Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security Week 2023 is officially in the books. In our welcome post last Saturday, I talked about Cloudflare’s years-long evolution from protecting websites, to protecting applications, to protecting people. Our goal this week was to help our customers solve a broader range of problems, reduce external points of vulnerability, and make their jobs easier. We announced 34 new tools and integrations that will do just that.

It’s 2023, and security cap-ex spending is at an all-time high and forecast to keep growing. Thanks to frameworks like MITRE ATT&CK, we also know more about how threat actors function than ever. There is no shortage of security solutions either – the average organisation uses around 60 within its environment. But cyber attacks still do hundreds of billions of dollars of damage annually. So, what’s going wrong? The answer has three parts. Firstly, cybercrime has gotten a lot easier.

As organizations respond to an ever-evolving set of security threats, network teams are scrambling to find new ways to keep up with numerous standards and regulations to dodge their next compliance audit violation. Can this nightmare be avoided? Yes, and it’s not as complex as one might think if you take a “compliance first” approach.

In recognizing the growing impact of third-party risks on operational resilience, the Prudential Regulation Authority (PRA) has established new regulatory requirements in the areas of third-party risk management and outsourcing. The details were published in a Supervisory Statement that has been put into effect since March 2022.

Cloudflare offers many security features like WAF, Bot management, DDoS, Zero Trust, and more! This suite of products are offered in the form of rules to give basic protection against common vulnerability attacks. These rules are usually configured and monitored per domain, which is very simple when we talk about one, two, maybe three domains (or what we call in Cloudflare’s terms, “zones”).

We are thrilled to announce the full support of wildcard and multi-hostname application definitions in Cloudflare Access. Until now, Access had limitations that restricted it to a single hostname or a limited set of wildcards. Before diving into these new features let’s review Cloudflare Access and its previous limitations around application definition.

The boom of information technology opened an entirely new world of identities and opportunities. Most users’ journies in the cyber world started with the creation of an email address. That email address, which served as an online identity, eased communication between two users, breaking location barriers. Fast-forward to today: A user can create as many accounts as they want across different platforms on the internet, using a wide range of devices such as tablets, mobile phones, and laptops.

The ephemeral nature of the cloud has made compliance and security a greater challenge for organizations. The volume of data that companies must collect and retain from their cloud services, depending on their industry, is ballooning fast. According to ESG, 71% of companies believe their observability data (logs, metrics and traces) is growing at a concerning rate. Even so, outcomes are getting worse, not better. Six out of 10 teams are unable to prevent issues before customers are impacted.

When 921 password attacks occur per second, it’s time to treat everyday employees’ credentials like the true operational risk they are. Today’s attackers assign a level of value to employees’ passwords they once reserved for privileged users’ credentials. Why? Workers now have a shocking amount of access to sensitive resources. I’ll elaborate… but through the perspective of a chief information officer kept up at night by risks.