零壹科技「壹點通行銷同步雲」入選經濟部中小企業雲端運算推廣服務計畫,採用趨勢科技SafeSync技術,「壹點通行銷同步雲」讓大型企業安全地同步、分享與管理文件,提供一個不可或缺的私有雲,讓 IT 將四處分散的文件集中至一個控管的空間。有了「壹點通行銷同步雲」,IT 就能提升使用者的靈活性和便利性,不論使用者在辦公室內或者在路上都能傳送及存取大型文件
Centralizing Data Security with Data Virtualization (Chinese)Denodo
Watch: https://bit.ly/2E1ZtvK
Security can be a key concern when data is spread across multiple systems residing both on-premise and on the cloud. Asurion has leveraged data virtualization to use it as a single engine for security control over the data sources. This also helps facilitate transition to modern cloud-based data architecture.
In this webinar, we will discuss how data virtualization will help:
- Customize security and governance strategy in the data abstraction layer;
- Overcome the challenges associated with centralizing security across on-premise and cloud data sources;
- Build a single engine for security that provides audit and control by geographies
零壹科技「壹點通行銷同步雲」入選經濟部中小企業雲端運算推廣服務計畫,採用趨勢科技SafeSync技術,「壹點通行銷同步雲」讓大型企業安全地同步、分享與管理文件,提供一個不可或缺的私有雲,讓 IT 將四處分散的文件集中至一個控管的空間。有了「壹點通行銷同步雲」,IT 就能提升使用者的靈活性和便利性,不論使用者在辦公室內或者在路上都能傳送及存取大型文件
Centralizing Data Security with Data Virtualization (Chinese)Denodo
Watch: https://bit.ly/2E1ZtvK
Security can be a key concern when data is spread across multiple systems residing both on-premise and on the cloud. Asurion has leveraged data virtualization to use it as a single engine for security control over the data sources. This also helps facilitate transition to modern cloud-based data architecture.
In this webinar, we will discuss how data virtualization will help:
- Customize security and governance strategy in the data abstraction layer;
- Overcome the challenges associated with centralizing security across on-premise and cloud data sources;
- Build a single engine for security that provides audit and control by geographies
Presentation delivered at LinuxCon China 2017
The practices of Blockchain as a service in Dianrong (Shiyuan Xiao, Dianrong.com) - Blockchain as a Service (BaaS) provides a easy, low-cost and flexible platform for companies to enable their businesses based on blockchain backed by a cloud platform. Shiyuan will introduce the experiences to build such a BaaS platform, what is the architecture, what problems we have met and solved and the best practices we summarized.
Succeeding with Secure Access Service Edge (SASE)Cloudflare
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
Close your security gaps and get 100% of your traffic protected with CloudflareCloudflare
The Gaming & Gambling industry has been the target of increasingly sophisticated cyber attacks in recent years, ranging from automated bots carrying out credential stuffing and intellectual property scraping to Layer 3 DDoS attacks, which can result in reduced network speed and performance, and in some cases loss of business when such incidents occur.
View this presentation from Cloudflare security experts Stephane Nouvellon, Principal Solutions Engineer and Philip Björkman, Strategic Vertical Account Executive (EMEA Gaming & Gambling) to learn about:
-How you can protect your business and improve the performance and reliability of your infrastructure, globally
-Solutions to secure your organization's online traffic (all OSI layers) against bots and cyber attacks whilst improving the performance of your applications.
Why you should replace your d do s hardware applianceCloudflare
Watch this webinar to learn how to:
Protect and accelerate your networks
Reduce the total cost of ownership (TCO) in your data centers, and
Increase your operational agility with easy deployment and management of network services
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarCloudflare
Bot attacks to look out for this holiday season including:
Account takeover/Credential stuffing, inventory hoarding, price scraping, fake account creation, credit card stuffing.
