The document discusses cyber security fundamentals and challenges, describing how Cloudflare provides security solutions like DDoS mitigation, bot management, and web application firewalls to protect websites and applications from threats. It explains common security threats like DDoS attacks, bots, and vulnerabilities and how Cloudflare uses a global network and machine learning to detect and block attacks while ensuring high performance and availability.
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "What is Cyber Security" gives an introduction to the Cyber Security world and talks about its basic concepts. You get to know different kinds of attack in today's IT world and how cybersecurity is the solution to these attacks. Below are the topics covered in this tutorial:
1. Why we need Cyber Security?
2. What is Cyber Security?
3. The CIA Triad
4. Vulnerability, Threat and Risk
5. Cognitive Cyber Security
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "What is Cyber Security" gives an introduction to the Cyber Security world and talks about its basic concepts. You get to know different kinds of attack in today's IT world and how cybersecurity is the solution to these attacks. Below are the topics covered in this tutorial:
1. Why we need Cyber Security?
2. What is Cyber Security?
3. The CIA Triad
4. Vulnerability, Threat and Risk
5. Cognitive Cyber Security
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
This presentation gives a detailed overview about Cloud Computing, its features and challenges faced by it in the market. It gives an insight into cloud security and privacy issues and its measures.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
At Cloudflare, we want to share our unique position — with more than 14 million domains interacting with 175 data centres worldwide, we can draw unparalleled insights into attack trends and what these attacks look like.
Join this webinar and learn:
- Three factors that we see are leading customers to a growing exposure to security threats
- The business impact and potential costs of security threats
- Threat mitigation strategies against volumetric layer 3/4 attacks, intelligent Layer 7 attacks, and bots
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
This presentation gives a detailed overview about Cloud Computing, its features and challenges faced by it in the market. It gives an insight into cloud security and privacy issues and its measures.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
At Cloudflare, we want to share our unique position — with more than 14 million domains interacting with 175 data centres worldwide, we can draw unparalleled insights into attack trends and what these attacks look like.
Join this webinar and learn:
- Three factors that we see are leading customers to a growing exposure to security threats
- The business impact and potential costs of security threats
- Threat mitigation strategies against volumetric layer 3/4 attacks, intelligent Layer 7 attacks, and bots
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
Close your security gaps and get 100% of your traffic protected with CloudflareCloudflare
The Gaming & Gambling industry has been the target of increasingly sophisticated cyber attacks in recent years, ranging from automated bots carrying out credential stuffing and intellectual property scraping to Layer 3 DDoS attacks, which can result in reduced network speed and performance, and in some cases loss of business when such incidents occur.
View this presentation from Cloudflare security experts Stephane Nouvellon, Principal Solutions Engineer and Philip Björkman, Strategic Vertical Account Executive (EMEA Gaming & Gambling) to learn about:
-How you can protect your business and improve the performance and reliability of your infrastructure, globally
-Solutions to secure your organization's online traffic (all OSI layers) against bots and cyber attacks whilst improving the performance of your applications.
How to Build a Practical and Cost-Effective Security StrategyCloudflare
How strong is your cybersecurity posture? What can you do to be prepared?
Join this webinar to learn:
- The business impact and potential costs of security threats
- Threat mitigation strategies against volumetric layer 3/4 attacks, intelligent layer 7 attacks, and bots
- How to secure internal applications without the drawbacks of a VPN
- Protecting non-HTTP traffic from DDoS attacks
- Web Application Firewall & Cloudflare managed rulesets
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...Rachel Wandishin
The threat landscape of DDoS attacks, data breaches, and performance disruption continues to become more complex and overwhelming. You don’t have to worry alone.
At Acquia, our suite of Acquia Cloud Edge solutions allows your team to deliver faster, reliable digital experiences and sites that are protected from threats and disruption. On average, Acquia Cloud Edge blocks more than 13 million threats per week.
Join Brad LaPorte, Acquia Security Product Manager, to learn how your organization can build security best practices from the start:
In this webinar, Brad LaPorte will outline:
- An overview of the current state of the threat landscape.
- Detailed examples on how Acquia can help your organization become more secure.
- Best practices on protecting your environment from the start and beyond.
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCCloudflare
Join this webinar with guest speaker Romain Fouchereau, Manager of the Security Appliance Program, European Systems and Infrastructure Solutions at IDC and Cloudflare, recently named a Leader in the IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment (Doc #US43699318, March 2019).
In this webinar, you will learn:
- Why defending against only volumetric layer 3 and 4 attacks will leave you vulnerable to other emerging DDoS attack vectors
- What economic and technological shifts are making DDoS more harmful and more evasive
- Why bot management should be considered in every DDoS mitigation strategy
- Which types of companies in EMEA are highly targeted and why
A Different Approach to Securing Your Cloud JourneyCloudflare
Whether you are just exploring moving workloads to the cloud, or are fully cloud-enabled, one thing is certain: security has changed from a purely on-premise environment.
As cybersecurity risks continue to grow with more advanced attackers and more digital surface area, how you think about staying secure without compromising user experience must adapt.
