New ways to troubleshoot Cloudflare Access ‘blocked’ messages

New ways to troubleshoot Cloudflare Access 'blocked' messages
New ways to troubleshoot Cloudflare Access 'blocked' messages

Cloudflare Access is the industry’s easiest Zero Trust access control solution to deploy and maintain. Users can connect via Access to reach the resources and applications that power your team, all while Cloudflare’s network enforces least privilege rules and accelerates their connectivity.

Enforcing least privilege rules can lead to accidental blocks for legitimate users. Over the past year, we have focused on adding tools to make it easier for security administrators to troubleshoot why legitimate users are denied access. These block reasons were initially limited to users denied access due to information about their identity (e.g. wrong identity provider group, email address not in the Access policy, etc.)

Zero Trust access control extends beyond identity and device. Cloudflare Access allows for rules that enforce how a user connects. These rules can include their location, IP address, the presence of our Secure Web Gateway and other controls.

Starting today, you can investigate those allow or block decisions based on how a connection was made with the same level of ease that you can troubleshoot user identity. We’re excited to help more teams make the migration to a Zero Trust model as easy as possible and ensure the ongoing maintenance Continue reading

Announcing the Magic WAN Connector: the easiest on-ramp to your next generation network

Announcing the Magic WAN Connector: the easiest on-ramp to your next generation network

This post is also available in 简体中文.

Announcing the Magic WAN Connector: the easiest on-ramp to your next generation network

Cloudflare One enables organizations to modernize their corporate networks by connecting any traffic source or destination and layering Zero Trust security policies on top, saving cost and complexity for IT teams and delivering a better experience for users. Today, we’re excited to make it even easier for you to get connected with the Magic WAN Connector: a lightweight software package you can install in any physical or cloud network to automatically connect, steer, and shape any IP traffic.

You can install the Magic WAN Connector on physical or virtual hardware you already have, or purchase it pre-installed on a Cloudflare-certified device. It ensures the best possible connectivity to the closest Cloudflare network location, where we’ll apply security controls and send traffic on an optimized route to its destination. Embracing SASE has never been simpler.

Solving today’s problems and setting up for tomorrow

Over the past few years, we’ve had the opportunity to learn from IT teams about how their corporate networks have evolved and the challenges they’re facing today. Most organizations describe a starting point of private connectivity and “castle and moat” security controls: a corporate WAN composed of point-to-point and MPLS circuits Continue reading

Network detection and settings profiles for the Cloudflare One agent

Network detection and settings profiles for the Cloudflare One agent
Network detection and settings profiles for the Cloudflare One agent

Teams can connect users, devices, and entire networks to Cloudflare One through several flexible on-ramps. Those on-ramps include traditional connectivity options like GRE or IPsec tunnels, our Cloudflare Tunnel technology, and our Cloudflare One device agent.

Each of these on-ramps send nearly all traffic to Cloudflare’s network where we can filter security threats with products like our Secure Web Gateway and Data Loss Prevention service. In other cases, the destination is an internal resource deployed in Cloudflare’s Zero Trust private network.

However, sometimes users want traffic to stay local. If a user is sitting within a few meters of their printer, they might prefer to connect through their local network instead of adding a hop through Cloudflare. They could configure Cloudflare to always ignore traffic bound for the printer, keeping it local, but when they leave the office they still need to use Cloudflare’s network to reach that printer remotely.

Solving this use case and others like it previously required manual changes from an administrator every time a user moved. An administrator would need to tell Cloudflare’s agent to include traffic sometimes and, in other situations, ignore it. This does not scale.

Starting today, any team using Cloudflare One has Continue reading

Why do CIOs choose Cloudflare One?

Why do CIOs choose Cloudflare One?
Why do CIOs choose Cloudflare One?

Cloudflare’s first customers sought us out as the “Web Application Firewall vendor” or their DDoS-mitigating Content Delivery Network. We earned their trust by solving their problems in those categories and dozens of others. Today, over 100,000 customers now rely on Cloudflare to secure and deliver their Internet properties.