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
The COVID-19 pandemic brought changes no IT team was ready for: employees were sent home, customer interaction models changed, and cloud transformation efforts abruptly accelerated. Cloudflare recently commissioned Forrester Consulting to explore the impact of 2020 disruptions on security strategy and operations among companies of all sizes. To do so, they surveyed 317 global security decision makers from around the world.
Join our guest Forrester VP, Principal Analyst, Chase Cunningham, and Cloudflare Go-To-Market Leader, Brian Parks, for an in-depth discussion of the survey results, followed by practical guidance for next year’s planning.
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...Cloudflare
Join this webinar to learn how Paul Hartmann, a leading manufacturer of medical and healthcare products, leverages Cloudflare to strengthen its security posture and deliver a superior online experience to its customers
Zero trust for everybody: 3 ways to get there fastCloudflare
The COVID-19 pandemic has exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards, and more than ever, organizations need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches. It’s aspirational, but not unachievable.
At Cloudflare, we’re making complicated security challenges easier to solve. Since 2018, Cloudflare Access has helped thousands of organizations big and small take their first steps toward Zero Trust.
In this presentation, Cloudflare will share their perspective on what the most successful organizations do first on their journey to Zero Trust.
We’ll cover:
-The Zero Trust framework, and our recommended ZT security model
-How 3 organizations of differing size and security maturity have implemented Zero Trust access
-Cloudflare’s Zero Trust implementation and lessons learned
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...Cloudflare
Maintaining the right balance between security and customer experience is always challenging for online businesses. This challenge becomes even more relevant during this crisis as businesses face unprecedented levels of traffic and attacks.
Tune in to learn how LendingTree leverages Cloudflare to strengthen their security posture while ensuring a superior online experience for their customers. Listen to security experts from LendingTree and Cloudflare as they discuss:
Emerging attack vectors and tactics impacting online platforms
Best practices for online businesses to overcome these threats
How LendingTree leverages Cloudflare to maintain the right balance between security and business objectives
Network Transformation: What it is, and how it’s helping companies stay secur...Cloudflare
Rahul Deshmukh, Product Marketing at Cloudflare, & Varun Mehta, Solutions Engineer at Cloudflare, discuss how several companies have approached network transformation to improve the security, performance, and reliability of their infrastructure
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
During the webinar, Vivek Ganti, Product Marketing Manager for Cloudflare, & Jim Hodges, Chief Analyst of Cloud and Security at Heavy Reading, discussed how service providers are regular targets of DDoS attacks, and how these attacks directly impact their uptime, availability, and revenue.
Application layer attack trends through the lens of Cloudflare dataCloudflare
The past few months have seen significant changes in how attackers target the application layer—through injection attacks, malicious bots, DDoS, API vulnerability exploits, and more. We can observe these changes by analyzing traffic from Cloudflare’s global network, which blocks an average of 45 billion threats per day for over 27 million Internet properties.
Watch this webinar to explore data on:
Which attack vectors have become more and less common
How those changes vary by region and industry
The business and societal trends behind these attacks
Strategies for addressing these latest attack tactics
Recent DDoS attack trends, and how you should respondCloudflare
The past few months have seen significant changes in global DDoS tactics. We can observe these changes in detail by analyzing traffic patterns from Cloudflare’s global network, which protects more than 27 million Internet properties and blocks 45 billion cyber threats every day. What approaches are DDoS attackers using right now, and what are forward-thinking organizations doing in response?
Cloudflare DDoS product experts Omer Yoachimik, and Vivek Ganti will explore new data on DDoS trends and discuss ways to counter these tactics.
Cybersecurity 2020 threat landscape and its implications (AMER)Cloudflare
Cybersecurity decisions have direct implications to individuals, enterprises and organizations but also have broader societal implications than ever before. In 2020 and beyond, technology promises to change our own experience and enhance our way of life, and those of our customers, significantly. This reliance and targeting have been magnified during COVID19, where the cybercriminals have sunk to new lows at the same time as that reliance on tech has increased.
