DDoS report Q1 2024, certificate changes, QR phishing, and more

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] hello everyone and welcome to this week in net it's the April the 19th 2024 Edition and this week we're going to talk about dos about lets encrypt so certificates and a lot of other stuff I'm your host Ron based in lisman Portugal and with me I have for the first time in our show our fil CTO Trey Gwyn hello Trey how are you great how are you doing it's a it's a beautiful Friday morning here I think it's probably later in the day you're closer to the weekend than me I'm closer to the weekend for sure uh and today is not very sunny in Lisbon but in the past few days there was a lot of sun people going to the beach so good weather bring on the spring exactly for those who don't know your Bas in San Francisco in the Bay area I'm in San Francisco and uh which is where cl's headquarters are and our famous lava lamp wall which I know you've uh discussed before um yeah and so happy to be here and really excited to talk about some of the blog posts and things that we've been pushing out recently and you for those who don't know um you work closely to customers in your field CTO job you're one of our field CTO uh but you work for a long time time now at clur with different roles so you you've been around in terms of clur for sure right yeah so um I started almost 11 years ago there was 42 people I was the 42nd person when we started which if you have read hitchhikers guy of the Galaxy makes me feel really special and um and I was the first solution engineer and built the uh solution engineering team for for about eight years and then I got my dream job which is field CTO so I help out our CTO Jung ground coming with a lot of the sort of external responsibility so flying around and talking to customers uh Partners interacting with government sort of trying to explain oftentimes what we do and why we do it and how we can work together one of the things you do is of course talk like you were saying talk with a lot of customers in 2024 right now what are those main things that people discuss more about security yeah there's there there's a lot of things so I end up spending a great deal of my time talking to large customers and and governments um and so there's some common trends that that continue to happen everyone wants to digitally modernize everyone talks about AI all the time uh there's there's never a convers like you can't go seven minutes without talking about AI it is very exciting but also I think an interesting trend is a is a real shift in the conversation towards privacy so privacy uh government regulations are requiring more and more privacy but Enterprises and companies I think are seeing it more as a differentiator and so it's great to see uh that that focus on what we see as an important part of the internet really being accepted and internalized by a lot more organizations and so happy to see happy to see things moving in that direction we we have a few blog post to go over that were in the past few weeks uh why not start in this specifically with our dos report uh we launched this week our dos report we launch it every quarter uh this is something close to heart because the radar team uh also helps here our D do report regarding the first quarter of 2024 highlights a few specific Trends uh that are relevant in this area for those who don't know DS is short for distributive uh denial of service attack really common in terms of hackers attackers trying to to put sites and services down with a lot of requests and and unwanted requests in a sense so this prevents uh those specific things there's a few key insights here do you want to highlight any yeah well as you mentioned dos or dos denial service is about overwhelming systems so they can't actually serve legitimate customers and it is a it is a favorite tactic of Bad actors because it's kind of easy really you don't have to break into a system you don't have to get you don't have to fish an end user or find some compromise you just flood someone with traffic um and the first big trend is there's more uh unfortunately this is like the trend all the time there's always more dos uh there because it works unfortunately and and really it works because more and more like our lives and society and everything is dependent on the internet so more things are online we're doing education banking voting Etc all these things are happening online and so that's great and it's is really powerful for society and empowers a lot of people at the same time it sort of opens up this vector and this is probably the easiest Vector for a bad actor to try to influence so we're always seeing the sort of increase of the amount of Dos attacks the scale of them uh and it turns out that you know everyone's working really hard to innovate and get smarter at things but so are the bad Act so they're coming up with clever new ways of doing doses all the time and so we're seeing sort of innovation on both sides both the attackers and the and the protectors exact there's uh we also for example put here some numbers a lot of numbers actually uh one is is quite Evan and goes along what you were saying 50% of year-over-year increase in the do attacks um we mated 4.5 million DS attacks during the first quarter um that's crazy right I mean millions of Dos attacks in a quarter that means that they're happening like several times a second essentially throughout the throughout the quarter and so they're just constantly happening um the I mean obviously the other thing here so there's more uh you have to you have to have really good protections to stop it but the other big push was this um increase in the amount of DNS based Theos attacks and so it's interesting like I said that attackers are in new ways to attack often times you know it's interesting because people want to wrap their head around they say what's a big Theos attack so is it like what's the bandwidth like you saw that graph up there a second ago there was