Network detection and settings profiles for the Cloudflare One agent

Network detection and settings profiles for the Cloudflare One agent
Network detection and settings profiles for the Cloudflare One agent

Teams can connect users, devices, and entire networks to Cloudflare One through several flexible on-ramps. Those on-ramps include traditional connectivity options like GRE or IPsec tunnels, our Cloudflare Tunnel technology, and our Cloudflare One device agent.

Each of these on-ramps send nearly all traffic to Cloudflare’s network where we can filter security threats with products like our Secure Web Gateway and Data Loss Prevention service. In other cases, the destination is an internal resource deployed in Cloudflare’s Zero Trust private network.

However, sometimes users want traffic to stay local. If a user is sitting within a few meters of their printer, they might prefer to connect through their local network instead of adding a hop through Cloudflare. They could configure Cloudflare to always ignore traffic bound for the printer, keeping it local, but when they leave the office they still need to use Cloudflare’s network to reach that printer remotely.

Solving this use case and others like it previously required manual changes from an administrator every time a user moved. An administrator would need to tell Cloudflare’s agent to include traffic sometimes and, in other situations, ignore it. This does not scale.

Starting today, any team using Cloudflare One has Continue reading

Why do CIOs choose Cloudflare One?

Why do CIOs choose Cloudflare One?
Why do CIOs choose Cloudflare One?

Cloudflare’s first customers sought us out as the “Web Application Firewall vendor” or their DDoS-mitigating Content Delivery Network. We earned their trust by solving their problems in those categories and dozens of others. Today, over 100,000 customers now rely on Cloudflare to secure and deliver their Internet properties.

However, our conversations with CIOs evolved over the last few years. The discussions stopped centering around a specific product. CIOs, and CSOs too, approached us with the challenge of managing connectivity and security for their entire enterprise. Whether they described their goals as Zero Trust or Secure Access Service Edge (SASE), their existing appliances and point solutions could no longer keep up. So we built Cloudflare One to help them.

Today, over 10,000 organizations trust Cloudflare One to connect and secure their users, devices, applications, and data. As part of CIO Week, we spoke with the leaders of some of our largest customers to better understand why they selected Cloudflare.

The feedback centered around six themes:

  1. Cloudflare One delivers more complete security.
  2. Cloudflare One makes your team faster.
  3. Cloudflare One is easier to manage.
  4. Cloudflare One products work better together.
  5. Cloudflare One is the most cost-efficient comprehensive SASE offering.
  6. Cloudflare can be Continue reading

Cloudflare protection for all your cardinal directions

Cloudflare protection for all your cardinal directions
Cloudflare protection for all your cardinal directions

As the Internet becomes the new corporate network, traditional definitions within corporate networking are becoming blurry. Concepts of the corporate WAN, “north/south” and “east/west” traffic, and private versus public application access dissolve and shift their meaning as applications shift outside corporate data center walls and users can access them from anywhere. And security requirements for all of this traffic have become more stringent as new attack vectors continue to emerge.

The good news: Cloudflare’s got you covered! In this post, we’ll recap how definitions of corporate network traffic have shifted and how Cloudflare One provides protection for all traffic flows, regardless of source or destination.

North, south, east, and west traffic

In the traditional perimeter security model, IT and network teams defined a “trusted” private network made up of the LANs at corporate locations, and the WAN connecting them. Network architects described traffic flowing between the trusted network and another, untrusted one as “north/south,” because those traffic flows are typically depicted spatially on network diagrams like the one below.

Connected north/south networks could be private, such as one belonging to a partner company, or public like the Internet. Security teams made sure all north/south traffic flowed through one or Continue reading

Announcing Custom DLP profiles

Announcing Custom DLP profiles

Introduction

Announcing Custom DLP profiles

Where does sensitive data live? Who has access to that data? How do I know if that data has been improperly shared or leaked? These questions keep many IT and security administrators up at night. The goal of data loss prevention (DLP) is to give administrators the desired visibility and control over their sensitive data.

We shipped the general availability of DLP in September 2022, offering Cloudflare One customers better protection of their sensitive data. With DLP, customers can identify sensitive data in their corporate traffic, evaluate the intended destination of the data, and then allow or block it accordingly -- with details logged as permitted by your privacy and sovereignty requirements. We began by offering customers predefined detections for identifier numbers (e.g. Social Security #s) and financial information (e.g. credit card #s). Since then, nearly every customer has asked:

“When can I build my own detections?”

Most organizations care about credit card numbers, which use standard patterns that are easily detectable. But the data patterns of intellectual property or trade secrets vary widely between industries and companies, so customers need a way to detect the loss of their unique data. This can include internal project Continue reading

Preview any Cloudflare product today

Preview any Cloudflare product today
Preview any Cloudflare product today

With Cloudflare’s pace of innovation, customers want to be able to see how our products work and sooner to address their needs without having to contact someone. Now they can, without any commitments or limits on monetary value and usage caps.

