Store your Cloudflare logs on R2
We're excited to announce that customers will soon be able to store their Cloudflare logs on Cloudflare R2 storage. Storing your logs on Cloudflare will give CIOs and Security Teams an opportunity to consolidate their infrastructure; creating simplicity, savings and additional security.
Cloudflare protects your applications from malicious traffic, speeds up connections, and keeps bad actors out of your network. The logs we produce from our products help customers answer questions like:
- Why are requests being blocked by the Firewall rules I’ve set up?
- Why are my users seeing disconnects from my applications that use Spectrum?
- Why am I seeing a spike in Cloudflare Gateway requests to a specific application?
Storage on R2 adds to our existing suite of logging products. Storing logs on R2 fills in gaps that our customers have been asking for: a cost-effective solution to store logs for any of our products for any period of time.
Goodbye to old school logging
Let’s rewind to the early 2000s. Most organizations were running their own self-managed infrastructure: network devices, firewalls, servers and all the associated software. Each company has to manage logs coming from hundreds of sources in the IT stack. With dedicated storage needed for retaining Continue reading
Control input on suspicious sites with Cloudflare Browser Isolation
Your team can now use Cloudflare’s Browser Isolation service to protect against phishing attacks and credential theft inside the web browser. Users can browse more of the Internet without taking on the risk. Administrators can define Zero Trust policies to prohibit keyboard input and transmitting files during high risk browsing activity.
Earlier this year, Cloudflare Browser Isolation introduced data protection controls that take advantage of the remote browser’s ability to manage all input and outputs between a user and any website. We’re excited to extend that functionality to apply more controls such as prohibiting keyboard input and file uploads to avert phishing attacks and credential theft on high risk and unknown websites.
Challenges defending against unknown threats
Administrators protecting their teams from threats on the open Internet typically implement a Secure Web Gateway (SWG) to filter Internet traffic based on threat intelligence feeds. This is effective at mitigating known threats. In reality, not all websites fit neatly into malicious or non-malicious categories.
For example, a parked domain with typo differences to an established web property could be legitimately registered for an unrelated product or become weaponized as a phishing attack. False-positives are tolerated by risk-averse administrators but come at the Continue reading
Introducing the Customer Metadata Boundary
Data localisation has gotten a lot of attention in recent years because a number of countries see it as a way of controlling or protecting their citizens’ data. Countries such as Australia, China, India, Brazil, and South Korea have or are currently considering regulations that assert legal sovereignty over their citizens’ personal data in some fashion — health care data must be stored locally; public institutions may only contract with local service providers, etc.
In the EU, the recent “Schrems II” decision resulted in additional requirements for companies that transfer personal data outside the EU. And a number of highly regulated industries require that specific types of personal data stay within the EU’s borders.
Cloudflare is committed to helping our customers keep personal data in the EU. Last year, we introduced the Data Localisation Suite, which gives customers control over where their data is inspected and stored.
Today, we’re excited to introduce the Customer Metadata Boundary, which expands the Data Localisation Suite to ensure that a customer’s end user traffic metadata stays in the EU.
Metadata: a primer
“Metadata” can be a scary term, but it’s a simple concept — it just means “data about data.” In other Continue reading
How Vitamin C Improves Stress Resilience at Work
We all go through stressful situations at work. It is important to find ways to manage stress and relieve the symptoms of it when we are feeling overwhelmed. In this blog post, we will discuss how Vitamin C can improve your resilience in stressful situations at work. We will share with you the benefits of taking a Vitamin C supplement and explain why it is important for workplace health. Let’s get started.
