Cloudflare, recognised for security solutions

Gartner has recognised Cloudflare as a Leader in the 2022 “Gartner Magic Quadrant for Web Application and API Protection (WAAP)” report that evaluated 11 vendors for their ‘ability to execute’ and ‘completeness of vision’. This achievement highlights Cloudflare’s continued commitment and investment in this space as the company aims to provide better and more effective security solutions to its users and customers.

Keeping up with application security

With over 36 million HTTP requests per second being processed by the Cloudflare global network, the company gets unprecedented visibility into network patterns and attack vectors. This scale allows it to effectively differentiate clean traffic from malicious, resulting in about 1 in every 10 HTTP requests proxied by Cloudflare being mitigated at the edge by the WAAP portfolio.

Visibility is not enough, and as new use cases and patterns emerge, Cloudflare invests in research and new product development. For example, API traffic is increasing (55%+ of total traffic) and this trend isn’t expected to slow down. To help customers with these new workloads, Cloudflare’s API Gateway builds upon our WAF to provide better visibility and mitigations for well-structured API traffic for which the company has observed different attack profiles compared to standard web-based applications.

Cloudflare’s continued investment in application security has helped it gain its position in this space.

Cloudflare WAAP

Cloudflare has built several features that fall under the Web Application and API Protection (WAAP) umbrella.

DDoS protection & mitigation

Cloudflare’s network, which spans more than 275 cities in over 100 countries is the backbone of its platform and is a core component that allows mitigation of DDoS attacks of any size.

To help with this, the company’s network is intentionally anycasted and advertises the same IP addresses from all locations, allowing it to “split” incoming traffic into manageable chunks that each location can handle with ease, and this is especially important when mitigating large volumetric Distributed Denial of Service (DDoS) attacks.

The system is designed to require little to no configuration while also being “always-on” ensuring attacks are mitigated instantly. Add to that some very smart software such as the new location aware mitigation, and DDoS attacks become a solved problem.

For customers with very specific traffic patterns, full configurability of our DDoS Managed Rules is just a click away.

Web Application Firewall

Cloudflare’s WAF is a core component of its application security and ensures hackers and vulnerability scanners have a hard time trying to find potential vulnerabilities in web applications.

This is very important when zero-day vulnerabilities become publicly available as bad actors attempt to leverage new vectors within hours of them becoming public. Log4J, and even more recently the Confluence CVE, are just two examples where this behaviour was observed. That’s why the company’s WAF is also backed by a team of security experts who constantly monitor and develop/improve signatures to ensure it “buys” precious time for customers to harden and patch their backend systems when necessary. Additionally, and complementary to signatures, it’s WAF machine learning system classifies each request providing a much wider view in traffic patterns.

Cloudflare’s WAF comes packed with many advanced features such as leaked credential checks, advanced analytics and alerting and payload logging.

Bot Management

It is no secret that a large portion of web traffic is automated, and while not all automation is bad, some is unnecessary and may also be malicious.

The company’s Bot Management product works in parallel to its WAF and scores every request with the likelihood of it being generated by a bot, allowing organisations to easily filter unwanted traffic by deploying a WAF Custom Rule, all this backed by powerful analytics. Cloudflare make this easy by also maintaining a list of verified bots that can be used to further improve a security policy.

In the event of wanting to block automated traffic, Cloudflare’s managed challenge ensures that only bots receive a hard time without impacting the experience of real users.

API Gateway

API traffic, by definition, is very well-structured relative to standard web pages consumed by browsers. At the same time, APIs tend to be closer abstractions to back-end databases and services, resulting in increased attention from malicious actors and often go unnoticed even to internal security teams (shadow APIs).

API Gateway, that can be layered on top of Cloudflare’s WAF, helps organisations both discover API endpoints served by their infrastructure, as well detect potential anomalies in traffic flows that may indicate compromise, both from a volumetric and sequential perspective.

The nature of APIs also allows API Gateway to much more easily provide a positive security model contrary to the company’s WAF: only allow known good traffic and block everything else. Customers can leverage schema protection and mutual TLS authentication (mTLS) to achieve this with ease.

Page Shield

Attacks that leverage the browser environment directly can go unnoticed for some time, as they don’t necessarily require the back-end application to be compromised. For example, if any third-party JavaScript library used by a web application is performing malicious behaviour, application administrators and users may be none the wiser while credit card details are being leaked to a third-party endpoint controlled by an attacker. This is a common vector for Magecart, one of many client-side security attacks.