During this talk, you will:
- Hear how global consistency, agile controls, and predictable costs are goals and principles that matter in this new environment
- Be able to evaluate your current plans against a "customer security model"
Ensuring Property Portal Listing Data SecurityDistil Networks
Securing your property portal listing data is harder than ever. Why? Web scraping is cheap and easy. Bots simply steal whatever content they’ve been programmed to fetch – listing text, photos, and other data that should only be available to paid subscribers and legitimate consumers.
Review this presentation to learn how to avoid expensive litigation by protecting your content before the theft occurs. Review the latest research on how non-human traffic has evolved over the past few years and best practices to protect both copyrighted and non-copyrightable content.
Hear the results from research conducted with property portal executives on the current state of anti-scraping efforts.
The advancement in deep and machine learning, natural language understanding, and big data processing are paving the way for the rise in AI-powered bots, that are faster, getting better at understanding human interaction and can even mimic human behavior.
Cyber criminals are harnessing the latest tools available, and constantly changing their techniques to make their attacks more effective, faster and adaptable to safeguards.
Join this webinar to learn about:
- What type of workloads prone to bot attacks
- Which industries heavily affected by Bot attacks
- Learn about Cloudflare's Machine Learning and Behavioral Analysis driven approach to solving Bot menace.
Over the past several months South Africa has been significantly affected by Distributed Denial of Service (DDoS) attacks where groups have targeted the power utility, banks, news sites and Internet Service Providers (ISP) in the region.
Join us in this webinar to learn from Cloudflare’s DDoS Protection Product Manager about the recent attacks and how Cloudflare is uniquely positioned to help protect you from DDoS attacks and cyber threats.
-What is a DDoS attack?
-How Cloudflare protected South African customers against DDoS attacks
-How Cloudflare detects & mitigates DDoS attacks
-How can you protect against DDoS attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksCloudflare
DDoS attacks are evolving. Detecting and mitigating attacks quickly and accurately is a key strategy to ensure business continuity.
Join this webinar to learn about:
- What is a DDoS attack and what it can cost you
- Global DDoS attack trends and what it means to you
- How Cloudflare Magic Transit and Kentik together monitor and mitigate DDoS attacks of all sizes and kinds
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
APIsecure 2023 - The world's first and only API security conference
March 14 & 15, 2023
Approaching Multicloud API Security USing Metacloud
David Linthicum, Chief Cloud Strategy Officer at Deloitte Consulting
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
This presentation was delivered at the 2nd International Conference on Recent Trends in Information Technology and Computer Science in Mumbai. The paper deals with security issues in Cloud Computing, its mitigation and proposes a secure cloud mechanism with an implementation of the single-sign on mechanism on the Ubuntu Enterprise Cloud
No matter how good your multiple cybersecurity tools are, an attacker will eventually find a way into your network through vulnerabilities.
Once cybercriminals acquire unauthorised access, you can only depend on the speed and performance of your IT team, to identify the threats, to manage multiple platforms to mitigate the attack. However, the time to respond and mitigate could last for hours or even days.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Succeeding with Secure Access Service Edge (SASE)Cloudflare
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
Why you should replace your d do s hardware applianceCloudflare
Watch this webinar to learn how to:
Protect and accelerate your networks
Reduce the total cost of ownership (TCO) in your data centers, and
Increase your operational agility with easy deployment and management of network services
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarCloudflare
Bot attacks to look out for this holiday season including:
Account takeover/Credential stuffing, inventory hoarding, price scraping, fake account creation, credit card stuffing.
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
The COVID-19 pandemic brought changes no IT team was ready for: employees were sent home, customer interaction models changed, and cloud transformation efforts abruptly accelerated. Cloudflare recently commissioned Forrester Consulting to explore the impact of 2020 disruptions on security strategy and operations among companies of all sizes. To do so, they surveyed 317 global security decision makers from around the world.
Join our guest Forrester VP, Principal Analyst, Chase Cunningham, and Cloudflare Go-To-Market Leader, Brian Parks, for an in-depth discussion of the survey results, followed by practical guidance for next year’s planning.
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...Cloudflare
Join this webinar to learn how Paul Hartmann, a leading manufacturer of medical and healthcare products, leverages Cloudflare to strengthen its security posture and deliver a superior online experience to its customers
Zero trust for everybody: 3 ways to get there fastCloudflare
The COVID-19 pandemic has exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards, and more than ever, organizations need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches. It’s aspirational, but not unachievable.
At Cloudflare, we’re making complicated security challenges easier to solve. Since 2018, Cloudflare Access has helped thousands of organizations big and small take their first steps toward Zero Trust.
In this presentation, Cloudflare will share their perspective on what the most successful organizations do first on their journey to Zero Trust.
We’ll cover:
-The Zero Trust framework, and our recommended ZT security model
-How 3 organizations of differing size and security maturity have implemented Zero Trust access
-Cloudflare’s Zero Trust implementation and lessons learned
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...Cloudflare
Maintaining the right balance between security and customer experience is always challenging for online businesses. This challenge becomes even more relevant during this crisis as businesses face unprecedented levels of traffic and attacks.