However, our conversations with CIOs evolved over the last few years. The discussions stopped centering around a specific product. CIOs, and CSOs too, approached us with the challenge of managing connectivity and security for their entire enterprise. Whether they described their goals as Zero Trust or Secure Access Service Edge (SASE), their existing appliances and point solutions could no longer keep up. So we built Cloudflare One to help them.

Today, over 10,000 organizations trust Cloudflare One to connect and secure their users, devices, applications, and data. As part of CIO Week, we spoke with the leaders of some of our largest customers to better understand why they selected Cloudflare.

The feedback centered around six themes:

  1. Cloudflare One delivers more complete security.
  2. Cloudflare One makes your team faster.
  3. Cloudflare One is easier to manage.
  4. Cloudflare One products work better together.
  5. Cloudflare One is the most cost-efficient comprehensive SASE offering.
  6. Cloudflare can be Continue reading

Cloudflare protection for all your cardinal directions

Cloudflare protection for all your cardinal directions
Cloudflare protection for all your cardinal directions

As the Internet becomes the new corporate network, traditional definitions within corporate networking are becoming blurry. Concepts of the corporate WAN, “north/south” and “east/west” traffic, and private versus public application access dissolve and shift their meaning as applications shift outside corporate data center walls and users can access them from anywhere. And security requirements for all of this traffic have become more stringent as new attack vectors continue to emerge.

The good news: Cloudflare’s got you covered! In this post, we’ll recap how definitions of corporate network traffic have shifted and how Cloudflare One provides protection for all traffic flows, regardless of source or destination.

North, south, east, and west traffic

In the traditional perimeter security model, IT and network teams defined a “trusted” private network made up of the LANs at corporate locations, and the WAN connecting them. Network architects described traffic flowing between the trusted network and another, untrusted one as “north/south,” because those traffic flows are typically depicted spatially on network diagrams like the one below.

Connected north/south networks could be private, such as one belonging to a partner company, or public like the Internet. Security teams made sure all north/south traffic flowed through one or Continue reading

Announcing Custom DLP profiles

Announcing Custom DLP profiles

Introduction

Announcing Custom DLP profiles

Where does sensitive data live? Who has access to that data? How do I know if that data has been improperly shared or leaked? These questions keep many IT and security administrators up at night. The goal of data loss prevention (DLP) is to give administrators the desired visibility and control over their sensitive data.

We shipped the general availability of DLP in September 2022, offering Cloudflare One customers better protection of their sensitive data. With DLP, customers can identify sensitive data in their corporate traffic, evaluate the intended destination of the data, and then allow or block it accordingly -- with details logged as permitted by your privacy and sovereignty requirements. We began by offering customers predefined detections for identifier numbers (e.g. Social Security #s) and financial information (e.g. credit card #s). Since then, nearly every customer has asked:

“When can I build my own detections?”

Most organizations care about credit card numbers, which use standard patterns that are easily detectable. But the data patterns of intellectual property or trade secrets vary widely between industries and companies, so customers need a way to detect the loss of their unique data. This can include internal project Continue reading

Preview any Cloudflare product today

Preview any Cloudflare product today
Preview any Cloudflare product today

With Cloudflare’s pace of innovation, customers want to be able to see how our products work and sooner to address their needs without having to contact someone. Now they can, without any commitments or limits on monetary value and usage caps.

Ready to get started? Here’s how it works.

For any product* that is currently not part of an enterprise contract, users with administrative access will have the ability to enable the product on the Cloudflare dashboard. With a single click of a button, they can start configuring any required features within seconds.

Preview any Cloudflare product today
Preview any Cloudflare product today

You have access to resources that can help you get started as well as the ongoing support of your sales team. You will be otherwise left to enjoy the product and our team members will be in contact after about 2 weeks. We always look to collect feedback and can also discuss how to have it added to your contract. If more time is needed in the evaluation phase, no problem. If it is decided that it is not a right product fit, we will offboard the product without any penalties.