Page Shield is solving client-side security by providing active monitoring of third-party libraries and alerting application owners whenever a third-party asset shows malicious activity. It leverages both public standards such as content security policies (CSP) along with custom classifiers to ensure coverage.

Page Shield, just like Cloudflare’s other WAAP products, is fully integrated on the Cloudflare platform and requires one single click to turn on.

Security Centre

Cloudflare’s new Security Centre is the home of the WAAP portfolio. A single place for security professionals to get a broad view across both network and infrastructure assets protected by Cloudflare.

Moving forward the plan is for the Security Center to be the starting point for forensics and analysis, allowing companies to also leverage Cloudflare threat intelligence when investigating incidents.

The Cloudflare advantage

The company’s WAAP portfolio is delivered from a single horizontal platform, allowing companies to leverage all security features without additional deployments. Additionally, scaling, maintenance and updates are fully managed by Cloudflare allowing enterprises to focus on delivering business value on their application.

This applies even beyond WAAP, as, although Cloudflare started building products and services for web applications, it’s position in the network allows it to protect anything connected to the Internet, including teams, offices and internal facing applications. All from the same single platform. The company’s Zero Trust portfolio is now an integral part of its business and WAAP customers can start leveraging Cloudflare’s secure access service edge (SASE) with just a few clicks.

If looking to consolidate the company’s security posture, both from a management and budget perspective, application services teams can use the same platform that internal IT services teams use, to protect staff and internal networks.

Continuous innovation

Cloudflare did not build its WAAP portfolio overnight, and over just the past year the company released more than five major WAAP portfolio security product releases. To showcase its speed of innovation, here is a selection of the top picks:

API Shield Schema Protection: traditional signature based WAF approaches (negative security model) don’t always work well with well-structured data such as API traffic. Given the fast growth in API traffic across the network, Cloudflare built a new incremental product that allows companies to enforce API schemas directly at the edge using a positive security model: only let well-formed data through to the origin web servers.
API Abuse Detection: complementary to API Schema Protection, API Abuse Detection warns whenever anomalies are detected on API endpoints. These can be triggered by unusual traffic flows or patterns that don’t follow normal traffic activity.
New Web Application Firewall: built on top of Cloudflare’s new Edge Rules Engine, the core Web Application Firewall received a complete overhaul, all the way from engine internals to the UI. Better performance both in terms of latency and efficacy at blocking malicious payloads, along with brand-new capabilities including but not limited to Exposed Credential Checks, account wide configurations and payload logging.
DDoS customisable Managed Rules: to provide additional configuration flexibility, Cloudflare started exposing some of its internal DDoS mitigation managed rules for custom configurations to further reduce false positives and allow customers to increase thresholds / detections as required.
Security Centre: Cloudflare view on infrastructure and network assets, along with alerts and notifications for miss configurations and potential security issues.
Page Shield: based on growing customer demand and the rise of attack vectors focusing on the end user browser environment, Page Shield helps detect whenever malicious JavaScript may have made its way into a company’s application’s code.
API Gateway: full API management, including routing directly from the Cloudflare edge, with API Security baked in, including encryption and mutual TLS authentication (mTLS).
Machine Learning WAF: complementary to its WAF Managed Rulesets, Cloudflare’s new ML WAF engine, scores every single request from 1 (clean) to 99 (malicious) giving companies additional visibility in both valid and non-valid malicious payloads increasing Cloudflare’s ability to detect targeted attacks and scans towards your application.

Looking forward

Cloudflare’s roadmap is packed with both new application security features and improvements to existing systems. As the company learns more about the Internet, it finds itself better equipped to keep its customer’s applications safe.

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

How digital education solutions can help students achieve their full learning potential

Seeds for the Future 2023: Huawei gathers ME & CA’s brightest ICT talent in Qatar

Huawei launches ground-breaking solar inverter at World Future Energy Summit

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

Government leaders from IT sector honoured at GovTech Innovation Awards

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

SAS accelerates responsible innovation efforts with new collaborations

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

Interview: Building Cyber Resilience

Kaspersky Thin Client 2.0: Cyber Immune protection with enhanced connectivity, performance and design

xCube launches the UAE’s first fully automated SLB service for retail investors

Pure introduces first external block storage for Azure VMware Solution

RUCKUS Networks launches AI-driven solutions for hospitality