How CloudFlare Helps Route + Secure Internet Traffic

As part of our virtual event series with leading solutions providers in the IT Industry, we recently spoke with CloudFlare about their suite of services. They shared how they are helping companies secure their external-facing websites and applications, protect their internal resources, and ensure performance and reliability.

Here are some highlights from the webinar transcript. For more information and pricing on CloudFlare, complete the form below - we’d be happy to coordinate an introduction and get you preferred vendor pricing at no cost.

WHAT IS CLOUDFLARE?

We are an integrated platform for security, performance and reliability that is natively built in the cloud and managed by a single unified control plane. We offer a global network, edge computing serverless platform, and solutions like zero trust architecture, network services, and application services.

• All products and services run on every server in every data center, which improves the network for our customers. We operate within 100 milliseconds of 99% of the internet-connected population. 15% of all internet traffic routes through CloudFlare. A lot of analytics and intelligence comes along with that much traffic, which allows us to proactively thwart against future attacks.

• With the adoption of internet applications deployed in the cloud, we have a unified control plane that spans across multi-cloud, hybrid cloud, and on-premise deployments. We provide a single interface for security policies, authentication, and third-party API integration with services like Duo or Okta. Organizations benefit from having a unified control plane across a potentially multi-cloud environment. Instead of being siloed into only AWS, or only Azure, or only GCP, you have the ability to use them for what is best needed for your company, but with a proxy in front of it all to provide security policies.

• Configuration or administration can be done either programmatically through APIs or through multi-user role-based access controls. It’s simple to turn services on/off and add/import security routes and protocols.

HOW IS CLOUDFLARE HELPING COMPANIES ROUTE AND SECURE THEIR INTERNET TRAFFIC?

A lot of customers are looking for solutions that span all layers of the OSI (Open Systems Interconnection) model, from the pure IP workloads in layer 3 all the way up to the HTTP requests in layer 7. We also talked to customers who still run their on-premises infrastructure, and want protection from denial of service attacks. Our Magic Transit product is both a DDoS (Distributed Denial-of-service) mitigation and network firewall product.

Vendor consolidation
It helps customers who may be using on-premise solutions to move away from boxes, save on yearly annual maintenance costs, and consolidate into a unified control plane for ease of management. Network functions are delivered or as a service, and they're easy to configure and manage.

Increased performance
Customers have access to CloudFlare’s expansive network, so it not only protects but also accelerates anything connected to it. With the volume of internet traffic coming across our DNS routes, we very quickly understand and adopt the shortest open path to those routes/information.

CapEx reduction
More and more companies we talk to are looking for ways to reduce capital expenditures. Magic Transit helps reduce CapEx and deliver operational agility with things like virtual network firewalls, which are delivered and billed as a service.

SASE (Secure Access Service Edge)
Companies are currently going through a transformation, likely accelerated by the current pandemic that we're coming out of, to adapt to the changing world around us. Businesses are leveraging digital services; and this digital transformation is often a key driver for how companies create value for their customers and employees.

THE INTERNET AS THE CORPORATE NETWORK

Over the years, storage and compute have been migrated to ‘as a service.’ Then came applications. The next logical step is the network and the consolidation of point solutions. The ultimate challenge comes with the legacy castle and moat approach. The internet is now the corporate network. Today's modern business needs a modern network. As the internet becomes the place where customers, employees, and vendors interact, how do you scale that traditional castle and moat security model? You can't just take a box and wrap the internet holistically and say, “Okay, now it's secure.” It needs to be available everywhere, secure, fast, and reliable.

The usages that customers have for their web-facing properties are also more profound and more intense. As we continue to scale, the growing shared intelligence combined with machine learning provides actionable and timely insights that help us secure and accelerate these internet applications. For instance, we can:

• Proactively defend against specific attacks

• Provide insight from traffic to a single website that can be applied across the entire network to prevent future attacks

• Block malicious traffic by classifying the bad traffic using something as simple as the source IP

• Improve performance by routing traffic intelligently

• Send updates to something like our web app firewall to protect against new and anticipated attacks.

CAN CLOUDFLARE BE USED FOR CONNECTIVITY?

Because it's a global cloud platform, people sometimes think they can buy connectivity through CloudFlare, instead of Equinix, AWS, or Azure. That's not the case; we don't sell connectivity. We sell the services and security as a proxy to sit in front of whatever that connectivity may be - a direct interconnect with an Equinix, a CenturyLink MPLS network, a public or private cloud. You can provide your security, your architecture, and your policies front-ended from a unified control plane.

PROTECTION AGAINST ATTACKS

As part of our global cloud platform, we offer security as a service that thwarts attacks that attempt to leverage attack vectors like zero-day vulnerabilities, brute force logins, API abuse, and bot attacks. The protections include WAF (Web Application Firewall) layer 3, layer 4, layer 7 DDoS protection, rate limiting, SSL/TLS, and more.

WHAT ARE SOME EXAMPLES OF CLOUDFLARE IMPLEMENTATIONS ACROSS DIFFERENT INDUSTRIES?

Wikipedia - Experienced a massive denial of service attack in September 2019. We reached out, and they asked if we could help them recover from the persistent attacks targeted at Wikipedia, which had been knocked offline. CloudFlare worked closely with the team to get Magic Transit in place, and once it was able to show results, the deployment was expanded to cover the entire site presence. They've since deployed Magic Transit as a core part of their network infrastructure and leverage the broad threat intelligence that we have to offer to help mitigate the debilitating impact and future attacks.

National Instruments - Struggled to deliver large file downloads to their customers, despite having an existing content delivery network. By moving to CloudFlare, they were able to significantly improve download speeds including, but not limited to, China. CloudFlare workers enabled National Instruments to customize its setup and iterate quickly on new improvements. When a security policy change is made, it propagates across the globe in a matter of minutes.

Zendesk - Had issues with load site agnostics of visitor locations, and being able to protect from web threats. We helped optimize the front-end and back-end system. They use our CDN, security products, and utilize CloudFlare for cookie-based key caching. They're also one of our early adopters of remote browser isolation, which is a somewhat new product that significantly helps remote workforces protect against vulnerability attacks in the browser.

Shopify - Black Friday, as you can imagine, is a very tough day for all e-commerce because traffic volumes spike significantly. Shopify uses CloudFlare as load balancing and DNS to address those traffic spikes.

Want to learn more about CloudFlare? Complete the form below - we’d be happy to coordinate an introduction and get you preferred vendor pricing at no cost.