my first year at Cloudflare, I've met with over a hundred customers and engaged in discussions with security peers across various industries. Based on these conversations, we will announce new products addressing common challenges faced by CISOs worldwide, covering aspects such as application security, employee protection, and cloud infrastructure. The key challenges that have emerged from my discussions with CISOs include responding to risks and opportunities from AI, maintaining visibility and control as cloud technology evolves rapidly, and consolidating technologies to effectively manage the security and IT budget. AI is a top concern for global leaders, and our engineering and product teams are working on solutions to protect AI models and applications while preventing data leakage from AI usage. We will also share our philosophy of using AI to enhance defense against sophisticated attacks. Effective security programs focus on reducing complexity, increasing visibility, and robust alerting capabilities. Our team is working on new releases aligned with these challenges, including securing and connecting multi-cloud environments with consistent policy management. Consolidating technology stacks is crucial for driving down costs in the face of economic uncertainty. Strategies that simplify security architectures while reducing room for human error are essential for success. In 2024, we will leverage our robust platforms to stand by our mission to help build a better Internet and protect global democracy and large-scale international events. Security Week is an opportunity for us to share new capabilities and solutions that address the challenges faced by security professionals worldwide.
Mar 03, 2024 1,117 words in the original blog post.