Tune in to learn how LendingTree leverages Cloudflare to strengthen their security posture while ensuring a superior online experience for their customers. Listen to security experts from LendingTree and Cloudflare as they discuss:
Emerging attack vectors and tactics impacting online platforms
Best practices for online businesses to overcome these threats
How LendingTree leverages Cloudflare to maintain the right balance between security and business objectives
Network Transformation: What it is, and how it’s helping companies stay secur...Cloudflare
Rahul Deshmukh, Product Marketing at Cloudflare, & Varun Mehta, Solutions Engineer at Cloudflare, discuss how several companies have approached network transformation to improve the security, performance, and reliability of their infrastructure
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
During the webinar, Vivek Ganti, Product Marketing Manager for Cloudflare, & Jim Hodges, Chief Analyst of Cloud and Security at Heavy Reading, discussed how service providers are regular targets of DDoS attacks, and how these attacks directly impact their uptime, availability, and revenue.
Application layer attack trends through the lens of Cloudflare dataCloudflare
The past few months have seen significant changes in how attackers target the application layer—through injection attacks, malicious bots, DDoS, API vulnerability exploits, and more. We can observe these changes by analyzing traffic from Cloudflare’s global network, which blocks an average of 45 billion threats per day for over 27 million Internet properties.
Watch this webinar to explore data on:
Which attack vectors have become more and less common
How those changes vary by region and industry
The business and societal trends behind these attacks
Strategies for addressing these latest attack tactics
Recent DDoS attack trends, and how you should respondCloudflare
The past few months have seen significant changes in global DDoS tactics. We can observe these changes in detail by analyzing traffic patterns from Cloudflare’s global network, which protects more than 27 million Internet properties and blocks 45 billion cyber threats every day. What approaches are DDoS attackers using right now, and what are forward-thinking organizations doing in response?
Cloudflare DDoS product experts Omer Yoachimik, and Vivek Ganti will explore new data on DDoS trends and discuss ways to counter these tactics.
Cybersecurity 2020 threat landscape and its implications (AMER)Cloudflare
Cybersecurity decisions have direct implications to individuals, enterprises and organizations but also have broader societal implications than ever before. In 2020 and beyond, technology promises to change our own experience and enhance our way of life, and those of our customers, significantly. This reliance and targeting have been magnified during COVID19, where the cybercriminals have sunk to new lows at the same time as that reliance on tech has increased.
This session will explore how these technologies are going to change the experiences of our lives for the better and for the worse. It will explore the most recent cybersecurity breaches, predict the key security issues for 2020 and discuss current security priorities.
Strengthening security posture for modern-age SaaS providersCloudflare
Businesses become more resilient in times of crises. This is especially true for SaaS businesses that are facing unprecedented challenges in this environment. While some are catering to a surge in traffic, others are figuring out innovative solutions to retain their customers. In addition, increasing malicious attacks are straining the resources of these SaaS businesses.
Now more than ever, it is important for SaaS providers to deliver an uninterrupted experience. One that is fast, secure, and reliable to their customers in a cost effective manner.
Join this webcast to learn more about how ActiveCampaign leverages Cloudflare to deliver meaningful services to their end users.
In this webinar, learn from Cloudflare’s DDoS Protection Product Manager, Omer Yoachimik, about the recent attacks (both large and small) and how Cloudflare is uniquely positioned to help protect Internet properties on its network from DDoS attacks and cyber threats.
In this webinar, you will learn:
- DDoS attack trends to watch out for in 2020
- How Cloudflare detects & mitigates DDoS attacks
- How can you protect your website and networks against DDoS attacks
It’s 9AM... Do you know what’s happening on your network?Cloudflare
If you manage a corporate network, you’re responsible for protecting users from risky and malicious content online. Doing that well requires insight into the requests on your network, and the power to block risky content before it impacts your users. Legacy solutions have addressed this challenge by forcing the Internet through hardware onsite.
Cloudflare has a better way. The all-new Cloudflare Gateway (part of the Cloudflare for Teams family), provides secure, intelligent DNS powered by the world’s fastest public DNS resolver. With Gateway, you can visualize your Internet traffic in one place. And with 100+ security and content filters at your fingertips, you can apply comprehensive Internet intelligence to protect global office networks in a matter of minutes.
Join Irtefa, Product Manager for Cloudflare Gateway and AJ Gerstenhaber, Go to Market for Cloudflare for Teams, to discover a new way to protect your offices and teams from malware - no legacy firewalls required.
Bring speed and security to the intranet with cloudflare for teamsCloudflare
Cloudflare was started to solve one half of every IT organization's challenge: how do you ensure the resources and infrastructure that you expose to the Internet are safe from attack, fast, and reliable? To deliver that, we built one of the world's largest networks. Today our network spans more than 200 cities worldwide and is within milliseconds of nearly everyone connected to the Intranet.
Cloudflare for Teams is a new platform designed to solve the other half of every IT organization's challenge: ensuring the people and teams within an organization can safely access the tools they need to do their job. Now you can extend Cloudflare’s speed, reliability and protection to everything your team does on the Intranet.
In this webinar, you’ll learn:
- Common challenges of scaling security for your growing business
- How to extend Zero Trust security principles to your internally managed applications
- How to make Intranet access faster and safer for your employees
In a highly competitive digital culture, businesses are intensifying their digital transformation efforts to expand their hybrid and multi-cloud cloud initiatives. As dependencies on legacy point solutions and architectures begin to diminish, developers are becoming increasingly influential in newly digitally transformed organizations.
