Cloudflare Blog: Security

October 03, 2022 2:01PM

Defending against future threats: Cloudflare goes post-quantum

Birthday Week Post-Quantum Research Cryptography Security

The future of a private and secure Internet is at stake; that is why today we have enabled post-quantum cryptography support for all our customers...

October 03, 2022 2:00PM

Automatic (secure) transmission: taking the pain out of origin connection security

Birthday Week Product News Research CDN Universal SSL Security

Today we’re excited to announce that we will soon be offering a zero-configuration option for security on Cloudflare. If we find that we can automatically upgrade the security connection between Cloudflare and a user’s origin, we will...

September 29, 2022 2:01PM

The (hardware) key to making phishing defense seamless with Cloudflare Zero Trust and Yubico

Birthday Week Zero Trust Cloudflare One Security Product News Cloudflare Zero Trust

Announcing a new collaboration with Yubico, to remove any barriers for organizations of any size to deploying hardware security keys....

David Harnett

September 29, 2022 2:00PM

Now all customers can share access to their Cloudflare account with Role Based Access Controls

Birthday Week RBAC Dashboard Product News Security

Role Based Access Controls are now available for every plan!...

Joseph So

September 29, 2022 2:00PM

How Cloudflare implemented hardware keys with FIDO2 and Zero Trust to prevent phishing

Birthday Week Security Zero Trust FIDO Cloudflare Zero Trust

Adopting a phishing resistant second factor, like a YubiKey with FIDO2, is the number one way to prevent phishing attacks. Cloudflare has used phishing resistant second factors only since February 2021, and these were the steps we took to accomplish that....

September 29, 2022 2:00PM

Back in 2017 we gave you Unmetered DDoS Mitigation, here's a birthday gift: Unmetered Rate Limiting

Starting today, Free, Pro and Business plans include Rate Limiting rules without additional charges....

By

Daniele Molteni

Birthday Week , Rate Limiting , DDoS , Pro , Business

September 28, 2022 2:01PM

Announcing Turnstile, a user-friendly, privacy-preserving alternative to CAPTCHA

Any website can use a simple API to replace CAPTCHAs with our invisible alternative, whether they’re on the Cloudflare network or not....

By

Birthday Week , Product News , Turnstile , CAPTCHA , Security

September 28, 2022 2:00PM

Private by design: building privacy-preserving products with Cloudflare's Privacy Edge

Introducing Privacy Edge – a collection of products that make it easier for site owners and developers to protect their users’ privacy by default....

By

Mari Galicer
, Matt Silverlock

Birthday Week , Privacy , Security

September 27, 2022 3:15PM

Cloudflare named a Leader in WAF by Forrester

Forester has recognised Cloudflare as a Leader in The Forrester Wave™: Web Application Firewalls, Q3 2022 report. The report evaluated 12 Web Application Firewall (WAF) providers on 24 criteria across current offering, strategy and market presence....

By

Michael Tremante

WAF , Security , API Security , DDoS , Bot Management

September 27, 2022 2:00PM

Where to? Introducing Origin Rules

Origin Rules is a dedicated product for ‘where does this traffic go where it leaves Cloudflare.’ Customers are able to match on an HTTP request using filters and override the host, port, SNI, and the origin a request resolves to....

By

Matt Bullock
, Sam Marsh

Birthday Week , Origin Rules , Product News , Security

September 26, 2022 2:15PM

Securing the Internet of Things

We’ve been defending customers from Internet of Things botnets for years now, and it’s time to turn the tides: we’re bringing the same security behind our Zero Trust platform to IoT...

By

Matt Silverlock

Birthday Week , Zero Trust , SIM , Connectivity , IoT

September 23, 2022 11:47AM

How to enable Private Access Tokens in iOS 16 and stop seeing CAPTCHAs

Nobody likes CAPTCHAs. Now, with iOS 16 on iPhones, a small enabled toggle can make them disappear while improving privacy on your device. Here’s how to check if it’s “on” and try it out...

By

João Tomé

How to , CAPTCHA , Security , Partners

September 22, 2022 2:00PM

API Endpoint Management and Metrics are now GA

API Shield customers can save, update, and monitor the performance of API endpoints...

By

Jin-Hee Lee

GA Week , General Availability , API , API Gateway , API Security

September 20, 2022 2:30PM

Cloudflare Area 1 - how the best email security keeps getting better

Cloudflare started using Area 1 in 2020 and proceeded with acquiring the company in 2022. We were most impressed how phishing, responsible for 90+% of cyberattacks, basically became a non-issue overnight when we deployed Area 1. But our vision is much bigger than preventing phishing attacks...

By

João Sousa Botto

GA Week , General Availability , Email , Security , Email Security