16 posts
cloudflare 500 Tbps of capacity: 16 years of scaling our global network 2026-04-10 Tanner Ryan Cloudflare’s global network and backbone in 2026. Cloudflare's network recently passed a major milestone: we crossed 500 terabits per second (Tbps) of external capacity. When we say 500 Tbps, we…
cloudflare From bytecode to bytes: automated magic packet generation 2026-04-08 Axel Boesenach Linux malware often hides in Berkeley Packet Filter (BPF) socket programs, which are small bits of executable logic that can be embedded in the Linux kernel to customize how it processes network…
cloudflare Our ongoing commitment to privacy for the 1.1.1.1 public DNS resolver 2026-04-01 Rory Malone Hannes Gerhart Leah Romm Exactly 8 years ago today, we launched the 1.1.1.1 public DNS resolver, with the intention to build the world’s fastest resolver — and the most private one. We k…
cloudflare Introducing Programmable Flow Protection: custom DDoS mitigation logic for Magic Transit customers 2026-03-31 Anita Tenjarla Alex Forster Cody Doucette Venus Xeon-Blonde We're proud to introduce Programmable Flow Protection: a system designed to let Magic Transit customers imple…
cloudflare Investigating multi-vector attacks in Log Explorer 2026-03-10 Jen Sells Claudio Jolowicz Nico Gutierrez In the world of cybersecurity, a single data point is rarely the whole story. Modern attackers don’t just knock on the front door; they probe your APIs, flood your network wit…
cloudflare Mind the gap: new tools for continuous enforcement from boot to login 2026-03-04 Alex Holland Shahed El Baba Yi Huang Rhett Griggs One of our favorite ask-me-anything questions for company meetings or panels at security conferences is the classic: “What keeps you up at night?” F…
cloudflare The truly programmable SASE platform 2026-03-02 Abe Carryl Every organization approaches security through a unique lens, shaped by their tooling, requirements, and history. No two environments look the same, and none stay static for long. We believe the platforms that protect th…
cloudflare Beyond the blank slate: how Cloudflare accelerates your Zero Trust journey 2026-03-02 Michael Koyfman In the world of cybersecurity, "starting from scratch" is a double-edged sword. On one hand, you have a clean slate; on the other, you face a mountain of configurations, best pr…
cloudflare Modernizing with agile SASE: a Cloudflare One blog takeover 2026-03-02 Warnessa Weaver Yumna Moazzam Return to office has stalled for many, and the “new normal” for what the corporate network means is constantly changing. In 2026, your office may be a coffee shop, your workforce…
cloudflare ASPA: making Internet routing more secure 2026-02-27 Mingwei Zhang Bryton Herdes Internet traffic relies on the Border Gateway Protocol (BGP) to find its way between networks. However, this traffic can sometimes be misdirected due to configuration errors or malicious actions. Wh…
cloudflare Bringing more transparency to post-quantum usage, encrypted messaging, and routing security 2026-02-27 David Belson Mingwei Zhang André Jesus Suleman Ahmad Sabina Zejnilovic Thibault Meunier Mari Galicer Cloudflare Radar already offers a wide array of security insights — from ap…
cloudflare Cloudflare One is the first SASE offering modern post-quantum encryption across the full platform 2026-02-23 Sharon Goldberg Amos Paul David Gauch During Security Week 2025, we launched the industry’s first cloud-native post-quantum Secure Web Gateway (SWG) and Zero Trust soluti…
cloudflare 2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults 2026-02-05 Omer Yoachimik Jorge Pacheco Cloudforce One Welcome to the 24th edition of Cloudflare’s Quarterly DDoS Threat Report. In this report, Cloudforce One offers a comprehensi…
cloudflare How we mitigated a vulnerability in Cloudflare’s ACME validation logic 2026-01-19 Hrushikesh Deshpande Andrew Mitchell Leland Garofalo This post was updated on January 20, 2026. On October 13, 2025, security researchers from FearsOff identified and reported a vulnerability in Cl…
kakao Kakao developed YEYE, a dedicated Attack Surface Management (ASM) system, to proactively identify and manage the organization's vast digital footprint, including IPs, domains, and open ports. By integrating automated scanning with a human-led Daily Security Review (DSR) process, the platform transforms raw asset data into actionable security intelligence. This holistic approach ensures that potential entry points are identified and secured before they can be exploited by external threats. ## The YEYE Asset Management Framework * Defines attack surfaces broadly to include every external-facing digital asset, such as subdomains, API endpoints, and mobile APKs. * Categorizes assets using a standardized taxonomy based on scope (In/Out/Undefined), type (Domain/IP/Service), and identification status (Known/Unknown/3rd Party). * Implements a labeling system that converts diverse data formats from multiple sources into a simplified, unified structure for better visibility. * Establishes multi-dimensional relationships between assets, CVEs, certificates, and departments, allowing teams to instantly identify which business unit is responsible for a newly discovered vulnerability. ## Daily Security Review (DSR) * Operates on the principle that "security is a process, not a product," bridging the gap between automated detection and manual remediation. * Utilizes a rotating group system where security engineers review external feeds, public vulnerability news, and YEYE alerts every morning. * Focuses on detecting "shadow IT" or assets deployed without formal security reviews to ensure all external touchpoints are accounted for. ## Scalable and Efficient Scanning Architecture * Resolved internal network bandwidth bottlenecks by adopting a hybrid infrastructure that leverages public cloud resources for high-concurrency scanning tasks. * Developed a custom distributed scanning structure using schedulers and queues to manage multiple independent workers, overcoming the limitations of single-process open-source scanners. * Optimized infrastructure costs by identifying the "sweet spot" in server specifications, favoring the horizontal expansion of medium-spec servers over expensive, high-performance hardware. * Mitigates service impact and false alarms by using fixed IPs and custom User-Agent (UA) strings, allowing service owners to distinguish YEYE’s security probes from actual malicious traffic. To effectively manage a growing attack surface, organizations should combine automated asset discovery with a structured manual review process. Prioritizing data standardization and relationship mapping between assets and vulnerabilities is essential for rapid incident response and long-term infrastructure hardening.