like a two terabit attack against somebody and people like to talk about like big attacks versus small attacks um and I think it's easy because you can kind of wrap your head around what's a bigger number therefore it's a bigger attack but they're not always more painful or harder to defend against and I think the really interesting thing with with DOs is there's this there's this concept in the internet called The OSI stack or like the different sort of layers of the internet and I think of this is sort of similar to um like a phone system if you you're giving someone a call on the phone you dial their phone it rings on the other end that the the protocol is it rings on their side you pick up and maybe you say hello um and then we have a conversation right with the internet in the sort of like OSI stack of like layers one two three and four is really about like dialing the phone and answering the phone and and how that like that connection works but then the top layer is layer seven that's what's the application layer that's really the language you're speaking on the phone call um and so you have to decide are you speaking French are you speaking German Portuguese uh Etc and when you're an attacker you can actually attack at those different layers um and so when you think about these like big like two terabit attacks really what they're doing is they're just flooding actually at a lower layer it's sort of layer three and layer four they're just flooding a huge amount of garbage down sort of your internet connection and it turns out that it's easy to identify that it's garbage U and block it you just have to have the capacity to accept it and then throw it away and so really that's just a Capac capacity game um and so if you're a big Network like cler we can stop that other big Network can stop it but you really can't stop it on premise anymore you can't like this is a thing you kind of need a cloud provider to to sort out for you but it's easy but then when you go up to layer seven based attacks which is like the language you're speaking then you really have to understand the protocol and this is a very long-winded way to say what I think was interesting in DOS is there's a shift from these dumb large Network attacks to layer seven attacks and we're seeing layers seven attacks both in the htdp protocol so these are these you know massive HTP uh floods and we talk about that here these continuation floods and the reset attacks things are actually finding vulnerabilities in the protocol itself that make it easier to launch massive massive like high rate uh attacks which you actually have to answer the phone say hello try to figure out what somebody wants and then discover that it's a fraudulent request which is a really expensive way to stop it versus just saying block this phone number right um and so that that's really expensive on the HTP side and then the big increase of of DNS Bas attacks that's actually in layer seven but in DNS like the protocol of asking for a DNS uh question and getting that DNS response and finding sort of clever ways to overwhelm someone's DNS infrastructure because you're you know you know you're sort of overwhelming it with a number of queries and and the funny thing with DNS is that there's a lot of stuff in DNS that it's it's a pretty Loosely sort of loosely coupled um stateless protocol oftentimes it runs on a protocol called UDP and so you can send queries off and get responses and you can spoof who you are Etc and so it's it's a it's an easy sort of protocol to do do sort of fraudulent queries inside of and that's really hard to over um to deal with and so we've seen this big increase of uh DNS based attacks because if you can knock someone's DNS infrastructure over it's like the phone book of the internet and then everything in that domain goes offline so doesn't work right yeah after that apologize you just got me on a on a tie rate there I'm trying to like connect all these things together it's like pie yeah you've got you got to think about the layers of the internet and like where are these attacks are happening you know there's the volume at up to layer three and then you've got your application attacks and why these DNS attacks are so interesting is it's sort of like it is an application layer attack but in DNS makes sense and we also have a perspective here on top attack Industries specifically uh in this case gaming and gambling were clearly by volume uh number one and uh law firms and legal services also in terms of global normalized data also high in the in the specifically um there's always who has who has the money right like you've got to think about the attackers motivation they're out trying to attack an industry trying to extort them sometimes to say hey give me Bitcoin so I'll stop dosing you and so you're going to go after the industries that have money U and you can see how that varies by um by country sometimes we have activism as well but I think what we've seen last quarter was mostly sort of commercially oriented the the the do report has a lot of trends that people can browse through also specifically the the fact that some countries are in some situations more attack than others there's this highlight here regarding Sweden where dos attacks surge by uh more than 400% after its acceptance to the NATO alliance um so a big chift there specifically so even International uh changes and events um make the the news in terms of DS attacks in a sense and and that's where we see a lot of activist groups um you know groups are sort of affiliated with one country another or political ideals and so we've seen you see this big spike of Sweden joined NATO we saw you know big spikes of attacks to Taiwan when uh Nancy Pelosi from the US visited there and so you'll see it's interesting you can find these you know spikes in the graph the sort of Time series graph and you can often times a associate them with with world events true we have other block post to go over uh where should we go next uh do you want to