Vitamin C Is an Essential Nutrient
Vitamin C is an essential nutrient that our body cannot produce on its own. We need to get Vitamin C from dietary sources or supplements, because it plays a key role in many processes of the human body. It strengthens the immune system and helps with wound healing by forming collagen (the protein found in connective tissues). Vitamin C also supports healthy vision and bone health. At work, we are exposed to all kinds of stressors which deplete our bodies’ stores of nutrients like Vitamin C. This can result in reduced immunity and poor recovery after illness or injury – both conditions that make us less productive at work! There are some simple ways you can improve your resilience when faced with Continue reading
Highlights: Multi-Threaded Routing Daemons
The multi-threaded routing daemons blog post generated numerous in-depth comments here and on LinkedIn. As always, thanks a million for keeping me honest and providing more details or additional perspectives. Here are some of the best bits.
Jeff Tantsura provided the first dose of reality:
All modern routing protocols implementations are multi-threaded, with a minimum separation of adjacency handling, route calculations and update generation. Note - writing multi-threaded code for complex tasks is a non trivial exercise (you could search for thread safety and similar artifacts and what happens when not implemented correctly). Moving to a multi-threaded code in early 2010s resulted in a multi-release (year) effort and 100s of related bugs all around.
Dr. Tony Przygienda added his hands-on experience (he’s been developing routing protocol software for ages):
Highlights: Multi-Threaded Routing Daemons
The multi-threaded routing daemons blog post generated numerous in-depth comments here and on LinkedIn. As always, thanks a million for keeping me honest and providing more details or additional perspectives. Here are some of the best bits.
Jeff Tantsura provided the first dose of reality:
All modern routing protocols implementations are multi-threaded, with a minimum separation of adjacency handling, route calculations and update generation. Note - writing multi-threaded code for complex tasks is a non trivial exercise (you could search for thread safety and similar artifacts and what happens when not implemented correctly). Moving to a multi-threaded code in early 2010s resulted in a multi-release (year) effort and 100s of related bugs all around.
Dr. Tony Przygienda added his hands-on experience (he’s been developing routing protocol software for ages):
Get Moving: 3G Sunsetting Deadline is Rapidly Approaching
What makes 3G sunsetting so potentially disruptive is that 3G has been used for nearly 20 years. For a generation of users and applications, it has been the service of choice.They’ll Remember The Rage Monster
I was tired. Very tired. Tired in my brain. Tired in my body. I needed to eat, puke, and scream…all of those things as soon as possible. Big cutovers are like that. You know the kind of change I’m talking about. The kind where you only get a maintenance window twice a year, so you plan to throw in the new core switch pair because that’s easy, re-tool the BGP peering that twelve other changes are waiting for, and bring up the new firewall all in one night.
Stupid! Unthinkable! Small changes only!! I mean…obviously. Of course. But sometimes, that’s just not the way it works out. And so it was that after several hours of executing a meticulously planned change that would create the network foundation for the company’s big plans, I needed to eat, puke, and scream.
You see, the change hadn’t got entirely well. It had only gone mostly well. The core switch upgrade really was easy. The BGP peering work went well enough. The new firewall was a fight, though.
At first, the firewall pair wouldn’t pass traffic. At all. Despite a lovely routing table and so on. After sitting in the freezing data center for Continue reading
No REST For The Wicked
So far, this series has explored applying the Model, View, Controller (MVC) software design pattern to infrastructure with purely Python-driven network automation. We have created a fully function infrastructure-as-software application using the out-of-the-box Django framework; a PostgreSQL database (Model); pyATS jobs (Controller); and the trinity of Python URLs and Views and Django Templating Language (DTL) […]
The post No REST For The Wicked appeared first on Packet Pushers.
4 Hot Network Security Acronyms You Must Know: ZTN, XDR, SASE, BYOD
Organizations must adopt a forward-looking network security strategy that can deal with advanced threats, ensure regulatory compliance, and safeguard the network.Tech Bytes: The Security Fabric Advantage With Fortinet (Sponsored)
Today's Tech Bytes podcast is a security conversation--specifically security fabrics or ‘security mesh’ architectures: an integrated set of products that work together to help you manage risk in the network, on endpoints, and to do things like improve detection and response. Fortinet is our sponsor.
The post Tech Bytes: The Security Fabric Advantage With Fortinet (Sponsored) appeared first on Packet Pushers.