This session will explore how these technologies are going to change the experiences of our lives for the better and for the worse. It will explore the most recent cybersecurity breaches, predict the key security issues for 2020 and discuss current security priorities.
Strengthening security posture for modern-age SaaS providersCloudflare
Businesses become more resilient in times of crises. This is especially true for SaaS businesses that are facing unprecedented challenges in this environment. While some are catering to a surge in traffic, others are figuring out innovative solutions to retain their customers. In addition, increasing malicious attacks are straining the resources of these SaaS businesses.
Now more than ever, it is important for SaaS providers to deliver an uninterrupted experience. One that is fast, secure, and reliable to their customers in a cost effective manner.
Join this webcast to learn more about how ActiveCampaign leverages Cloudflare to deliver meaningful services to their end users.
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksCloudflare
DDoS attacks are evolving. Detecting and mitigating attacks quickly and accurately is a key strategy to ensure business continuity.
Join this webinar to learn about:
- What is a DDoS attack and what it can cost you
- Global DDoS attack trends and what it means to you
- How Cloudflare Magic Transit and Kentik together monitor and mitigate DDoS attacks of all sizes and kinds
In this webinar, learn from Cloudflare’s DDoS Protection Product Manager, Omer Yoachimik, about the recent attacks (both large and small) and how Cloudflare is uniquely positioned to help protect Internet properties on its network from DDoS attacks and cyber threats.
In this webinar, you will learn:
- DDoS attack trends to watch out for in 2020
- How Cloudflare detects & mitigates DDoS attacks
- How can you protect your website and networks against DDoS attacks
It’s 9AM... Do you know what’s happening on your network?Cloudflare
If you manage a corporate network, you’re responsible for protecting users from risky and malicious content online. Doing that well requires insight into the requests on your network, and the power to block risky content before it impacts your users. Legacy solutions have addressed this challenge by forcing the Internet through hardware onsite.
Cloudflare has a better way. The all-new Cloudflare Gateway (part of the Cloudflare for Teams family), provides secure, intelligent DNS powered by the world’s fastest public DNS resolver. With Gateway, you can visualize your Internet traffic in one place. And with 100+ security and content filters at your fingertips, you can apply comprehensive Internet intelligence to protect global office networks in a matter of minutes.
Join Irtefa, Product Manager for Cloudflare Gateway and AJ Gerstenhaber, Go to Market for Cloudflare for Teams, to discover a new way to protect your offices and teams from malware - no legacy firewalls required.
Bring speed and security to the intranet with cloudflare for teamsCloudflare
Cloudflare was started to solve one half of every IT organization's challenge: how do you ensure the resources and infrastructure that you expose to the Internet are safe from attack, fast, and reliable? To deliver that, we built one of the world's largest networks. Today our network spans more than 200 cities worldwide and is within milliseconds of nearly everyone connected to the Intranet.
Cloudflare for Teams is a new platform designed to solve the other half of every IT organization's challenge: ensuring the people and teams within an organization can safely access the tools they need to do their job. Now you can extend Cloudflare’s speed, reliability and protection to everything your team does on the Intranet.
In this webinar, you’ll learn:
- Common challenges of scaling security for your growing business
- How to extend Zero Trust security principles to your internally managed applications
- How to make Intranet access faster and safer for your employees
In a highly competitive digital culture, businesses are intensifying their digital transformation efforts to expand their hybrid and multi-cloud cloud initiatives. As dependencies on legacy point solutions and architectures begin to diminish, developers are becoming increasingly influential in newly digitally transformed organizations.
The need for increased agility, and speed is paramount. While CDNs have been a key fixture for many enterprise businesses to remediate global network latencies, new challenges have arisen with these solutions that are inhibiting agile workstyles.