go to um let's encrypt yeah oh I think this is this is super interesting um why let's start there oh I can geek out all day long but it's so it's it's like these are like some of the like the fundamental basics of how the internet works and how do we make the internet private and secure we need to in order to do that we need encryption right like I don't know you know it's easy to forget that 10 years ago half the websites you went to on the internet weren't even encrypted right I like they were just HTTP without https like we don't even see that in the browser bar anymore um and you know and it used to be this back in the day that you had you would get a lock that would show up when you were secure now it's the reverse like secure is the default and if for some reason you go to website that doesn't have you know htps or SSL um then you get the big like warning this is not secure people are a little bit worried about that when they see that and for for that there's a reason for that specifically this one is is related to the fact that let in Crypt cross s chain will be expiring it's September right then we have something to mitigate that in a sense yeah so do you mind if we we can go in this one and geek out a little bit and like talk about like some of the the fun little pieces or what is happening absolutely so I think the the first thing because we start off in here talking about uh public key infrastructure and how certificate authorities work um and this an interesting point right um you want like you're going to connect your browser to some server and it you know it uses this certificate to do a cryptographic operation to encrypt that but it's also validating so the certificate's doing two things right it is the thing that allows it's like the the keys or the lock that you're using to do encryption and it's letting you know that who you're talking to really is who you think you're talking to so there's this this challenge of I want to get a c I want to I want to get a certificate for trade.com and I have to prove that I really am trade.com to the certificate Authority so that they'll issue me a certificate and then when other people see it they know that I really am trade.com and that I'm not someone impersonating I'm not trying to pretend to be a bank Etc um I'm not trying to trick you into entering your username and password into this website that kind of thing um but when when you connected try.com you see the certificate and sure it's issued by certificate Authority but why do you trust that certificate why do you trust that certificate Authority right and do you do you know how this works Jia you probably do I I I know a bit but explain to the audience please yeah yeah yeah and so it's it's a funny thing is so there's a a a set of it's what it's called a chain of trust and So when you buy a new phone or you install new version of Mac OS or Windows or Linux they actually come pre-installed with these sort of root the root of that chain we say we we inherently trust these providers uh these sort of certificate authorities and if they sign a certificate down below then we then we trust that and if that thing signs the next thing then it then it trusts and trusts and trusts all the way down to trade.com and so there's this idea of a train of trust the metaphor for this is you get a passport and someone shows up they want to validate who they are they have a passport you say okay I trust that because you got a passport but I trust that passport because it's issued by the nation of Portugal and I also trust that Portugal is Portugal because you know the UN or something like that so it's it's that sort of concept and um one of the things so this that's a lot of sort of Preamble the interesting challenge is that let's encrypt is this fantastic free certificate Authority because also 10 years ago people used to pay like a thousand per certificate it was crazy um and now certificates are just completely free because it's just like it's good for the internet and yeah exactly so when let and crypt wanted to get started they said hey we're going to do this free certificate Authority but they needed someone to sign them to get started to be trusted right and so they were there were they were signed and we actually go into what they they had been sort of it's called cross signing they had been cross- signed by an older certificate Authority and that initial signing is actually expiring next year um or actually I think in September of this year September September yeah yeah and so that initial cross sign expires in September of this year and so anything that trust is based that certificate of chain is trust based on that is going to expire in September um and that's problematic obviously and so uh let's encrypted been planning for this for a long time and they've already started switching over to a new sort of cross- signing uh route of trust and so if yeah if you if we go into this it'll be interesting so we'll have some details here and so here we are uh in that SEC like the second paragraph the isrg route um yeah and so so the new the new sort of top of that is this isrg X1 route um and that's what's now going to sign the new let en Crypt Sears but because those root just have to be like baked into your operating system like it's just baked into your phone or your your you know Mac or or Linux Etc if you have an old enough version of a phone or Linux it doesn't have that that isrg route so it can't trust the new certificates which is it's a really interesting conundrum so like what are we supposed to do right because the folks with the old phones and the old laptops tend to be in parts of the world they don't have a bunch of money to throw at phones and laptops and you don't really want to impact their ability to connect to to the internet right and can to connect all these sites but you also want them to be secure so you know what are what are we to do right and so that's really the conundrum that we we've gone into when we're talking about this and