New! Rate Limiting analytics and throttling
September 19, 2023 1:00 PM
Cloudflare Analytics can now suggest rate limiting threshold based on historic traffic patterns. Rate Limiting also supports a throttle behavior...
Unmasking the top exploited vulnerabilities of 2022
August 04, 2023 6:29 PM
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. ...
Announcing WAF Attack Score Lite and Security Analytics for business customers
March 15, 2023 1:00 PM
We are making the machine learning empowered WAF and Security analytics view available to our Business plan customers, to help detect and stop attacks before they are known...
The state of application security in 2023
March 14, 2023 1:00 PM
One year ago we published our first Application Security Report. For Security Week 2023, we are providing updated insights and trends around mitigated traffic, bot and API traffic, and account takeover attacks....
MORE POSTS
December 09, 2022 2:00 PM
Stop attacks before they are known: making the Cloudflare WAF smarter
Today we are making the WAF smarter by increasing availability of our new machine learning powered enhancement, the WAF Attack Score!...
- By
September 27, 2022 2:15 PM
Cloudflare named a Leader in WAF by Forrester
Forester has recognised Cloudflare as a Leader in The Forrester Wave™: Web Application Firewalls, Q3 2022 report. The report evaluated 12 Web Application Firewall (WAF) providers on 24 criteria across current offering, strategy and market presence....
- By
September 19, 2022 1:30 PM
Account WAF now available to Enterprise customers
Do you manage more than a single domain? If the answer is yes, now you can manage a single WAF configuration for all your enterprise domains...
- By
September 06, 2022 4:15 PM
Cloudflare named a Leader by Gartner
Gartner has recognised Cloudflare as a Leader in the 2022 "Gartner® Magic Quadrant™ for Web Application and API Protection (WAAP)" report that evaluated 11 vendors for their ‘ability to execute’ and ‘completeness of vision’...
- By
September 05, 2022 1:00 PM
Improving the accuracy of our machine learning WAF using data augmentation and sampling
Data Generation and Augmentation methods to train an effective machine learning WAF...
- By
August 30, 2022 2:00 PM
Introducing thresholds in Security Event Alerting: a z-score love story
Today we are excited to announce thresholds for our Security Event Alerts: a new and improved way of detecting anomalous spikes of security events on your Internet properties. By introducing a threshold, we are able to make alerts more accurate and only notify you when it truly m...
- By
July 07, 2022 12:57 PM
New WAF intelligence feeds
Cloudflare is expanding our WAF’s threat intelligence capabilities by adding four new managed IP lists that can be used as part of any custom firewall rule...
- By
June 05, 2022 8:54 PM
Cloudflare observations of Confluence zero day (CVE-2022-26134)
UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products....
- By
April 01, 2022 1:31 PM
The end of the road for Cloudflare CAPTCHAs
We decided we’re going to stop using CAPTCHAs. Before we talk about how we did it, and how you can help, let's first start with a simple question. Why in the world is CAPTCHA still used anyway?...
- By
March 31, 2022 3:13 PM
WAF mitigations for Spring4Shell
Cloudflare Managed Ruleset updates for the recent vulnerabilities affecting the Java Spring framework and related software components...
- By
March 15, 2022 12:59 PM
WAF for everyone: protecting the web from high severity vulnerabilities
We are excited to provide our new Cloudflare Web Application Firewall, with a Free Managed Ruleset to all Cloudflare users...
- By
March 15, 2022 12:59 PM
Improving the WAF with Machine Learning
Today we are excited to complement managed rulesets (such as OWASP and Cloudflare Managed) with a new tool aimed at identifying bypasses and malicious payloads without human involvement, and before they are exploited...
- By
March 15, 2022 12:59 PM
A new WAF experience
The security landscape is moving fast. We invited users to help us shape a new WAF experience that enables us to evolve WAF to meet their demands and use cases...
- By
December 14, 2021 5:48 PM
Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration
This article covers WAF evasion patterns and exfiltration attempts, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
- By