Join this webinar to learn the following:
- The foundations of improving web performance
- How the web performance market is evolving and the challenges faced by CDN providers
- How Cloudflare supports your digital transformation
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
Hi Everyone
A very warm welcome to all of you who’s joining us across countries in APAC. We are all excited to be here with you as this will be giving you a beginner's take on Cybersecurity and how it impacts your business. We will now share the latest trends around this subject so that you know what to look out for and some practical tips on how to mitigate your risks, so we hope you stick around till the end.
Thank you again for joining us with this session.
My name is Sophie and I am the Customer Success Manager for APAC.
Cloudflare is growing really fast in our region and I’m the day to day contact window for the enterprise customers,
responsible for new customer onboarding, service consultancy, QBR , on-site customer engagement and customer event planning and coordination.
And help to drive digital platforms and educational events like this.
On today’s webinar we have Gaurav Mallawat , our Solutions Engineer based in Singapore, Gaurav is a very senior engineer team lead and has been with Cloudflare for almost four years. He will share contents from a more technical point of view. Hey Gaurav , would you like to introduce yourself?
Thank you Gaurav for the introduction and we’re all looking forward to diving into your content. But before we start, I would like to go over some housekeeping items. Since there are so many of you on the call. If you do have any questions, we are going to hold that off until the end of the presentation.
Please write your questions on the Q&A section in your console on the right hand side. We will go through these Questions at the end of the webcast. Also, a recording of this webinar will be available on the Cloudflare Channel and the slides will be shared with you. This session will take around 30 minutes of your time. But we will stay online after that to answer your questions.
And here we go!
“On today’s webinar we will cover these 3 main things
How does the threat landscape look like?
What are challenges to a successful security strategy
How can you protect your web content from these threats?
We will end with the Q&A so please make sure you ask your questions on the chat and we will answer them at the end.
The next 30 minutes is packed with useful tips and insights. Before we get into that, let me take a few steps back to talk about what Cloudflare does. As you can see from our Mission Statement, Cloudflare is helping build a better internet. How do we do that? What is it that we do? In simple terms we help build a better internet by making your websites more secure, more reliable and faster.
And why are these so important? Because if your website goes down or it’s slow to load, for any reason, it will have a negative impact to your business and cause the revenue lost. And we make it our business that that will never happen
So diving into Cybersecurity, In a nutshell, this is our philosophy on how we tackle this issue for our customers.
world-class visibility, controls, and guided configurations
20M customers world wide - huge variety - some tech some not
We will not sacrifice speed and performance for security. We are complete but not complex
So how can Cloudflare help to grow your business?
Cloudflare’s network has the breadth and scale that organizations need to run their Internet applications. As of today, our network covers 194 cities and 90 plus countries.
What this means is that we have a very robust, holistic view on global security threats so that we can better help companies mitigate risks as they happen around the world.
With this Global Anycast Network we will ensure that your websites always stays up and deliver faster content to your customers so that you can focus on what you do best and that is growing your business.
Our network offers scale, performance that helps organizations like yours deliver superior application experience while keeping their environments secure.
We are for everyone.
There are benefits from having a diverse set of customers and we have over 20 million Internet properties on our network across geographies, industry verticals, non-profits, and government agencies
There are number of customers that have realized benefits from the integrated security, performance, and reliability. Here are some examples.
Talk Track:
Three factors are leading many of our customers to experience a growing exposure to security threats:
Greater attack surface results from three common trends:
Applications publishing more public APIs
Companies are moving more applications, including production-level workloads, to the cloud
Increasing third-party integrations
Attackers are stronger. Here are three ways:
Greater volume, greater distribution, including IoT devices as sources
Greater motivation through success of holding companies for ransom
Shifting to harder to detect and block “application” layer attacks
A greater attack surface area along with stronger attackers would, alone, be a big concern. But at the same time, there is
Greater scrutiny for security incidents:
Governments are applying greater scrutiny over privacy and data issues
Media reports of breaches and cybersecurity incidents have increased
Individual consumers more are educated and aware with high-profile reporting (a combination of #1 and #2)
Questions:
Do any of these actually sound familiar for your business?