the way we're solving this is cloud fl's has this sort of highlighted there is we're committed to you know making the internet secure and private but needs to also be highly accessible so we talk about like no browsers Left Behind like what are the things we can do technologically to make it accessible to everyone and we have all these different ways that we issue certificates and manage them on behalf of our of our customers but what we're going to end up doing um is stop using let's encrypt for a while on a a class of our certificate that we issue and we're really doing that because we can issue we can issue from multiple providers multiple Casas or certificate authorities let's encrypt and others and we're going to actually shift away from let's encrypt for a bunch of certificates just because we know that those certificates don't have the chain of trust problem to start with um we're also going to we allow a lot of our customers to decide which certificate authorities they use and if they're using if they've chosen to use let encrypt we want to respect that choice and we'll keep doing it but we'll send them emails to say hey this percentage of your users are on Old devices and it's going essentially it's going to break after September do you want are you aware of this you can do this change Etc and so those are some of the things that we're we're we're working to to sort of balance this idea of helping things move forward uh and we and we really sort of applaud what let's encrypt is doing um but at the same time trying to keep everything available and so I'm sure we will over time bring let encrypt back into the fold as far as where we're issuing certific gets from but we we need to let just the percentage of devices out there that that support you know modern um sort of root trust we need to let those sort of die off and the and the new devices come back in exact and it's quite important because the the idea is for our customers customers not to be impacted by this so they will continue to access the internet as always nothing changing for them that's the objective here right uh even if we for a period of time change that for for the benefit of those that are using older devices in a sense right yeah exactly I think we have our sort of principles laid out below but we want we want the internet to be secure it's got to be incredibly easy uh and we want it to be essentially transparent for our users if we're going to manage certificates we should manage it and allow someone to to take advantage of the most sophisticated sort of security and the best privacy but at the same time maintain compatibility we've even in the past uh what we've done in the past and we still do today is if we recognize a really old device we can issue an older set of encryption to them but then when we see a new device we can we can we can actually support the the most modern encryption for that and so we're always trying to support the the best thing that the client can support um and so I think that's a it's a sort of a manifestation of how we're trying to always help make the internet better and and trying to drive toward these these standards but keeping people connected because if the internet does anything that's that's what it's for right exactly working it should work for sure uh we still have a few minutes to just to go a quick uh overview of other blog post uh in uh two weeks ago actually um almost two weeks ago we we had this uh this blog post about the major data center power failure again uh and we also this blog post explains really well how uh after four just four months of other uh Power outo that we had in November we this time it was different because we put uh something that we call Court Orange into um into work in a sense and it was a much different situation with this power outage in one of the data centers right I mean we had you know very embarrassing and we let our customers down back in November because we had a major PR Ed which is not supposed to happen in a cord data center but it had a huge impact but because of that we're committed to doing things right so we redirected as part of codor we redirected all of engineering resources um for the last five months to basically red removing or reducing our dependencies on any individual Data Center and we've been running our own internal tests but in this case uh Mother Nature or Murphy's Law did the next round of test for us and uh we had shockingly another major priage of the same facility um which is you know the chances of that are so minuscule but it forced us into this other test and what we saw was instead of having you know a massive outage we had essentially uh very other than our analytics uh there was like seven minutes of impact instead of instead of the you know days of impact and so and it was all the we're able to rebuild the entire facility in an automated fashion and so essentially what we've seen is that the work we've done has worked um and we recognize that we're not done yet we still have to we still have to get our analytics platform to be as resilient as the rest of the control plane but that's that's on its way it's just the time it takes to order servers and have them shipped and and put in other facilities but we're we're well on our way and it's good to see that the the work we did paid off so well even though crazy you know Coincidence of power outage should never happen happen twice in the same facility in a matter of you know five six months four months in the cas but the in the many customers weren't even aware of this completely because this was mostly a part of the analytics uh situation and it it lasted in this case uh much less time than previously but as you said well it lasted less because everything automatically filled over as it's supposed to and like the work we did to to build that high availability functioned so it was it was good to see the impact on the back end just as many servers went offline it just didn't have a an impact on the actual service which is