See risk, fix risk: introducing Remediation in Cloudflare CASB
Starting today, Cloudflare CASB customers can do more than see risky file-sharing across their SaaS apps: they can fix it, directly from the Cloudflare One dashboard.
This launch marks a huge advancement for Cloudflare’s Cloud Access Security Broker (CASB). Since its release, Cloudflare’s API-based CASB has focused on providing robust, comprehensive visibility and detection. It also connects to the SaaS tools your business runs on, surfacing misconfigurations, and flagging overshared data before it becomes tomorrow’s incident.
With today’s release of Remediation – a new way to fix problems with just a click, right from the CASB Findings page – CASB begins its next chapter, and moves from telling you what’s wrong to helping you make it right.
An example of a Remediation Action (Remove Public File Sharing) in a CASB Finding.
Inside Cloudflare One, our SASE platform, CASB connects to the SaaS and cloud tools your teams already use. By talking to providers over API, CASB gives security and IT teams:
A consolidated view of misconfigurations, overshared files, and risky access patterns across apps like Microsoft 365, Google Workspace, Slack, Salesforce, Box, GitHub, Jira, and Confluence (CASB Integrations).
From reactive to proactive: closing the phishing gap with LLMs
Email security has always been defined by impermanence. It is a perpetual call-and-response arms race, where defenses are only as strong as the last bypass discovered and attackers iterate relentlessly for even marginal gains. Every control we deploy eventually becomes yesterday’s solution.
What makes this challenge especially difficult is that our biggest weaknesses are, by definition, invisible.
This problem is best illustrated by a classic example from World War II. Mathematician Abraham Wald was tasked with helping Allied engineers decide where to reinforce bomber aircraft. Engineers initially focused on the bullet holes visible on planes returning from missions. Wald pointed out the flaw: they were reinforcing the areas where planes could already take damage and survive. The true vulnerabilities were on the planes that never came back.
Email security faces an identical hurdle: our detection gaps are unseen. By integrating LLMs, we advance email phishing protection and move from reactive to proactive detection improvement.
The limits of reactive defense
Traditional email security systems improve primarily through user-reported misses. For example, if we marked a spam message as clean, customers can send us the original EML to our pipelines for our analysts to analyze and update our models. This feedback loop Continue reading
How Cloudy translates complex security into human action
Today’s security ecosystem generates a staggering amount of complex telemetry. For instance, processing a single email requires analyzing sender reputation, authentication results, link behavior, infrastructure metadata, and countless other attributes. Simultaneously, Cloud access security broker (CASB) engines continuously scan SaaS environments for signals that detect misconfigurations, risky access, and exposed data.
But while detections have become more sophisticated, explanations have not always kept pace.
Security and IT teams are often aware when something is flagged, but they do not always know, at a glance, why. End users are asked to make real-time decisions about emails that may impact the entire organization, yet they are rarely given clear, contextual guidance in the moment that matters.
Cloudy changes that.
Cloudy is our LLM-powered explanation layer, built directly into Cloudflare One. It translates complex machine learning outputs into precise, human-readable guidance for security teams and end users alike. Instead of exposing raw technical signals, Cloudy surfaces the reasoning behind a detection in a way that drives informed action.
For Cloudflare Email Security, this means helping users understand why a message was flagged before they escalate it to the security operations center, or SOC. For Cloudflare CASB, it means helping administrators quickly understand Continue reading
Initial Setup of MikroTik hAP ax³ Router
The MikroTik hAP ax³ is the latest addition to MikroTik's family of dual-band wireless routers. […]
The post Initial Setup of MikroTik hAP ax³ Router first appeared on Brezular's Blog.