The need for increased agility, and speed is paramount. While CDNs have been a key fixture for many enterprise businesses to remediate global network latencies, new challenges have arisen with these solutions that are inhibiting agile workstyles.
Join this webinar to learn the following:
- The foundations of improving web performance
- How the web performance market is evolving and the challenges faced by CDN providers
- How Cloudflare supports your digital transformation
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
3. What you will learn today
3
How does the threat
landscape look like?
Challenges to a successful
security strategy
How do you protect your web
content from these threats?
5. 5
Cloudflare Security Vision
Provide world-class visibility, controls, and guided
configurations so that customers of any size and
technical sophistication can keep their Internet
property safe and secure without sacrificing speed and
performance
5
6. A Global Anycast Network
193Cities and 90+ countries99%
Of the Internet-connected population
in the developed world population is
located within 100 milliseconds of our
network
44BCyber threats blocked
each day in Q2’19
websites, apps & APIs
20M+
8. Factors increasing exposure to security risks
Greater scrutiny by
government and media
around data, privacy
and security
Greater attack surface area
from more public APIs, moving
to the cloud, and increasing
third-party integrations
Stronger and more
sophisticated attackers
9. Customers’ Security Threats
SYSTEM
DDoS Attack
Attack traffic impacts
availability or performance
Bots
Prevent malicious bots from
abusing site or application
Webpage
Vulnerable Applications
and APIs
Multi-vector attacks that
exploit vulnerabilities
10. Volumetric DNS Flood
Bots
DNS Server
DNS Server Server
Amplification (Layer 3 & 4)
HTTP Flood (Layer 7)
1
2
Bots
3
Bots
Degrades availability and performance of applications, websites, and APIs
HTTP
Application
Application/Login
Types of DDoS Attack Traffic
11. The size of DDoS attacks growing
exponentially
An increase in sophisticated distributed Layer
7 attacks - which are effective at bypassing
traditional DDoS protection methods.
12. Application and API Vulnerabilities
Fake Website
Visitors
1DNS Spoofing
Malicious Payload
eg: SQLi that ex-filtrates PII
and credentials
3
Attacker
Bots Brute Force
4
Data Snooping
2
13. IoT attacks - the new reality
A botnet army of IoT cameras and
a major attack took out DNS
service provider in 2016.
Over the last few weeks we've
seen DDoS attacks that have
switched to new, large methods of
bringing down web applications.
They appear to come from an IoT
botnet (like Mirai and relations)
which were responsible for the
large attacks against Brian Krebs.
50 Gbps Up to 1Tbps
14. Types of Bot Attacks
Credential Stuffing
Taking-over an
account to abuse the
site, to perform
fraudulent
transactions, steal
sensitive data, or
compromise personal
information.
Content Scraping
Stealing public information
on the website such as prices
or valuable SEO content
Resell itemBots
Bots
Inventory Hoarding
Bots automate the purchase of
inventory to resell or keep
them out of hands of
customers
Bots
Website with
stolen content
15. Lost customer trust
and degraded brand value
Lost revenue from
site downtime or higher costs
from bad traffic
Business Impacts Business Impact
● $100,000 is the
average hourly cost of
an infrastructure
failure
● $141 average cost for
each lost or stolen
record containing
sensitive and
confidential
information
● $3.62 million is the
average total cost of a
data breach
Cost categories:
Remediation costs (hardware, services, and software), lost revenue, lost future revenue
from customer churn, wasted marketing spend, negative brand impact, help desk costs,
increase IT staffing costs, loss of user productivity
IDC March 2015, and Ponemon Institute, June 2017
16. Cloudflare DDoS Solution
Scalable, easy-to-use, and high-performance solution to address availability challenges
Stay online
Global Anycast network
with 180++ data centers
absorbs highly
distributed attack traffic
so customers stay
online
Protect origin infrastructure
Detect and drop at the edge
volumetric attacks: layer 3 & 4,
DNS, and layer 7
Identify anomalous traffic
Fingerprint HTTP requests to
protect sites against known
and emerging botnets with
automatic mitigation rules
Protect applications
with control
Rate Limiting gives more
granular control to block
harder-to-detect
application-layer attacks
Origin Server
DDoS attack
Anticipate attacks
Shared intelligence across
6M websites proactively
blocks known bad signatures
Stop origin server attacks
Argo Tunnel establishes a
direct, encrypted tunnel for
traffic between the origin
server and Cloudflare's nearest
data-center, protecting origin
web servers from targeted
attacks
17. Industry Legacy Scrubbing vs. Cloudflare Always-
On
17
Industry Legacy Scrubbing
- Long propagation times (up to 300 sec)
- Asynchronous routing
- Adds significant latency
- Typically requires manual intervention
Always-On
- Zero propagation time
- Synchronous routing
- No added latency
- Immediate, automated mitigation,
with no “cut over” required
18. Cloudflare Solution to Secure Applications
ATTACKS
Attackers try to forge DNS
answers to intercept
customer credentials
Snoop unencrypted
sensitive data entered by
customers
Brute-force their way into
login pages
Inject malicious payloads
through forms and APIs
Resilient DNS and DNSSEC
prevents forged answers
Encryption through
SSL/TLS blocks snooping
Log-in protection
through rate limiting
Block top OWASP and
emerging application-level
attacks through the WAF
● Layered defense to
protect against
sophisticated attackers
● Single control-plane for
more robust and agile
security policies
● Learning from attack
profiles across 6M
websites to keep yours
safe
1.