Ready to get started? Here’s how it works.

For any product* that is currently not part of an enterprise contract, users with administrative access will have the ability to enable the product on the Cloudflare dashboard. With a single click of a button, they can start configuring any required features within seconds.

Preview any Cloudflare product today
Preview any Cloudflare product today

You have access to resources that can help you get started as well as the ongoing support of your sales team. You will be otherwise left to enjoy the product and our team members will be in contact after about 2 weeks. We always look to collect feedback and can also discuss how to have it added to your contract. If more time is needed in the evaluation phase, no problem. If it is decided that it is not a right product fit, we will offboard the product without any penalties.

We are working on offering more and more self-service capabilities that traditionally have not been offered Continue reading

AMD unveils exascale data-center accelerator at CES

The Consumer Electronics Show (CES) might be the last place you’d expect an enterprise product to debut, but AMD unveiled a new server accelerator among the slew of consumer CPUs and GPUs it launched at the Las Vegas show.AMD took the wraps off its Instinct MI300 accelerator, and it’s a doozy.The accelerated processing unit (APU) is a mix of 13 chiplets, including CPU cores, GPU cores, and high bandwidth memory (HBM). Tallied together, AMD's Instinct MI300 accelerator comes in at 146 billion transistors. For comparison, Intel’s ambitious Ponte Vecchio processor will be around 100 billion transistors, and Nvidia’s Hopper H100 GPU is a mere 80 billion transistors.To read this article in full, please click here

AMD unveils exascale data-center accelerator at CES

The Consumer Electronics Show (CES) might be the last place you’d expect an enterprise product to debut, but AMD unveiled a new server accelerator among the slew of consumer CPUs and GPUs it launched at the Las Vegas show.AMD took the wraps off its Instinct MI300 accelerator, and it’s a doozy.The accelerated processing unit (APU) is a mix of 13 chiplets, including CPU cores, GPU cores, and high bandwidth memory (HBM). Tallied together, AMD's Instinct MI300 accelerator comes in at 146 billion transistors. For comparison, Intel’s ambitious Ponte Vecchio processor will be around 100 billion transistors, and Nvidia’s Hopper H100 GPU is a mere 80 billion transistors.To read this article in full, please click here

Cloudflare DDoS threat report for 2022 Q4

Cloudflare DDoS threat report for 2022 Q4
Cloudflare DDoS threat report for 2022 Q4

Welcome to our DDoS Threat Report for the fourth and final quarter of 2022. This report includes insights and trends about the DDoS threat landscape - as observed across Cloudflare’s global network.

In the last quarter of the year, as billions around the world celebrated holidays and events such as Thanksgiving, Christmas, Hanukkah, Black Friday, Singles’ Day, and New Year, DDoS attacks persisted and even increased in size, frequency, and sophistication whilst attempting to disrupt our way of life.

Cloudflare’s automated DDoS defenses stood firm and mitigated millions of attacks in the last quarter alone. We’ve taken all of those attacks, aggregated, analyzed, and prepared the bottom lines to help you better understand the threat landscape.

Global DDoS insights

In the last quarter of the year, despite a year-long decline, the amount of HTTP DDoS attack traffic still increased by 79% YoY. While most of these attacks were small, Cloudflare constantly saw terabit-strong attacks, DDoS attacks in the hundreds of millions of packets per second, and HTTP DDoS attacks peaking in the tens of millions of requests per second launched by sophisticated botnets.

  • Volumetric attacks surged; the number of attacks exceeding rates of 100 gigabits per second (Gbps) grew by Continue reading

Gigabyte spins off its enterprise business to better serve enterprises

Gigabyte has split in two, breaking off its enterprise business as a subsidiary called Giga Computing Technology that's focused on sales and support for its data-center products.The Taiwanese company is well known for its motherboards and GPU cards for gaming, but also for several form factors of servers. Breaking out Giga Computing into a separate unit enables it to better cater to the needs of enterprise customers, according to Daniel Hou, CEO of the new business. “This is just another extension of our long-term plan that will allow our enterprise solutions better react to market forces and to better tailor products to various markets,” Hou said in a statement.To read this article in full, please click here

Gigabyte spins off its enterprise business to better serve enterprises

Gigabyte has split in two, breaking off its enterprise business as a subsidiary called Giga Computing Technology that's focused on sales and support for its data-center products.The Taiwanese company is well known for its motherboards and GPU cards for gaming, but also for several form factors of servers. Breaking out Giga Computing into a separate unit enables it to better cater to the needs of enterprise customers, according to Daniel Hou, CEO of the new business. “This is just another extension of our long-term plan that will allow our enterprise solutions better react to market forces and to better tailor products to various markets,” Hou said in a statement.To read this article in full, please click here

