Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cloudflare

NIST's first post-quantum standards

On August 13th, 2024, the US National Institute of Standards and Technology (NIST) published the first three cryptographic standards designed to resist an attack from quantum computers: ML-KEM, ML-DSA, and SLH-DSA. This announcement marks a significant milestone for ensuring that today’s communications remain secure in a future world where large-scale quantum computers are a reality.

A wild week in phishing, and what it means for you

Being a bad guy on the Internet is a really good business. In more than 90% of cybersecurity incidents, phishing is the root cause of the attack, and during this third week of August phishing attacks were reported against the U.S. elections, in the geopolitical conflict between the U.S., Israel, and Iran, and to cause $60M in corporate losses.

Advancing Threat Intelligence: JA4 fingerprints and inter-request signals

For many years, Cloudflare has used advanced fingerprinting techniques to help block online threats, in products like our DDoS engine, our WAF, and Bot Management. For the purposes of Bot Management, fingerprinting characteristic elements of client software help us quickly identify what kind of software is making an HTTP request. It’s an efficient and accurate way to differentiate a browser from a Python script, while preserving user privacy.

AI, Democracy and The Evolution of Internet Security with Bruce Schneier

In this episode, host Joao Tome and cryptographer and security technologist and public policy lecturer, Bruce Schneier discuss the evolving landscape of Internet security. They explore AI-related cybersecurity risks, the impact of new technologies on democracy, and the current state of the global Internet. Schneier examines how new technologies are impacting democratic processes worldwide and provides insights on balancing the delicate balance between privacy risks and benefits in the digital age. The conversation also covers the need for updated regulations and the future of post-quantum cryptography.

Social Media Threats and Regulation with Jenny Reich (Georgetown Law Center)

From our San Francisco headquarters, we sit down with Jenny Reich, a Fellow and Adjunct Professor at the Georgetown Law Center on National Security. As an expert in social media law, Jenny examines social media's impact on misinformation, cybersecurity and journalism. In this episode taped during the 2024 RSA Conference, Jenny offers her expert perspective on growing congressional pressure for social media regulation, the origins of data breaches from chat rooms, Section 230 and TikTok as the new Gen Z search engine.

Avoiding downtime: modern alternatives to outdated certificate pinning practices

In today’s world, technology is quickly evolving and some practices that were once considered the gold standard are quickly becoming outdated. At Cloudflare, we stay close to industry changes to ensure that we can provide the best solutions to our customers. One practice that we’re continuing to see in use that no longer serves its original purpose is certificate pinning.

Making WAF ML models go brrr: saving decades of processing time

We made our WAF Machine Learning models 5.5x faster, reducing execution time by approximately 82%, from 1519 to 275 microseconds! Read on to find out how we achieved this remarkable improvement. WAF Attack Score is Cloudflare's machine learning (ML)-powered layer built on top of our Web Application Firewall (WAF). Its goal is to complement the WAF and detect attack bypasses that we haven't encountered before.