NB564: New Juniper Routers Pump Up AI and Cloud-Scale Traffic; Anthropic Vs. DoD
Take a Network Break! We start with follow-up on the proper pronunciation of the US state of Nevada, and then sound the alarm about new research that gets around WiFi client isolation and could enable man-in-the-middle attacks. On the news front, AMD and Meta strike a massive deal in which AMD will sell its stock... Read more »Tech Bytes: Protecting OT Networks When the Perimeter Vanishes (Sponsored)
OT networks used to be air-gapped. These days, more and more OT networks are being bridged by IT networks, which exposes critical industrial controls and other systems to serious risk. On today’s Tech Bytes, sponsored by Palo Alto Networks, we dig into how organizations can detect “precursor signals” that may indicate a broader attack chain,... Read more »netlab: Using L3VPN (MPLS/VPN) with SR-MPLS Core
Someone recently asked me whether it’s possible to use netlab to build an MPLS/VPN (technically, BGP/MPLS IP VPN) lab with SR-MPLS core. Of course, let’s build a simple lab using Arista EOS and Linux containers to implement this topology:
Lab topology
Here’s the lab topology we’ll use (also available on GitHub):
Packet trimming Deep Dive – Part IV
Receive Network Processing Unit (Rx NPU)
Figure 9-4 illustrates a simplified receive-side processing pipeline, starting from the moment a Packet Header Vector (PHV), constructed by the Rx IFG, is delivered to the Receive Network Processing Unit (Rx NPU).
When the PHV arrives at the Rx NPU, it is dispatched to one of the Run-to-Completion (RTC) cores in the Packet Processing Array (PPA). Each RTC core processes the packet within a single execution context, allowing parsing, classification, lookup, and queuing decisions to be resolved without intermediate handoffs between processing stages.
The first task of the RTC parser is to perform deep inspection of the packet headers. While the Rx IFG has already extracted basic Layer-2 and Layer-3 information, the RTC parser determines whether the packet is tunneled and whether the switch itself is the tunnel termination point. To demonstrate this behavior, consider a VXLAN-encapsulated packet. The outer Ethernet and IP headers are used to forward the packet through the underlay network. If the outer destination IP address matches one of the local switch IP addresses, the device identifies itself as the tunnel endpoint. The tunneling protocol is recognized by examining the UDP header, where destination port 4789 indicates VXLAN. After the Continue reading
The truly programmable SASE platform
Every organization approaches security through a unique lens, shaped by their tooling, requirements, and history. No two environments look the same, and none stay static for long. We believe the platforms that protect them shouldn't be static either.
Cloudflare built our global network to be programmable by design, so we can help organizations unlock this flexibility and freedom. In this post, we’ll go deeper into what programmability means, and how Cloudflare One, our SASE platform, helps customers architect their security and networking with our building blocks to meet their unique and custom needs.
The term programmability has become diluted by the industry. Most security vendors claim programmability because they have public APIs, documented Terraform providers, webhooks, and alerting. That’s great, and Cloudflare offers all of those things too.
These foundational capabilities provide customization, infrastructure-as-code, and security operations automation, but they're table stakes. With traditional programmability, you can configure a webhook to send an alert to Slack when a policy triggers.
But the true value of programmability is something different. It is the ability to intercept a security event, enrich it with external context, and act on it in real time. Say a user attempts to Continue reading
Beyond the blank slate: how Cloudflare accelerates your Zero Trust journey
In the world of cybersecurity, "starting from scratch" is a double-edged sword. On one hand, you have a clean slate; on the other, you face a mountain of configurations, best practices, and potential "gotchas."
While Cloudflare One has been often cited as one of the easiest-to-use SASE platforms, there is no magic without proper configuration. And while Cloudflare has been striving to simplify complex networking concepts by creating products such as Cloudflare WAN, Magic Transit, and Cloudflare Network Firewall, which simplify and reduce the typical complexity associated with deploying comparable functions from other vendors, the breadth of capabilities provided by Cloudflare One require creation of best-practice policies and templates to achieve the most optimal outcomes.
To make it easy to start taking advantage of Cloudflare’s powerful SASE platform, we have developed a method that ensures customers get the right configuration quickly and easily. We call it Project Helix.
In this post, we’ll dig into the problem of getting the correct customization, and how we built Project Helix to make it simple. That means our customers have access to the most powerful SASE platform out there — and the easiest to onboard.