Do you believe your exposure is decreasing, increasing or is the same? In what ways?
Background Reading - you can build this into your talk track:
Companies are facing increased pressures to strengthen their security posture. Three forces contributing to the pressure are:
Attack surface area increases from applications exposing more public APIs, the increase in SaaS adoption, and the integration with more third-party applications
Attackers are stronger, more sophisticated, and highly motivated
Heightened public and government scrutiny of data, privacy, and security
Attackers are increasing their frequency and volume of Distributed Denial of Service (DDoS) attacks. By leveraging botnets and the millions of Internet-of-Things (IoT) devices online, they are able to wage highly distributed volumetric attacks with greater ease and impact.
In addition to higher volumes, attackers are shifting their focus from the network layer to the application layer. Application-layer or "Layer 7" attacks are harder to detect, often require fewer resources to bring down a website or application, and can disrupt operations with greater impact.
Attackers are able to monetize their attempts to bring down sites or steal sensitive data, for example, by holding sites for ransom. As a result, because of the successful ransom payouts by their enterprise targets, the attackers are more motivated, organized and pervasive.
Talk Track:
In light of this growing exposure to security risks, what are those primary threats you may encounter?
We spent time talking with OUR customers across different verticals to truly understand the most common fears. These match what industry analysts are reporting:
Site is unavailable because of denial of service attack
Customer data is compromised, (e.g. breached or stolen)
Increasingly, abusive bot activity
For each of these broad types of threats, we’ll quickly go into more detail about what those types of threats or attacks could look like.
Questions:
Which, if any, of these are most important for you?
For the others, do you anticipate they could become problems or think they won’t impact your business? And if so, why?
If there was a pre-call…”I know you shared initial concerns about DDoS, what about data compromise?”
Talk Track:
This slide gives examples of the types of DDoS attack. We could dive deeper with the rest of your team and our security team, as well.
The important take-away is that these attacks are layered.
In other words, a DDoS can attack different parts of your infrastructure.
Volumetric DNS Flood: volumetric DNS queries against your DNS servers to make the DNS server unavailable
Amplification: using a DNS to amplify requests and overload yours server over UDP
HTTP Flood: volumetric HTTP attack to bring down the application
All of those attacks impacts availability and performance of of websites, applications and API’s.
Questions:
This is often a good, in-depth slide to share with broader audience, for example if you have a security or infrastructure team. Would you be interested in that?
Which have you experienced in the past, if any? How did you respond to them if you did?
Talk Track:
When it comes to compromise of sensitive customer data, you may be most familiar with malware.
While that’s a very visible form of attack right now, we should consider there are other common, just not as media-hyped, forms of customer data theft.
The take-away for this slide is that attackers can take advantage of different vulnerabilities.
DNS Spoofing: visitors are directed to a fake site instead of your site
A compromised DNS record, or "poisoned cache," can return a malicious answer from the DNS server, sending an unsuspecting visitor to an attacker's site. This enables attackers to steal user credentials to then take-over legitimate accounts.
Data Snooping: sensitive data like visitor’s credentials or credit cards are snooped over the wire
Attackers can intercept or "snoop" on customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers.
Brute Force: attackers are repeatedly trying credentials to take over an account
Attackers can wage "dictionary attacks" by automating logins with dumped credentials to "brute force" their way through a login-protected page.
Malicious Payload: SQL-injection, cross-site scripting, remote file inclusion that results in ex-filtrated data
Malicious payloads exploit an application vulnerability. The most common forms are SQL injections, cross-site scripting, and remote file inclusions. Each of these can exfiltrate sensitive data by running malicious code on the application.
The risk is that sensitive customer data, such as credit card information, might get compromised.
Talk Track:
The third attack: increasingly, bots are becoming more common forms of attack.
