Security Week 2022

Molly Cinnamon & Derek Chamorro

Jacqueline Keith, Rebecca Rogers, Matt Gallagher, Madeline Gregory & Ling Wu

Michael Tremante & David Belson

Welcome to our first innovation week of the year: Security Week! In this post we will be going over Cloudflare’s security products’ history giving you an introduction to all the great announcements we have planned.

Cloudflare announced that it plans to make enterprise-grade email security tools available to Cloudflare customers, once Cloudflare’s acquisition of Area 1 Security closes. Email continues to be one of the biggest security threats that organizations of all sizes face, yet legacy email security solutions are often expensive, overly complex, and hard for businesses to implement.

Once the acquisition of Area 1 closes, we plan to give all paid self-serve plans access to their email security technology at no additional charge

The data we glean from attacks trains our machine learning models and improves the efficacy of our network and application security products, but historically hasn’t been available to query directly. This week, we’re changing that

We are excited to introduce backup certificates to increase reliability of our service for anyone using the Cloudflare platform in the event of key compromises or related issues

We’re excited to announce that Cloudflare customers are now able to push their logs directly to QRadar. This direct integration leads to cost savings and faster log delivery for Cloudflare and QRadar SIEM customers.

Correlating Cloudflare logs across your stack in New Relic One is powerful for monitoring and debugging in order to keep services safe and reliable. We’re excited to have partnered with New Relic to create a direct integration that provides this visibility.

Join Cloudflare's Product Management team to learn more about the products announced today during Security Week.

Tune in for Security Week announcements with Dina Kozlov & Patrick Donahue

We are excited to provide our new Cloudflare Web Application Firewall, with a Free Managed Ruleset to all Cloudflare users

The security landscape is moving fast. We invited users to help us shape a new WAF experience that enables us to evolve WAF to meet their demands and use cases

Today, we’re excited to give our SaaS providers new tools that will help them enhance the security of their customers’ applications

Today we are excited to complement managed rulesets (such as OWASP and Cloudflare Managed) with a new tool aimed at identifying bypasses and malicious payloads without human involvement, and before they are exploited

If you have Cloudflare Zaraz enabled on your website, you don’t have to ask yourself twice if you should enable CSP because there’s no harmful collision between CSP & Cloudflare Zaraz.

Michael Tremante & Zhiyuan Zheng

Michael Tremante, Nicholas Robert, & Vikram Grover

Dina Kozlov & Daniele Molteni

Cloudflare announced the Cloudflare API Gateway, providing businesses a simple, fast, and effective way to protect and control all of their APIs (application programming interfaces). Organizations are using APIs more than ever before, yet many of them struggle to secure this traffic as legacy solutions are often expensive, overly complex, and slow.

Today we’re announcing the Cloudflare API Gateway. We’re going to completely replace your existing gateway at a fraction of the cost

Advance Rate Limiting allows counting requests based on virtually any characteristics of the HTTP request, regardless of its source IP

Our customers can choose to allowlist any bot that is verified. Unfortunately, new bots are popping up faster than we can verify them. So today we’re announcing a solution: Friendly Bots

How Envoy Media uses Bot Score and Machine Learning to improve business outcomes

Michael Tremante & Ben Solomon

Daniele Molteni & Richard Boulton

Ben Solomon & Daniel Gould

Cloudflare and CrowdStrike Expand Partnership to Bring Integrated Zero Trust Security to Devices, Applications and Networks

We're very excited to announce multiple new integrations with CrowdStrike. These integrations combine the power of Cloudflare’s expansive network and Zero Trust suite, with CrowdStrike’s Endpoint Detection and Response (EDR) and incident remediation offerings

Today, we’re excited to announce that Clientless Web Isolation is generally available

How Cloudflare has evolved our Machine Learning models to identify automated traffic in mobile apps.

Today, we’re extending the availability of Magic Transit to customers with smaller networks by offering Magic Transit-protected, Cloudflare-managed IP space

Today, we’re excited to announce the general availability of on-demand packet captures from Cloudflare’s global network

Today we are excited to announce that Cloudflare and Aruba are working together to develop a solution that will enable Aruba customers to connect EdgeConnect SD-WAN’s with Cloudflare's global network to further secure their corporate traffic with Cloudflare One

Michael Tremante, Simon Wijckmans, Maitane Zotes Resines, & Oliver Cookman

Thurs, 3/17 12:30 PM PDT

Annika Garbers Ameet Naik

Thurs, 3/17 2:00 PM PDT

Annika Garbers Nadin El-Yabroudi

Right now we’re working on making the out-of-band CASB product a seamless part of the Zero Trust platform

Today, we’re excited to announce the ability to route traffic from user devices with our lightweight roaming agent (WARP) installed to any network connected with our Magic IP-layer tunnels

As a company, we are constantly asking ourselves what we can do to provide more value to our customers, including integrated solutions with our partners.

We built SSH command logging into Cloudflare Zero Trust to provide SSH visibility at a network layer instead of relying on software on individual machines

Starting today, you can build Zero Trust rules that require periodic authentication to control network access

Michael Tremante, Andre Bluehs, & Gabriel Gabor

Corey Mahan

Kenny Johnson

Annika Garbers & Kenny Johnson

Being a single pane of glass for all network activity has always been one of Cloudflare’s goals. Today, we’re outlining the future vision for Cloudflare observability.

Cloudflare is committed to bolstering our security posture with best-in-class solutions — which is why we often turn to our own products as any other Cloudflare customer would.

Cloudflare has been hooked on securing customers globally since its inception. Our services protect customer traffic and data as well as our own, and we are continuously improving and expanding those services to respond to the changing threat landscape of the Internet

Cloudflare is making it easier for enterprise account owners to manage their team’s access to Cloudflare by allowing user access to be scoped to sets of domains

We asked ourselves: can we use our own products to secure IoT devices themselves — even on the same network as production systems? Using Cloudflare One, the answer is yes.

In this post, we share some of the insights we’ve gathered from the 32 million HTTP requests/second that pass through our network

Tanushree Sharma, Natasha Wissmann, Michael Tremante, & Ashcon Partovi

David Tuber & Alex Kuck

Jacqueline Keith & Molly Cinnamon, Evan Johnson