The complexity barrier: Why Continue reading
Modernizing with agile SASE: a Cloudflare One blog takeover
Return to office has stalled for many, and the “new normal” for what the corporate network means is constantly changing. In 2026, your office may be a coffee shop, your workforce includes autonomous AI agents, and your perimeter is wherever the Internet reaches. This shift has forced a fundamental change in how we think about security, moving us toward a critical new architecture: agile SASE.
For too long, organizations have struggled under a 'fragmentation penalty,' juggling a patchwork of legacy hardware and Virtual Private Network (VPN) concentrators. These tools don't just require massive upfront investment; they create a mountain of technical debt — the cumulative cost of maintaining thousands of conflicting firewall rules, manual patches, and aging hardware that can’t support AI-scale traffic.
First-generation SASE providers promised a cure, but often just moved the mess to the cloud. By treating every data center as an isolated island, they’ve replaced hardware silos with operational silos. The result isn't a lack of visibility, but a lack of actionability: plenty of data, but no single way to enforce a consistent policy across a borderless enterprise.
Our customers have told us they need an agile and composable platform. This week, we are announcing Continue reading
Air Terjun Jaran Kurus Lombok Barat: Pesona Alam Tersembunyi yang Menenangkan
Daftar Pustaka
Mengenal Air Terjun Jaran Kurus Lombok Barat
Air Terjun Jaran Kurus Lombok Barat menawarkan keindahan alam alami yang masih terjaga. Selain itu, air terjun ini menghadirkan suasana tenang. Oleh karena itu, banyak wisatawan mencari lokasi ini.
Selanjutnya, air terjun ini berada di kawasan perbukitan hijau. Kemudian, pepohonan rimbun mengelilingi area sekitar. Dengan begitu, udara terasa sejuk sepanjang hari.
Selain keindahan visual, suara air yang jatuh menciptakan ketenangan. Bahkan, pengunjung sering merasa rileks saat tiba. Karena itu, tempat ini cocok untuk melepas penat.
Lokasi dan Akses Menuju Air Terjun
Air Terjun Jaran Kurus terletak di wilayah Lombok Barat, Nusa Tenggara Barat. Tepatnya, lokasi ini berada di kawasan pedesaan yang asri. Oleh sebab itu, perjalanan terasa menyenangkan.
Pertama, pengunjung harus menempuh perjalanan darat. Setelah itu, perjalanan dilanjutkan dengan trekking ringan. Meskipun begitu, jalur masih ramah bagi pemula.
Selanjutnya, pengunjung akan melewati kebun warga. Kemudian, pemandangan hijau menemani langkah perjalanan. Dengan demikian, perjalanan Continue reading
Petra Kota Mawar: Keajaiban Arsitektur Batu di Yordania
Daftar Pustaka
Sejarah Singkat Petra Kota Mawar
Petra Kota Mawar berdiri megah di selatan Yordania. Kota ini berkembang melalui peradaban Bangsa Nabatea. Awalnya, masyarakat Nabatea membangun Petra sebagai pusat dagang. Selain itu, mereka menguasai jalur rempah strategis. Oleh karena itu, Petra cepat berkembang. Kemudian, kota ini berubah menjadi pusat ekonomi penting. UNESCO akhirnya menetapkan Petra sebagai Situs Warisan Dunia. Bahkan, dunia mengenalnya sebagai Kota Mawar karena warna batunya. Selanjutnya, wisatawan global terus berdatangan setiap tahun.
Keunikan Arsitektur Petra
Arsitektur Petra menampilkan teknik pahat luar biasa. Pengrajin memahat bangunan langsung dari tebing batu. Selain itu, mereka mengandalkan ketelitian tinggi. Al-Khazneh menjadi ikon paling terkenal. Bangunan ini sering disebut The Treasury. Namun, Petra memiliki ratusan struktur lain. Oleh karena itu, setiap sudut menghadirkan kejutan visual. Selanjutnya, warna batu berubah mengikuti cahaya matahari. Akibatnya, Petra tampak hidup sepanjang hari.