The three most common we have seen and blocked are:
Content scraping: which essentially steals website content and hurts SEO or revenue
Check out fraud: the most common is the “sneaker bot” which takes limited inventory and buys before actual customers can get them
Account takeover: the result typically of a brute force login to then use a compromised account
Talk Track:
So what happens when you experience one or more of these problems we just discussed? Many of our customers shared with us they have both intangible and tangible costs.
You can see some of the potential cost categories and, if you are interested, we can schedule time with your team to get a better handle on the costs if you don’t know details right now.
However, for the purposes of this conversation, we’ve found it’s often helpful to think about and to discuss the potential costs. The areas of cost can range, as you can see on the list, from remediation costs to loss of user productivity. It doesn’t need to be accurate. But reviewing these can reveal whether the problem is a one-hundred dollar a month problem, or a one-hundred thousand dollar a month problem.
Some questions include:
What is the cost for an hour of downtime due to a DDoS in lost customers?
What would be the cost if just one customer record were breached in terms of remediation or customer churn?
What happens to revenue or your brand when malicious bots abuse your site?
Source:
IDC, March 2015: “DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified”, Stephen Elliot. This was commissioned by AppDynamics
Ponemon Institute, 2017
Internal background reading - Enablement:
These are discovery/conversation slides
This is very important. You will have a more difficult time ultimately doing the sale or upsell without it unless the customer’s hair is on fire to buy something.
On the right hand side are the types of costs to explore with customers. Potential responses from customers and options for responses:
If the customer responds: I don’t know
“That’s fine. I could imagine the person who would know would be interested. Could we include him in future meetings as a way to help you get the answers?”
“I understand. Who would know about these numbers in your organization?”
“Sure. Do you think you could make an educated guess? Is this $5 per incident or $50,000 per incident?”
We have found that it’s valuable for companies to quickly get a sense of the business impacts you most care about.
These two were consistently what customers shared as big concerns, whether they use Cloudflare or not.
Which of these are important to you?
What connection do you see between these and downtime from DoS and breached customer data?
Who in the org care about these impacts?
Here are some examples from conversations with existing customers:
Trust
A financial services customer said lost of trust would directly impact customer and revenue
A medical ecommerce customer said losing trust would be “game over” as a business
A hospitality company values the brand as key to their business and downtime hurt the brand
A media site said losing trust of readers as a news site by being down would impact short-term ad revenues and long-term brand (which impacted advertisers)
Trust goes down, Revenue goes down in every case
If you had to give a dollar amount of the impact, what would it be?
Notes: Are costs critical to the buying decision?
Costs could be the increased costs of backend servers during attacks
-- For example, the service HaveIbeenPwnd, saw a 5x increase in Azure services due to attacks
-- A media company customer saw bandwidth costs increase 1000x from attack traffic
Revenue could be the impact during an outage
Downtime for many companies, from e-commerce, to SaaS, to ad-driven businesses, can be in the tens of thousands of dollars, due to lost customers, lost ad dollars
If you have to pick an area with the biggest potential impact, which would it be?
RESEARCH from competitors:
The average global cost of data breach per lost or stolen record was $141. However, health care organizations had an average cost of $380 and in financial services the average cost was $245. Media ($119), research ($101) and public sector ($71) had the lowest average cost per lost or stolen record.
2017 Cost of Data Breach Study Global Overview Benchmark research sponsored by IBM Security Independently conducted by Ponemon Institute LLC June 2017
https://www.theatlantic.com/technology/archive/2016/10/a-lot/505025/
https://www.ponemon.org/blog/2014-cost-of-data-breach-united-states
https://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdf
https://www.corero.com/company/newsroom/press-releases/market-study-indicates-ddos-protection-is-a-high-priority-for-data-centres-hosting-providers-and-network-services-providers/
https://ns-cdn.neustar.biz/creative_services/biz/neustar/www/resources/whitepapers/it-security/ddos/2015-oct-ddos-report.pdf
Talk Track:
Cloudflare’s DDoS Solution has several components.