Microsoft to acquire Fungible for augmenting Azure networking, storage

Microsoft on Monday said it is acquiring composable infrastructure services provider Fungible for an undisclosed amount in an effort to augment its Azure networking and storage services.Microsoft’s Fungible acquisition is aimed at accelerating networking and storage performance in datacenters with high-efficiency, low-power data processing units (DPUs), Girish Bablani, corporate vice president, Azure Core, wrote in a blog post.  Data processing units or DPUs are an evolved format of smartNIC that are used to offload server CPU duties onto a separate device to free up server cycles, akin to hardware accelerators such as graphics processing units (GPUs) and field-programmable gate arrays (FPGA).To read this article in full, please click here

Microsoft to acquire Fungible for augmenting Azure networking, storage

Microsoft on Monday said it is acquiring composable infrastructure services provider Fungible for an undisclosed amount in an effort to augment its Azure networking and storage services.Microsoft’s Fungible acquisition is aimed at accelerating networking and storage performance in datacenters with high-efficiency, low-power data processing units (DPUs), Girish Bablani, corporate vice president, Azure Core, wrote in a blog post.  Data processing units or DPUs are an evolved format of smartNIC that are used to offload server CPU duties onto a separate device to free up server cycles, akin to hardware accelerators such as graphics processing units (GPUs) and field-programmable gate arrays (FPGA).To read this article in full, please click here

7 ways to secure backup data

You need to see your backups the way bad actors do: an invaluable resource that can be turned against your organization if you don’t protect them correctly.Ransomware attacks focus on backup servers to either encrypt their data so they can’t restore other systems or to capture company IP and use it for extortion. Neither is a good outcome, so do everything you can to protect your backup data. Here’s how.Encrypt backups Encrypted backup data cannot be used to extort your company. Attackers might be able to exfiltrate it, but it will be useless without the keys. Encryption technology has evolved to a point that this can be handled with relative ease, allowing you to encrypt all backups wherever they are stored.To read this article in full, please click here

From instability to predictability: Transforming network communication to and from China

Getty Images China accounts for nearly 20% of global manufacturing trade and holds a large share of many global value chain inputs. With Connectivity being a challenge, until recently businesses have had to choose between two evils: Either a stable yet cumbersome process with large local telcos, or an unstable, unpredictable network that does not enable smooth communication with apps, cloud workloads, and teams. If your business suffers from communication issues in China, you’re not alone. About 90% of global businesses face these challenges, which result in costly workloads and provisioning. We’ve identified several main challenges:To read this article in full, please click here

Is It Time to Replace TCP in Data Centers?

One of my readers asked for my opinion about the provocative “It’s Time to Replace TCP in the Datacenter” article by prof. John Ousterhout. I started reading it, found too many things that didn’t make sense, and decided to ignore it as another attempt of a proverbial physicist solving hard problems in someone else’s field.

However, pointers to that article kept popping up, and I eventually realized it was a position paper in a long-term process that included conference talks, interviews and keynote speeches, so I decided to take another look at the technical details.

Read more …

Is It Time to Replace TCP in Data Centers?

One of my readers asked for my opinion about the provocative “It’s Time to Replace TCP in the Datacenter” article by prof. John Ousterhout. I started reading it, found too many things that didn’t make sense, and decided to ignore it as another attempt of a proverbial physicist solving hard problems in someone else’s field.

However, pointers to that article kept popping up, and I eventually realized it was a position paper in a long-term process that included conference talks, interviews and keynote speeches, so I decided to take another look at the technical details.

Read more …

BGP in 2022 – BNGP Updates

The first part of this report looked at the size of the routing table and looked at some projections of its growth for both IPv4 and IPv6. However, the scalability of BGP as the Internet’s routing protocol is not just dependant on the number of prefixes carried in the routing table. Dynamic routing updates are also part of this story. If the update rate of BGP is growing faster than we can deploy processing capability to match then the routing system will lose coherence, and at that point the network will head into periods of instability. This second part of the report will look at the profile of BGP updates across 2022 to assess whether the stability of the routing system, as measured by the level of BGP update activity, is changing.

How to Overcome Challenges in an API-Centric Architecture

This is the second in a two-part series. For an overview of a typical architecture, how it can be deployed and the right tools to use, please refer to Part 1.  Most APIs impose usage limits on number of requests per month and rate limits, such as a maximum of 50 requests per minute. A third-party API can be used by many parts of the system. Handling subscription limits requires the system to track all API calls and raise alerts if the limit will be reached soon. Often, increasing the limit requires human involvement, and alerts need to be raised well in advance. The system deployed must be able to track API usage data persistently to preserve data across service restarts or failures. Also, if the same API is used by multiple applications, collecting those counts and making decisions needs careful design. Rate limits are more complicated. If handed down to the developer, they will invariably add sleep statements, which will solve the problem in the short term; however, in the long run, this leads to complicated issues when the timing changes. A better approach is to use a concurrent data structure that limits rates. Even then, if the Continue reading

1 373 374 375 376 377 3,841