2.
3.
4.
CLOUDFLARE
SOLUTIONS
20. Cloudflare Next Gen Bot Management
One-Click Deployment
● With a single click, deploy rules with Cloudflare recommended bot score thresholds
● No instrumentation with third-party JavaScript required
Control and Configurability
● Scope rules by path or URI pattern, request method, and bot score thresholds
● Select mitigation methods, such as log, CAPTCHA, or block
Rich Analytics and Logs
● Time-series graphs with drill-down tables
● Logs bot management rule, action, and rich request meta-data for every request
Detect and mitigate bad bots by leveraging intelligence from over 13 million Internet
properties. All with one click.
21. Cloudflare Bot Management Methods
Machine Learning
Cloudflare’s ML trains on a
curated subset of
425 billion requests per day
across 13M+ Internet properties
to create a reliable “bot score”
for every request.
Behavioral Analysis
Behavioral analysis detects
anomalies in site-specific
traffic, scoring every request
on how different it is from the
baseline.
Automatic Whitelist
Because not all bots are
bad, the solution
automatically maintains
and updates a white list of
"good" bots, such as those
belonging to search
engines.
Mobile SDK
The mobile SDK prevents
attacks against mobile
application APIs by
impersonation and
emulation bots.
21
Detection Protection
Hi Everyone
A very warm welcome to all of you who’s joining us across countries in Asia Pacific. We are all excited to be here with you as this will be giving you a beginner's take on Cybersecurity and how it impacts your business. We will now share the latest trends around this subject so that you know what to look out for and some practical tips on how to mitigate your risks, so we hope you stick around till the end.
We’re just about to kick off but before we start, I just want to through a few housekeeping items.
Because of the big number of people we have on the line today, If you do have any questions, we are going to hold that off until the end of the presentation. How ever, you can ask questions throughout this event through chat. The webinar is scheduled for 30 minutes only, but we will stick around after that to answer your questions.
Thank you again for joining our webcast.
My name is Krishna Zulkarnain and I am the Head of Marketing in APAC. Cloudflare is growing really fast in our region and I'm responsible for generating demand for our sales team across APAC via digital platforms and educational events such as this. On today’s webinar I’m Joined by Anand Guruprasad, our Solutions Engineer based in Singapore, Anand has been with Cloudflare for over a year and a half now. Anand, would you like to introduce yourself?
Thank you Anand for the introduction and we’re all looking forward to diving into your content. But before we start, I would like to go over some housekeeping items. Since there are so many of you on the call, we won’t be taking calls so if you have any questions, please ask them using the Q&A section in your console on the right hand side. We will go through these Questions at the end of the webcast. Also, a recording of this webinar will be available on the Cloudflare Channel and the slides will be shared with you. This session will take around 30 minutes of your time.
Here we go!
“On today’s webinar we will cover these 3 main things
How does the threat landscape look like?
Challenges to a successful security strategy
How can you protect your web content from these threats?
Of course we will end with the QA so please make sure you ask your questions on chat and we will answer them at the end.
The next 30 minutes is packed with useful tips and insights but before we get into that, let me take a few steps back to talk about what Cloudflare does. As you can see from our Mission Statement, Cloudflare is helping build a better internet. How do we do that? What is it that we do? In simple terms we help build a better internet by making your websites more secure, more reliable and faster. Why are these so important? Because if your website goes down or it’s slow to load, for any reason, it will have a negative impact to your business. And we make it our business that that will never happen
So diving into Cybersecurity, In a nutshell, this is our philosophy on how we tackle this issue for our customers.
world-class visibility, controls, and guided configurations
20M customers ww - huge variety - some tech some not
We will not sacrifice speed and performance for security. Complete but not complex
So how can Cloudflare help to grow your business? Cloudflare’s network has the breadth and scale that organizations need to run their Internet applications
What this means is that we have a very robust, holistic view on global security threats so that we can better help companies mitigate risks as they happen around the world. With this Global Anycast Network we will ensure that your websites always stays up and deliver faster content to your customers so that you can focus on what you do best and that is growing your business. Our network offers scale, performance that helps organizations like yours deliver superior application experience while keeping keeping their environments secure.
I will now hand it over to Guarav to talk about what you need to know about Cybersecurity
Talk Track:
Three factors are leading many of our customers to experience a growing exposure to security threats:
Greater attack surface results from three common trends:
Applications publishing more public APIs
Companies are moving more applications, including production-level workloads, to the cloud
Increasing third-party integrations
Attackers are stronger. Here are three ways:
Greater volume, greater distribution, including IoT devices as sources
Greater motivation through success of holding companies for ransom
Shifting to harder to detect and block “application” layer attacks
A greater attack surface area along with stronger attackers would, alone, be a big concern. But at the same time, there is
Greater scrutiny for security incidents:
Governments are applying greater scrutiny over privacy and data issues
Media reports of breaches and cybersecurity incidents have increased
Individual consumers more are educated and aware with high-profile reporting (a combination of #1 and #2)
Questions:
Do any of these actually sound familiar for your business?