First, our infrastructure scales to address the growing size of DDoS attacks. It does this through an Anycast network which creates a larger surface area to absorb highly distributed attacks.
Second, we put in place automatic detection and mitigation. This leverages our visibility across 20M customers and 10% of HTTP traffic.
Lastly, we give customers control for those layer 7 attacks which may not look like DDoS attacks to us, but for your environment need to be blocked by on customized rules you create.
The big message is: The DDoS solution is:
Scalable
Easy to Use
Fast
Our protections are layered:
Global Anycast absorbs distributed traffic
The Argo tunnel stops attack traffic to the origin server, without the hassle of opening up firewall ports and configuring ACLs
Drop at the edge high volume of ¾ and layer 7 traffic
Fingerprinting looks at patterns in traffic attributes to respond quickly to dynamic threats
Share intelligence across all to proactively identify threats
Give granular control to users for harder-to-detect Layer 7
Before we go further, could we talk about which, if any, of these are things you’d like to ask about?
Talk Track
Earlier we discussed four common vectors for attacks to compromise or steal sensitive data.
The take-away for this slide is this: when there are multiple vectors, you need a layered defense.
To defend against malicious payloads, you need a Web Application Firewall - WAF checks the payload against malicious OWASP on the application
To mitigate damage by malicious bots you need to be able move the attack surface closer to the attacker - Cloudflare Workers lets you apply custom security rules and filtering logic at the network edge. This helps in early detection of malicious bots and prevents them from consuming resources
To prevent unintended snooping of data, you need easy to manage and deploy encryption - TLS encrypts the content so protects against sniffing
To block brute force logins, you need rate-based log-in protection - Rate Limiting checks against threshold volume to protect against DDOS, brute-force or scraping
To prevent forged DNS answers that can send customers to a fake site, you need resilient DNS and DNSSEC - DNS tells us the address the request goes to and secure DNS protects against phishing
To protect your origin web server from targeted attacks that directly use the server IP address, you need an easy way to expose web servers securely to the internet. The Argo tunnel stops attack traffic, without the hassle of opening up firewall ports and configuring ACLs by ensuring that requests route through Cloudflare’s WAF and unmetered DDoS before reaching the web server
All these work seamlessly and are easy to set up and configure through the Cloudflare UI as well as through a rich set of APIs.
The high level takeaways are:
Multiple attack vectors
Cloudflare has layered defense
Easy to configure across all services
Learn across 9m websites
Background Reading - you can build this into your talk track:
Reduce risks of data compromise through layered defense
Attackers often use several attack vectors when attempting to compromise customer data. To protect themselves, companies need a layered defense.
REDUCE SPOOFING THROUGH SECURE DNS
Cache poisoning or "spoofing" tricks unsuspecting site visitors to enter sensitive data, such as credit card numbers, into an attacked site. This type of attack occurs when an attacker poisons the cache of a DNS name server with incorrect records. Until the cache entry expires, that name server will return the fake DNS records. Instead of being directed to the correct site, visitors are routed to an attacker's site, allowing the bad actor to extract sensitive data.
DNSSEC verifies DNS records using cryptographic signatures. By checking the signature associated with a record, DNS resolvers can verify that the requested information comes from its authoritative name server and not a man-in-the-middle attacker.
STOP ATTACK TRAFFIC TO THE ORIGIN WEB SERVER
If an attacker knows the server's IP address, they can attack it directly and bypass existing security solutions. To address this problem, most companies use a solution called Origin Protection. We call it BGP Origin Protection, Incapsula calls it IP Protection and Akamai calls it Site Shield. The underlying technology is often a GRE tunnel and it's slow, expensive and only available as an on-demand service.
