Cloudflare Blog: Security

April 01, 2022 2:31PM

The end of the road for Cloudflare CAPTCHAs

Managed Challenge CAPTCHA WAF Security Bots Product News

We decided we’re going to stop using CAPTCHAs. Before we talk about how we did it, and how you can help, let's first start with a simple question. Why in the world is CAPTCHA still used anyway?...

March 31, 2022 4:13PM

WAF mitigations for Spring4Shell

WAF Security CVE Vulnerabilities

Cloudflare Managed Ruleset updates for the recent vulnerabilities affecting the Java Spring framework and related software components...

March 31, 2022 1:59PM

Future-proofing SaltStack

Research Post-Quantum Cryptography Security

This blogpost chronicles the recent CVEs investigation, our findings, and how we are helping secure Salt now and in the Quantum future...

Lenka Mareková

March 29, 2022 5:54PM

Optimizing Magic Firewall’s IP lists

Magic Firewall Magic Transit Security

More and more users are using Magic Firewall’s IP lists to filter network traffic en route to their infrastructure. In response to that growth, we improved how our systems handle large sets of IPs...

Jordan Griege

March 24, 2022 1:32PM

Cloudflare Radar’s new ASN pages

Security Week Cloudflare Radar Networking Security

Autonomous Systems (ASes) are a group of routable IP prefixes belonging to a single entity or organization, and is one of the fundamental building blocks of the Internet...

March 22, 2022 4:57PM

Cloudflare’s investigation of the January 2022 Okta compromise

Today at 03:30 UTC we learnt of a compromise of Okta. We use Okta internally for employee identity as part of our authentication stack. We have investigated this compromise carefully and do not believe we have been compromised as a result...

By

Okta , Security , Post Mortem

March 21, 2022 4:14PM

Network performance update: Security Week

Today, we’re proud to report we are the fastest provider in 71% of the top 1,000 most reported networks around the world...

By

David Tuber

Security Week , Network Performance Update , Security , Speed & Reliability

March 21, 2022 12:59PM

Application security: Cloudflare’s view

In this post, we share some of the insights we’ve gathered from the 32 million HTTP requests/second that pass through our network...

By

Security Week , Cloudflare Radar , Security

March 18, 2022 9:04PM

Securing Cloudflare Using Cloudflare

Cloudflare is committed to bolstering our security posture with best-in-class solutions — which is why we often turn to our own products as any other Cloudflare customer would....

By

Molly Cinnamon
, Evan Johnson

Security Week , Dogfooding , Security , LavaRand

March 18, 2022 9:04PM

Domain Scoped Roles - Early Access

Cloudflare is making it easier for enterprise account owners to manage their team’s access to Cloudflare by allowing user access to be scoped to sets of domains...

By

Garrett Galow

Security Week , Security , Product News , Early Access , Domain Scoped Roles

March 18, 2022 9:03PM

Using Cloudflare One to Secure IoT devices

We asked ourselves: can we use our own products to secure IoT devices themselves — even on the same network as production systems? Using Cloudflare One, the answer is yes....

By

Molly Cinnamon
, Derek Chamorro

Cloudflare One , Cloudflare Zero Trust , Zero Trust , Product News , IoT

March 18, 2022 9:03PM

Cloudflare Observability

Being a single pane of glass for all network activity has always been one of Cloudflare’s goals. Today, we’re outlining the future vision for Cloudflare observability....

By

Security Week , Security , Product News , Alerts , Analytics

March 18, 2022 6:58PM

Commitment to Customer Security

Cloudflare has been hooked on securing customers globally since its inception. Our services protect customer traffic and data as well as our own, and we are continuously improving and expanding those services to respond to the changing threat landscape of the Internet...

By

Ling Wu
, Matt Gallagher

Security Week , Security , Compliance

March 18, 2022 1:00PM

Zero Trust client sessions

Starting today, you can build Zero Trust rules that require periodic authentication to control network access...

By

Kenny Johnson

Security Week , Zero Trust , Cloudflare Zero Trust , TCP , Security