We are working on offering more and more self-service capabilities that traditionally have not been offered Continue reading

AMD unveils exascale data-center accelerator at CES

The Consumer Electronics Show (CES) might be the last place you’d expect an enterprise product to debut, but AMD unveiled a new server accelerator among the slew of consumer CPUs and GPUs it launched at the Las Vegas show.AMD took the wraps off its Instinct MI300 accelerator, and it’s a doozy.The accelerated processing unit (APU) is a mix of 13 chiplets, including CPU cores, GPU cores, and high bandwidth memory (HBM). Tallied together, AMD's Instinct MI300 accelerator comes in at 146 billion transistors. For comparison, Intel’s ambitious Ponte Vecchio processor will be around 100 billion transistors, and Nvidia’s Hopper H100 GPU is a mere 80 billion transistors.To read this article in full, please click here

AMD unveils exascale data-center accelerator at CES

The Consumer Electronics Show (CES) might be the last place you’d expect an enterprise product to debut, but AMD unveiled a new server accelerator among the slew of consumer CPUs and GPUs it launched at the Las Vegas show.AMD took the wraps off its Instinct MI300 accelerator, and it’s a doozy.The accelerated processing unit (APU) is a mix of 13 chiplets, including CPU cores, GPU cores, and high bandwidth memory (HBM). Tallied together, AMD's Instinct MI300 accelerator comes in at 146 billion transistors. For comparison, Intel’s ambitious Ponte Vecchio processor will be around 100 billion transistors, and Nvidia’s Hopper H100 GPU is a mere 80 billion transistors.To read this article in full, please click here

Cloudflare DDoS threat report for 2022 Q4

Cloudflare DDoS threat report for 2022 Q4
Cloudflare DDoS threat report for 2022 Q4

Welcome to our DDoS Threat Report for the fourth and final quarter of 2022. This report includes insights and trends about the DDoS threat landscape - as observed across Cloudflare’s global network.

In the last quarter of the year, as billions around the world celebrated holidays and events such as Thanksgiving, Christmas, Hanukkah, Black Friday, Singles’ Day, and New Year, DDoS attacks persisted and even increased in size, frequency, and sophistication whilst attempting to disrupt our way of life.

Cloudflare’s automated DDoS defenses stood firm and mitigated millions of attacks in the last quarter alone. We’ve taken all of those attacks, aggregated, analyzed, and prepared the bottom lines to help you better understand the threat landscape.

Global DDoS insights

In the last quarter of the year, despite a year-long decline, the amount of HTTP DDoS attack traffic still increased by 79% YoY. While most of these attacks were small, Cloudflare constantly saw terabit-strong attacks, DDoS attacks in the hundreds of millions of packets per second, and HTTP DDoS attacks peaking in the tens of millions of requests per second launched by sophisticated botnets.

  • Volumetric attacks surged; the number of attacks exceeding rates of 100 gigabits per second (Gbps) grew by Continue reading

Gigabyte spins off its enterprise business to better serve enterprises

Gigabyte has split in two, breaking off its enterprise business as a subsidiary called Giga Computing Technology that's focused on sales and support for its data-center products.The Taiwanese company is well known for its motherboards and GPU cards for gaming, but also for several form factors of servers. Breaking out Giga Computing into a separate unit enables it to better cater to the needs of enterprise customers, according to Daniel Hou, CEO of the new business. “This is just another extension of our long-term plan that will allow our enterprise solutions better react to market forces and to better tailor products to various markets,” Hou said in a statement.To read this article in full, please click here