What exactly does Argo Tunnel do?
exposes web servers securely to the internet, without opening up firewall ports and configuring ACLs
ensures requests route through Cloudflare before reaching the web server, so attack traffic is stopped with Cloudflare’s WAF and Unmetered DDoS mitigation and authenticated with Access
Every server has an internal firewall that controls what can connect to that server. The firewall decides what connections can reach the server. (Note: Firewall only controls what can get in, not what can get out). By default, Firewall says no connection can reach the server. Usually you have to change the firewall so that connections to port 443 (HTTPS) can reach the serverWith Tunnel, you keep the firewall totally locked down. Nothing can get in. The Tunnel client installed and running on the server makes an outbound connection to Cloudflare. That's allowed – remember the firewall only cares about what establishes an inbound connection. Outbound is allowed. Because there is an outbound connection from the server to Cloudflare, Cloudflare can communicate with server.But if anything else tries to connect to the server, the firewall drops the connection. Someone trying to get the origin server’s IP by doing a scan of all IP's will not get a response from the server behind Tunnel – it is like the server is not there, or offline.
REDUCE SNOOPING THROUGH ENCRYPTION
Attackers can intercept or "snoop" on customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers. In the case of a "man-in-the-middle" attack, the browser thinks it is talking to the server on an encrypted channel, and the server thinks it is talking to the browser, but they are both talking to the attacker who is sitting in the middle. All traffic passes through this man-in-the-middle, who is able to read and modify any of the data.
Fast encryption/termination, easy certificate management, and support of the latest security standards enable customers to secure transmission of user data.
BLOCK MALICIOUS PAYLOADS THROUGH AUTO-UPDATED, SCALABLE WAF
Attackers exploit application vulnerabilities by submitting malicious payloads that can extract sensitive data from the database, the user's browser, or from injecting malware that can compromise targeted systems.
A Web Application Firewall (WAF) examines web traffic looking for suspicious activity; it can then automatically filter out illegitimate traffic based on rule sets that you ask it to apply. It looks at both GET and POST-based HTTP requests and applies a rule set, such as the ModSecurity core rule set covering the OWASP Top 10 vulnerabilities to determine what traffic to block, challenge or let pass. It can block comment spam, cross-site scripting attacks and SQL injections.
The Cloudflare Web Application Firewall (WAF) updates rules based on threats identified because of its 6M customers, and can protect customers without hurting application performance because of its low-latency inspection and integration with traffic acceleration.
REDUCE ACCOUNT TAKE-OVERS THROUGH LOGIN PROTECTION
Attackers can wage "dictionary attacks" by automating logins with dumped credentials to "brute force" their way through a login-protected page.
Cloudflare enables users to customize rules to identify and block at the edge these hard-to-detect attacks through its rate-limiting rules
Cloudflare has protected its customers against some of the largest DDoS attacks which ever occurred. In fact, our 10 Tbps global anycast network is 10X bigger than the latest and largest DDoS attack, which allows us to protect all internet assets on our network even against the new, massive IoT-based DDoS attacks.
With the addition of Rate Limiting Cloudflare complements the existing services DDoS and Web Application Firewall (WAF) Services. Rate Limiting protects against layer 7 denial-of-service attacks, brute-force password attempts, and other types of abusive behavior targeting the application layer. It provides the ability to configure thresholds and define responses by IP. If traffic from a specific IP exceeds the threshold, than those requests get blocked and timed out for a defined period. Cloudflare does not charge for blocked traffic, so that our customers only pay for good traffic but not attack traffic. Rate Limiting also provides customers to gain analytical insights into endpoints of the website, application, or API, and they can monitor their good and bad traffic.
The main benefits of Rate Limiting include:
Precise DDoS Mitigation: Rate Limiting provides simple to use but powerful configuration capabilities to protect against denial-of-service attacks
Protect Customer Data: Rate Limiting is the right service to protect sensitive customer information against brute force login attacks
Enforce Usage Limits: Enforce usage limits on your API endpoints by limiting HTTP requests
Cost Protection: Avoid the unpredictable cost of traffic spikes or attacks by setting thresholds which only allow good traffic through.