Do you believe your exposure is decreasing, increasing or is the same? In what ways?
Background Reading - you can build this into your talk track:
Companies are facing increased pressures to strengthen their security posture. Three forces contributing to the pressure are:
Attack surface area increases from applications exposing more public APIs, the increase in SaaS adoption, and the integration with more third-party applications
Attackers are stronger, more sophisticated, and highly motivated
Heightened public and government scrutiny of data, privacy, and security
Attackers are increasing their frequency and volume of Distributed Denial of Service (DDoS) attacks. By leveraging botnets and the millions of Internet-of-Things (IoT) devices online, they are able to wage highly distributed volumetric attacks with greater ease and impact.
In addition to higher volumes, attackers are shifting their focus from the network layer to the application layer. Application-layer or "Layer 7" attacks are harder to detect, often require fewer resources to bring down a website or application, and can disrupt operations with greater impact.
Attackers are able to monetize their attempts to bring down sites or steal sensitive data, for example, by holding sites for ransom. As a result, because of the successful ransom payouts by their enterprise targets, the attackers are more motivated, organized and pervasive.
Talk Track:
In light of this growing exposure to security risks, what are those primary threats you may encounter?
We spent time talking with OUR customers across different verticals to truly understand the most common fears. These match what industry analysts are reporting:
Site is unavailable because of denial of service attack
Customer data is compromised, (e.g. breached or stolen)
Increasingly, abusive bot activity
For each of these broad types of threats, we’ll quickly go into more detail about what those types of threats or attacks could look like.
Questions:
Which, if any, of these are most important for you?
For the others, do you anticipate they could become problems or think they won’t impact your business? And if so, why?
If there was a pre-call…”I know you shared initial concerns about DDoS, what about data compromise?”
Talk Track:
This slide gives examples of the types of DDoS attack. We could dive deeper with the rest of your team and our security team, as well.
The important take-away is that these attacks are layered.
In other words, a DDoS can attack different parts of your infrastructure.
Volumetric DNS Flood: volumetric DNS queries against your DNS servers to make the DNS server unavailable
Amplification: using a DNS to amplify requests and overload yours server over UDP
HTTP Flood: volumetric HTTP attack to bring down the application
All of those attacks impacts availability and performance of of websites, applications and API’s.
Questions:
This is often a good, in-depth slide to share with broader audience, for example if you have a security or infrastructure team. Would you be interested in that?
Which have you experienced in the past, if any? How did you respond to them if you did?
Talk Track:
When it comes to compromise of sensitive customer data, you may be most familiar with malware.
While that’s a very visible form of attack right now, we should consider there are other common, just not as media-hyped, forms of customer data theft.
The take-away for this slide is that attackers can take advantage of different vulnerabilities.
DNS Spoofing: visitors are directed to a fake site instead of your site
A compromised DNS record, or "poisoned cache," can return a malicious answer from the DNS server, sending an unsuspecting visitor to an attacker's site. This enables attackers to steal user credentials to then take-over legitimate accounts.
Data Snooping: sensitive data like visitor’s credentials or credit cards are snooped over the wire
Attackers can intercept or "snoop" on customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers.
Brute Force: attackers are repeatedly trying credentials to take over an account
Attackers can wage "dictionary attacks" by automating logins with dumped credentials to "brute force" their way through a login-protected page.
Malicious Payload: SQL-injection, cross-site scripting, remote file inclusion that results in ex-filtrated data
Malicious payloads exploit an application vulnerability. The most common forms are SQL injections, cross-site scripting, and remote file inclusions. Each of these can exfiltrate sensitive data by running malicious code on the application.
The risk is that sensitive customer data, such as credit card information, might get compromised.
Talk Track:
The third attack: increasingly, bots are becoming more common forms of attack.
The three most common we have seen and blocked are:
Content scraping: which essentially steals website content and hurts SEO or revenue
Check out fraud: the most common is the “sneaker bot” which takes limited inventory and buys before actual customers can get them
Account takeover: the result typically of a brute force login to then use a compromised account
Talk Track:
So what happens when you experience one or more of these problems we just discussed? Many of our customers shared with us they have both intangible and tangible costs.
You can see some of the potential cost categories and, if you are interested, we can schedule time with your team to get a better handle on the costs if you don’t know details right now.
However, for the purposes of this conversation, we’ve found it’s often helpful to think about and to discuss the potential costs. The areas of cost can range, as you can see on the list, from remediation costs to loss of user productivity. It doesn’t need to be accurate. But reviewing these can reveal whether the problem is a one-hundred dollar a month problem, or a one-hundred thousand dollar a month problem.
Some questions include:
What is the cost for an hour of downtime due to a DDoS in lost customers?
What would be the cost if just one customer record were breached in terms of remediation or customer churn?
What happens to revenue or your brand when malicious bots abuse your site?
Source:
IDC, March 2015: “DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified”, Stephen Elliot. This was commissioned by AppDynamics
Ponemon Institute, 2017
Internal background reading - Enablement:
These are discovery/conversation slides
This is very important. You will have a more difficult time ultimately doing the sale or upsell without it unless the customer’s hair is on fire to buy something.