Gigabyte spins off its enterprise business to better serve enterprises

Gigabyte has split in two, breaking off its enterprise business as a subsidiary called Giga Computing Technology that's focused on sales and support for its data-center products.The Taiwanese company is well known for its motherboards and GPU cards for gaming, but also for several form factors of servers. Breaking out Giga Computing into a separate unit enables it to better cater to the needs of enterprise customers, according to Daniel Hou, CEO of the new business. “This is just another extension of our long-term plan that will allow our enterprise solutions better react to market forces and to better tailor products to various markets,” Hou said in a statement.To read this article in full, please click here

Microsoft to acquire Fungible for augmenting Azure networking, storage

Microsoft on Monday said it is acquiring composable infrastructure services provider Fungible for an undisclosed amount in an effort to augment its Azure networking and storage services.Microsoft’s Fungible acquisition is aimed at accelerating networking and storage performance in datacenters with high-efficiency, low-power data processing units (DPUs), Girish Bablani, corporate vice president, Azure Core, wrote in a blog post.  Data processing units or DPUs are an evolved format of smartNIC that are used to offload server CPU duties onto a separate device to free up server cycles, akin to hardware accelerators such as graphics processing units (GPUs) and field-programmable gate arrays (FPGA).To read this article in full, please click here

Microsoft to acquire Fungible for augmenting Azure networking, storage

Microsoft on Monday said it is acquiring composable infrastructure services provider Fungible for an undisclosed amount in an effort to augment its Azure networking and storage services.Microsoft’s Fungible acquisition is aimed at accelerating networking and storage performance in datacenters with high-efficiency, low-power data processing units (DPUs), Girish Bablani, corporate vice president, Azure Core, wrote in a blog post.  Data processing units or DPUs are an evolved format of smartNIC that are used to offload server CPU duties onto a separate device to free up server cycles, akin to hardware accelerators such as graphics processing units (GPUs) and field-programmable gate arrays (FPGA).To read this article in full, please click here

7 ways to secure backup data

You need to see your backups the way bad actors do: an invaluable resource that can be turned against your organization if you don’t protect them correctly.Ransomware attacks focus on backup servers to either encrypt their data so they can’t restore other systems or to capture company IP and use it for extortion. Neither is a good outcome, so do everything you can to protect your backup data. Here’s how.Encrypt backups Encrypted backup data cannot be used to extort your company. Attackers might be able to exfiltrate it, but it will be useless without the keys. Encryption technology has evolved to a point that this can be handled with relative ease, allowing you to encrypt all backups wherever they are stored.To read this article in full, please click here

From instability to predictability: Transforming network communication to and from China

Getty Images China accounts for nearly 20% of global manufacturing trade and holds a large share of many global value chain inputs. With Connectivity being a challenge, until recently businesses have had to choose between two evils: Either a stable yet cumbersome process with large local telcos, or an unstable, unpredictable network that does not enable smooth communication with apps, cloud workloads, and teams. If your business suffers from communication issues in China, you’re not alone. About 90% of global businesses face these challenges, which result in costly workloads and provisioning. We’ve identified several main challenges:To read this article in full, please click here

Is It Time to Replace TCP in Data Centers?

One of my readers asked for my opinion about the provocative “It’s Time to Replace TCP in the Datacenter” article by prof. John Ousterhout. I started reading it, found too many things that didn’t make sense, and decided to ignore it as another attempt of a proverbial physicist solving hard problems in someone else’s field.

However, pointers to that article kept popping up, and I eventually realized it was a position paper in a long-term process that included conference talks, interviews and keynote speeches, so I decided to take another look at the technical details.

Read more …

Is It Time to Replace TCP in Data Centers?

One of my readers asked for my opinion about the provocative “It’s Time to Replace TCP in the Datacenter” article by prof. John Ousterhout. I started reading it, found too many things that didn’t make sense, and decided to ignore it as another attempt of a proverbial physicist solving hard problems in someone else’s field.

However, pointers to that article kept popping up, and I eventually realized it was a position paper in a long-term process that included conference talks, interviews and keynote speeches, so I decided to take another look at the technical details.

Read more …
1 367 368 369 370 371 3,836