the way it's supposed to work ex Service never stopped working this situation specifically and also in the the other situation the um I wrote a block post about the total eclipse in the US yeah early uh last week uh it got some media attention even dur New York Times uh but it's mostly regarding the most impacted states in Mexico and Canada um during the eclipse old news a little bit by now but you have like a chart here that shows that the most impacted states are the ones usually where the toal eclipse happen uh in a way you I love that uh I love your blog post because it sort of brings us together in the real world as well and and we actually get off our phones for a little bit here and there and uh um yeah and it was as someone in the US I had a lot of friends that went to the eclipse so thank you for for for writing that up and and showing showing how the the real world and the internet are in the same world I was writing and jealous because I wanted to see the total eclipse and I was just writing the blog post but it was fun either way even so um we already mentioned the let's encrypt and also we had this blog post about improving alternative DNS with the official release Foundation DNS so this is very a very specific thing but very useful for many users right well the very beginning I went in my long drawn out explanation of Dos and how important DNS is because if DNS Falls over everything falls over it's sort of like it's the it's the phone books is how you get to all all the services you're trying to to host or the applications and so Foundation DNS is we club's always been a big authoritative DNS provider but we've always sort of had like one option on the menu really Foundation DNS is is about offering a second option for sort of more sophisticated customers or customers with higher requirements and we're now having sort of like the the the super version of authoritative DNS that offers those capabilities that are important to big companies and others and we're going to continue to offer our free service which is fantastic um and we will continue to invest there but the foundation DNS are for for customers that just have other requirements and excited to see excited to see that that is now out and built on the same uh infrastructure that that the rest of cloud Flor operates on exactly in this case this one was designed to enhance Rel reliability security flexibility and analytics specifically um there's this internet traffic analysis during the Iran's April the 13th attack on Israel Mo mostly the fact that we didn't see a lot large attacks on Israel in terms of cyber attacks so that that was in play there also some internet Trends there specifically for example the fact that Palestine uh in Palestine traffic dropped when the sirens were alerting of incoming attacks but in um Israel internet traffic increased that was because people were more checking the news online and apparently in palentine they potentially were seeing more for example on TV so that makes a difference uh usually also um we also uh celebrated the fact that we have a a chief partner officer Tom Evans that joined the team welcome Tom yeah and also how call her CER email security protects against the evolving threat of K fishing everyone knows K code codes are around for a few years now and quite popular still uh and apparently attackers favor QR codes to do some K fishing this blog deals with with that specifically right yeah I think this is the last thing if you let me ramble a little bit this is super interesting but fishing really is about trying to get someone to do something they should right and so it's not necessarily email specific and sort of I'm you could call someone on the phone and fish them and say and pretend to be somebody and and unfortunately like you're taking advantage of people's good nature people want to do a good job they want to be helpful and so you are are trying to do that and oftentimes email is the way that's delivered you pretend to be the boss and say hey please go do this and and what have you but we're seeing more and more is this idea of like multiple channels uh for this multi-channel fishing attacks and because we've gotten pretty good at at well actually the industry hasn't gotten very good at stopping fishing because it's still like 90% of incidents start with fishing but we're getting better at scanning an email and saying okay here's a link it points to something that's bad or here's the you know the the text that's in in this uh in this email is is challenging and so the attackers are trying to find other channels um another you know a previous separate channel was to to text individuals like actually Cloud came under an attack like this I believe it was last year um was it in 23 or in 2022 I think it was think 2022 I think if I'm not Mist 2022 we fishing attack yeah and so the the SMS smishing this is quing that was a smishing attack but we basically had a bunch of a bunch of tech companies were were targeted and and the Bad actors were texting a bunch of people with links and text messages well that's a smart move because you know generally you can't scan text messages for certain links and now this is just sort of a variation of that which is sending someone an email but with a QR code in it because oftentimes your your email filtering can't sort of inspect that QR code but the end user will like Point their their phone at the screen and they will follow this QR code so it's a way to almost sort of like it's like a trojan horse to sort of hijack in these these links and they're even doing certain tactics to make it hard for computers to read so this is a kind of an emerging Trend and we're having to do a fair bit of work here uh and we have computer vision and our anti- fishing things so we can actually read the QR code then we sort of Follow That code and see if it if it's you know if it's malicious or it's be become malicious and then we're having to tune the computer vision also to get around these challenges where you know