On the right hand side are the types of costs to explore with customers. Potential responses from customers and options for responses:
If the customer responds: I don’t know
“That’s fine. I could imagine the person who would know would be interested. Could we include him in future meetings as a way to help you get the answers?”
“I understand. Who would know about these numbers in your organization?”
“Sure. Do you think you could make an educated guess? Is this $5 per incident or $50,000 per incident?”
We have found that it’s valuable for companies to quickly get a sense of the business impacts you most care about.
These two were consistently what customers shared as big concerns, whether they use Cloudflare or not.
Which of these are important to you?
What connection do you see between these and downtime from DoS and breached customer data?
Who in the org care about these impacts?
Here are some examples from conversations with existing customers:
Trust
A financial services customer said lost of trust would directly impact customer and revenue
A medical ecommerce customer said losing trust would be “game over” as a business
A hospitality company values the brand as key to their business and downtime hurt the brand
A media site said losing trust of readers as a news site by being down would impact short-term ad revenues and long-term brand (which impacted advertisers)
Trust goes down, Revenue goes down in every case
If you had to give a dollar amount of the impact, what would it be?
Notes: Are costs critical to the buying decision?
Costs could be the increased costs of backend servers during attacks
-- For example, the service HaveIbeenPwnd, saw a 5x increase in Azure services due to attacks
-- A media company customer saw bandwidth costs increase 1000x from attack traffic
Revenue could be the impact during an outage
Downtime for many companies, from e-commerce, to SaaS, to ad-driven businesses, can be in the tens of thousands of dollars, due to lost customers, lost ad dollars
If you have to pick an area with the biggest potential impact, which would it be?
RESEARCH from competitors:
The average global cost of data breach per lost or stolen record was $141. However, health care organizations had an average cost of $380 and in financial services the average cost was $245. Media ($119), research ($101) and public sector ($71) had the lowest average cost per lost or stolen record.
2017 Cost of Data Breach Study Global Overview Benchmark research sponsored by IBM Security Independently conducted by Ponemon Institute LLC June 2017
https://www.theatlantic.com/technology/archive/2016/10/a-lot/505025/
https://www.ponemon.org/blog/2014-cost-of-data-breach-united-states
https://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdf
https://www.corero.com/company/newsroom/press-releases/market-study-indicates-ddos-protection-is-a-high-priority-for-data-centres-hosting-providers-and-network-services-providers/
https://ns-cdn.neustar.biz/creative_services/biz/neustar/www/resources/whitepapers/it-security/ddos/2015-oct-ddos-report.pdf
Talk Track:
Cloudflare’s DDoS Solution has several components.
First, our infrastructure scales to address the growing size of DDoS attacks. It does this through an Anycast network which creates a larger surface area to absorb highly distributed attacks.
Second, we put in place automatic detection and mitigation. This leverages our visibility across 6M customers and 10% of HTTP traffic.
Lastly, we give customers control for those layer 7 attacks which may not look like DDoS attacks to us, but for your environment need to be blocked by on customized rules you create.
The big message is: The DDoS solution is:
Scalable
Easy to Use
Fast
Our protections are layered:
Global Anycast absorbs distributed traffic
The Argo tunnel stops attack traffic to the origin server, without the hassle of opening up firewall ports and configuring ACLs
Drop at the edge high volume of ¾ and layer 7 traffic
Fingerprinting looks at patterns in traffic attributes to respond quickly to dynamic threats
Share intelligence across all to proactively identify threats
Give granular control to users for harder-to-detect Layer 7
Before we go further, could we talk about which, if any, of these are things you’d like to ask about?
Talk Track
Earlier we discussed four common vectors for attacks to compromise or steal sensitive data.
The take-away for this slide is this: when there are multiple vectors, you need a layered defense.
To defend against malicious payloads, you need a Web Application Firewall - WAF checks the payload against malicious OWASP on the application
To mitigate damage by malicious bots you need to be able move the attack surface closer to the attacker - Cloudflare Workers lets you apply custom security rules and filtering logic at the network edge. This helps in early detection of malicious bots and prevents them from consuming resources
To prevent unintended snooping of data, you need easy to manage and deploy encryption - TLS encrypts the content so protects against sniffing
To block brute force logins, you need rate-based log-in protection - Rate Limiting checks against threshold volume to protect against DDOS, brute-force or scraping
To prevent forged DNS answers that can send customers to a fake site, you need resilient DNS and DNSSEC - DNS tells us the address the request goes to and secure DNS protects against phishing
To protect your origin web server from targeted attacks that directly use the server IP address, you need an easy way to expose web servers securely to the internet. The Argo tunnel stops attack traffic, without the hassle of opening up firewall ports and configuring ACLs by ensuring that requests route through Cloudflare’s WAF and unmetered DDoS before reaching the web server
All these work seamlessly and are easy to set up and configure through the Cloudflare UI as well as through a rich set of APIs.
The high level takeaways are:
Multiple attack vectors
Cloudflare has layered defense
Easy to configure across all services
Learn across 9m websites
Background Reading - you can build this into your talk track:
Reduce risks of data compromise through layered defense
Attackers often use several attack vectors when attempting to compromise customer data. To protect themselves, companies need a layered defense.