Sistem Air Canggih Bangsa Nabatea
Bangsa Nabatea menciptakan sistem air Petra yang inovatif. Mereka membangun kanal dan waduk. Selain itu, mereka mengontrol banjir gurun. Oleh karena itu, kota tetap bertahan lama. Selanjutnya, sistem ini Continue reading
Measuring DNS over IPv6
Is the DNS ready for IPv6? Are we ready to deploy IPv6-only Authoritative Nameservers? Let's measure the Internet to find out the answer!Hedge 297: MPLS
Has MPLS really “died” because of SD-WAN services? Scott Robohn joins Tom and Russ to talk about the past and future of MPLS.
download
TNO056: A Culture of Precise Work: Data Center NetOps
With the continued growth of data centers for clouds, neoclouds (especially AI model training), for carriers, and for the enterprise, it’s important to discuss data center network operations and issues. Scott is joined by Dr. Peter Welcher, a consultant, blogger, and Tech Field contributor. Together, they dive into how latency and the rise of AI... Read more »HN816: Inside the Case: A Hardware Deep Dive with Meter (Sponsored)
Our topic today is the designing and building of high-performance networking hardware. If you assume the hardware details don’t matter, you’re missing the intentional engineering required to build truly reliable and quiet infrastructure. In this sponsored episode, we discuss Meter’s hardware philosophy with our guest, Joshua Markell, Head of Hardware at Meter. Joshua walks us... Read more »Packet Trimming Deep Dive – Part III
Virtual Output Queue (VOQ)
The Silicon One VOQ Architecture
Instead of using dedicated deep interface buffers for packet queuing, Cisco Silicon One utilizes a Centralized Shared Memory architecture paired with a logical Virtual Output Queue (VOQ) mechanism. Because the VOQ concept is implemented within the Ingress (Rx) NPU entity, this queuing stage occurs after the initial ingress lookups but before the packet is switched across the internal fabric to the egress.
The VOQ model turns the traditional egress queuing model, where packets wait for serialization in a hardware buffer on the specific egress interface, upside down. While a VOQ is physically located on the ingress NPU, its ability to send traffic is controlled by the state of a small hardware Output Queue (OQ) on the egress interface.
Priority Mapping and Default State
As shown in Figure 9-3, a QoS policy can be created where a packet received on interface gi1/0/1 is assigned to Traffic Class 6 if the DSCP bits are set to EF (Expedited Forwarding). This configuration instantiates a VOQ specifically for that traffic class. In this hierarchy:
TC 7 (Control Plane/CS6): Mapped to OQ 1, the highest Strict Priority (Level 1).
TC 6 (DSCP-TRIMMED/EF): Mapped to OQ 2, Continue reading
Lab: More Complex EVPN/VXLAN Bridging Scenario
In the first EVPN/VXLAN lab, we added the EVPN control plane to bridging over VXLAN. Now, let’s try out a more complex scenario: several EVPN MAC-VRFs mapped to different VLAN segments on individual PE-devices.
You can run the lab on your own netlab-enabled infrastructure (more details), but also within a free GitHub Codespace or even on your Apple-silicon Mac (installation, using Arista cEOS container, using VXLAN/EVPN labs).
Toxic combinations: when small signals add up to a security incident
At 3 AM, a single IP requested a login page. Harmless. But then, across several hosts and paths, the same source began appending ?debug=true — the sign of an attacker probing the environment to assess the technology stack and plan a breach.
Minor misconfigurations, overlooked firewall events, or request anomalies feel harmless on their own. But when these small signals converge, they can explode into security incidents known as “toxic combinations.” These are exploits where an attacker discovers and compounds many minor issues — such as a debug flag left on a web application or an unauthenticated application path — to breach systems or exfiltrate data.
Cloudflare’s network observes requests to your stack, and as a result, has the data to identify these toxic combinations as they form. In this post, we’ll show you how we surface these signals from our application security data. We’ll go over the most common types of toxic combinations and the dangerous vulnerabilities they present. We will also provide details on how you can use this intelligence to identify and address weaknesses in your stack.
You could define a "toxic combination" in a few different ways, but here Continue reading