the the QR code itself is designed to not be very readable until user comes on and like prints the brightness up of their phone or does it at an angle or something that's funny users will be so in Innovative that they're better at reading QR codes than computers are sometimes interesting uh I have a funny story there my I have a eight-year-old son and my son when he sees a QR code anywhere he wants me to pick my phone to see what is the that uh so every brand now even toy brands they have like K codes for everything so he wants me always to do that so I think there's like curiosity what could it be behind the code it is and I think uh I think that's why attackers use this because there's this element of curiosity potentially um that people are now more aware of link not C links because they could be harmful but QR codes are not like they could be harmful also because they're links in a sense and I don't think people are aware of that so it's they should absolutely and this gives some protection there and we've seen as we say the blog post here that uh some login services from Microsoft uh signing services from docu sign they were already sending QR codes to make it easy for their end users but we now trained people to expect these QR codes and and then the attackers are going to take advantage of that training essentially and send something that looks like this but then link you to the wrong to a malicious site or try to harvest your password Etc um so anyways it's a thing to be aware of uh this is like one more one more challenge because Innovation continues to work on both sides of the uh the good guys and the bad guys essentially and there's some elements here if you want to learn more or be a customer or try to see exact specific example um well a lot of blog post we covered uh we won't mention this because I have someone from our team speaking directly about the fact that we were named in the 2024 Gartner magic qun next and also that we have now meta Lama tree available on Cur workers AI for those developers that are building AI tools yeah that only came out yesterday and it's already available on workers which is super exciting so you you can run your own version of chat GPT uh right in a worker but instead of doing chat GPT I should say it's llama 3 right so they're the meta's open- source large language model and it basically accessible all you do is an API call against it and and you can run your own in in workers AI which is super exciting have you ever have you built a chatbot yet not yet but uh to be honest uh I I'm I already have open the the the python notebook Jupiter notebook to try it out so still still haven't go go into it but I will already open in my there's a uh there's a Code specific one as well there was actually a code model um so I have not built mine either so I can't give you a hard time but uh I'm always looking for the like what is the use case what's the thing the the fun hobby project that this is going to be great for and that was a good segue for Craig that did the video about it so I'll share that after so this was great Trey hope you liked it oh this is this is so much fun thank you so much for having given me um some time to explain things that I think are interesting and and and fun to and important for people to understand how they actually operate and I'm glad we were here and you make it you make it easy for us Shia so thank you for that thank you all right well on to another week and another week of helping making the internet better hope you have a great weekend you too thank you that's a [Applause] wrap it happened it happened today meta llama 3 was released and I already updated our vanilla chat starter uh to have it if you haven't seen this before this is a cloudflare Pages app that's running on workers Ai and you can choose the models that you want and it's a fully working application that is totally yours uh to have I included um in the notes here I'll include the video that shows you how to set this all up it comes from a repo you can use this template it can be yours very quickly this can be yours and so it has over here it has the new model let's get started playing with it let me show you this thing a little bit and then I want you to jump in and go play uh with it so I chose that I clicked apply changes now notice it's under beta which means it's free it's free to run this inference um so I'm just going to have it introduce itself uh and I do send and here we go it's going to go nice to meet you so it's coming it's rushing it's very very fast uh I've been very happy with with how quick this is going um and uh it's great I've been exploring it just a little bit I'm excited for you to get your hands on it because I I I am so excited for you to build the future of AI uh with with llama 3 um uh so also here you can add these system messages so um I'm going to I'll click apply changes and we'll say um uh you answer questions uh with words that only start uh with a with the letter a uh and I that's sound seems hard right um uh the user is going to uh ask you questions uh so I'm going to apply those changes we're all set here uh note that there's docs here too if you want to open up the docs and see how this works codewise uh as well uh so uh let's see uh what are you excited about so uh supposedly this works a lot better I've seen that it does uh work tremendously good um astounding applications await acute artificial intelligence abisss abound in all inspiring Innovations pretty amazing that's pretty good all right so what is really cool is there is reasoning there's this new reasoning that's out um and uh let me let me grab this uh let me let me show you show you this really quick I have this little prompt um over here grab this prompt uh and it does this riddle I have not I have yet to see somebody get this riddle right so uh the riddle is um 6 all spending their time together each brother's only is doing one activity at a time first brother's reading a book second brother's playing a tennis you can't