REDUCE SPOOFING THROUGH SECURE DNS
Cache poisoning or "spoofing" tricks unsuspecting site visitors to enter sensitive data, such as credit card numbers, into an attacked site. This type of attack occurs when an attacker poisons the cache of a DNS name server with incorrect records. Until the cache entry expires, that name server will return the fake DNS records. Instead of being directed to the correct site, visitors are routed to an attacker's site, allowing the bad actor to extract sensitive data.
DNSSEC verifies DNS records using cryptographic signatures. By checking the signature associated with a record, DNS resolvers can verify that the requested information comes from its authoritative name server and not a man-in-the-middle attacker.
STOP ATTACK TRAFFIC TO THE ORIGIN WEB SERVER
If an attacker knows the server's IP address, they can attack it directly and bypass existing security solutions. To address this problem, most companies use a solution called Origin Protection. We call it BGP Origin Protection, Incapsula calls it IP Protection and Akamai calls it Site Shield. The underlying technology is often a GRE tunnel and it's slow, expensive and only available as an on-demand service.
What exactly does Argo Tunnel do?
exposes web servers securely to the internet, without opening up firewall ports and configuring ACLs
ensures requests route through Cloudflare before reaching the web server, so attack traffic is stopped with Cloudflare’s WAF and Unmetered DDoS mitigation and authenticated with Access
Every server has an internal firewall that controls what can connect to that server. The firewall decides what connections can reach the server. (Note: Firewall only controls what can get in, not what can get out). By default, Firewall says no connection can reach the server. Usually you have to change the firewall so that connections to port 443 (HTTPS) can reach the serverWith Tunnel, you keep the firewall totally locked down. Nothing can get in. The Tunnel client installed and running on the server makes an outbound connection to Cloudflare. That's allowed – remember the firewall only cares about what establishes an inbound connection. Outbound is allowed. Because there is an outbound connection from the server to Cloudflare, Cloudflare can communicate with server.But if anything else tries to connect to the server, the firewall drops the connection. Someone trying to get the origin server’s IP by doing a scan of all IP's will not get a response from the server behind Tunnel – it is like the server is not there, or offline.
REDUCE SNOOPING THROUGH ENCRYPTION
Attackers can intercept or "snoop" on customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers. In the case of a "man-in-the-middle" attack, the browser thinks it is talking to the server on an encrypted channel, and the server thinks it is talking to the browser, but they are both talking to the attacker who is sitting in the middle. All traffic passes through this man-in-the-middle, who is able to read and modify any of the data.
Fast encryption/termination, easy certificate management, and support of the latest security standards enable customers to secure transmission of user data.
BLOCK MALICIOUS PAYLOADS THROUGH AUTO-UPDATED, SCALABLE WAF
Attackers exploit application vulnerabilities by submitting malicious payloads that can extract sensitive data from the database, the user's browser, or from injecting malware that can compromise targeted systems.
A Web Application Firewall (WAF) examines web traffic looking for suspicious activity; it can then automatically filter out illegitimate traffic based on rule sets that you ask it to apply. It looks at both GET and POST-based HTTP requests and applies a rule set, such as the ModSecurity core rule set covering the OWASP Top 10 vulnerabilities to determine what traffic to block, challenge or let pass. It can block comment spam, cross-site scripting attacks and SQL injections.
The Cloudflare Web Application Firewall (WAF) updates rules based on threats identified because of its 6M customers, and can protect customers without hurting application performance because of its low-latency inspection and integration with traffic acceleration.
REDUCE ACCOUNT TAKE-OVERS THROUGH LOGIN PROTECTION
Attackers can wage "dictionary attacks" by automating logins with dumped credentials to "brute force" their way through a login-protected page.
Cloudflare enables users to customize rules to identify and block at the edge these hard-to-detect attacks through its rate-limiting rules
Cloudflare has protected its customers against some of the largest DDoS attacks which ever occurred. In fact, our 10 Tbps global anycast network is 10X bigger than the latest and largest DDoS attack, which allows us to protect all internet assets on our network even against the new, massive IoT-based DDoS attacks.
With the addition of Rate Limiting Cloudflare complements the existing services DDoS and Web Application Firewall (WAF) Services. Rate Limiting protects against layer 7 denial-of-service attacks, brute-force password attempts, and other types of abusive behavior targeting the application layer. It provides the ability to configure thresholds and define responses by IP. If traffic from a specific IP exceeds the threshold, than those requests get blocked and timed out for a defined period. Cloudflare does not charge for blocked traffic, so that our customers only pay for good traffic but not attack traffic. Rate Limiting also provides customers to gain analytical insights into endpoints of the website, application, or API, and they can monitor their good and bad traffic.
The main benefits of Rate Limiting include:
Precise DDoS Mitigation: Rate Limiting provides simple to use but powerful configuration capabilities to protect against denial-of-service attacks
Protect Customer Data: Rate Limiting is the right service to protect sensitive customer information against brute force login attacks
Enforce Usage Limits: Enforce usage limits on your API endpoints by limiting HTTP requests
Cost Protection: Avoid the unpredictable cost of traffic spikes or attacks by setting thresholds which only allow good traffic through.