play tennis by yourself I know that but I've got great reasoning with one of his brothers third brother soling a cross word fourth brother's watering lawn fifth brother's drawing a picture what was the sixth brother doing why don't you tell me Alama three what the six brother is doing so look at this reasoning must be one of the brothers playing tennis I have not seen this go the six brother was playing tennis now how cool is that how cool is that so get this play with this please let us know what you end up building uh with this um and I will attach a link for how to do this again this whole thing will be free uh uh to do and I want you to play with this and then take this app and make it yours uh and uh we're so excited to see you build the future of AI with metal 3 uh hang out soon bye [Music] [Applause] hey folks I'm Michael Kean on the zero trust team at Cloud flare down in Austin Texas and this week you might have saw we announced that cloud was recognized for the second year in a row in the Gartner magic quadrant for security service edge or ssse um might wonder what is ssse SS is part of a broader Trend you might also have heard of called sassy and Sassy stands for secure access service edge it's essentially stitching together both security and networking on one converged platform it's kind of organizations taking both the consolidation Trend and the network modernization Trend and doing them both at once but that's a lot to tackle and most are approaching it over many years with just many use cases along the way so SS emerged as kind of the security half of the equation uh it composes Individual Services you might have heard of called zero trust network access or secure Gateway cloudex a security broker data loss prevention just to name a few uh and as orgs make progress on that journey and they're really creating more modern architecture and they see tons of benefits to their business where their employees are happier with a better experience their operations are more streamlined they're reducing risk because they're not using a bunch of Point Solutions not designed to work together and and really when they do all of that see a total cost of ownership reduction over time it's really kind of the Enterprise security flavor of this broader consolidation Trend and Clare is tackling kind of the largest part of the issue with single vendor sassy you know in typical Cloud flare fashion we're going to try to create it all so then by definition we also have an S platform because that's kind of when you just use the security half of it so does CL have anything special in the ssse space I think you know the most interesting thing about Clare in the SS space is it's not what we started with and that almost sounds counterintuitive at first but when we're building out our CDN improving our WF improving our DS mitigation over the last many years we probably didn't know it at the time but what we really were building was a connectivity cloud and this is a Global Network of a ton of individual programmable Services uh where you can basically use all of them or just a portion in whatever order that you want and in that connectivity cloud ssse and Sassy are just a portion of it so this kind of set us up for probably the strongest foundation in this market just because we did the really hard thing first by building out that really reliable and fast Global Network first and built ourselves a platform on which we can just keep building and keep shipping new capabilities really quickly so yes when we first enter the SSE Market we probably looked around and said you know there's a lot to build a lot to catch up on but thankfully we knew we had all the pieces to do it right and do it really quick hi I'm Noel Kagan based in Portland Oregon and I work with the product team here at Cloud flare and so you might be wondering uh what is contributing to this momentum why are we growing so much uh in this SSE space and I think this is really just um a reward for the hard effort and and work that our teams have put in we've been growing our engineering and our product teams a lot and we've been spending a lot of time listening to our customers on what are their needs and how do we better solve the the problems that they're having and so in addition to some of the amazing uh zero trust network access solutions that we already had we started really investing in some of our other areas of growth particularly around data security expanding our data loss prevention products our Cloud access security broker products um and getting more into you know digital experience monitoring making sure that our uh our customers can really understand what's going on within their networks and triage any sort of connectivity problems of their their users and so we've really just been investing in all these challenge areas for our customers and growing a ton and that additional depth has added a ton of momentum and we're we're super excited to see how Gartner recognized that and then what's coming next uh any teasers for for what we can see in the future I would say just continuing on that momentum we're going to continue to expand those engineering and product teams and we're going to keep listening to some of the areas that our customers have given feedback on to continue growing again data security is still another place we need to keep investing as well as some other areas of analytics and more visibility for our customers so it's a lot of just listening to what what's needed and just continuing to build uh we really have faith that our customers are going to put us on the right path uh and we'll just keep growing in the space for them uh you can read more about this on our blog at blog. cloudflare.com or read more about our position in the report [Applause]

Info

Channel: Cloudflare

Views: 444

Rating: undefined out of 5

Keywords: Cloudflare, CDN, DDOS, Security, DNS, Resolver, 1.1.1.1

Id: DoSJyAhnbiU

Channel Id: undefined

Length: 45min 32sec (2732 seconds)

Published: Fri Apr 19 2024