Product

Cloudflare Security

Cloudflare is a security company founded in July 2009. They provide CDN, WAF, DNS/Email security, DDoS protection and SASE for businesses, non-profits, developers and consumers.

They are headquartered in San Francisco, California, North America, with over 3000 employees. Cloudflare has its own global network, reaching over 285 cities in over 100 countries worldwide, including hard-to-reach areas like China. Over 10,000 networks have connected to Cloudflare with a total capacity of over 192Tbps, providing access to data centers located in Europe, North America, Mainland China, Latin America, Oceania, Asia, Africa and the Caribbean.

Cloudflare provides services to all types of organizations/businesses such as e-commerce, public administration, SaaS, financial services, healthcare, gaming, education, media and entertainment.

What is Cloudflare One? Secure, optimized global network

Cloudflare's SASE solution, also known as Cloudflare One, is designed to combine networking services with Zero Trust Security on a global network. The solution has the ability to prevent DDoS attacks, Zero Trust, traffic acceleration and Firewall.

Users can connect resources without VPN, but still be guaranteed the ability to prevent ransomware, phishing, malware, probing, spreading malicious code. Users can use SASE at 1 of 285 global Cloudflare sites as well as peer networks with Cloudflare. Cloudflare One SASE includes the following components: Secure Web Gateway (SWG), Firewall as a Service (FWaaS), Zero Trust Network Access (ZTNA), and Wide Area Network as a Service (WANaaS). All are powered by the Cloudflare global network.

Cloudflare One is a comprehensive cloud-based networking-as-a-service solution designed to provide security, speed, and reliability to an organization's network. Cloudflare One replaces multiple WAN devices and technologies with a single network through a single user interface. Cloudflare One securely aggregates the way users connect to applications, control access to SaaS, and branch office traffic into a single platform.

We need to understand the complex nature of today’s enterprise networks: mobile and remote users, SaaS applications, a mix of applications hosted in private data centers and public clouds, and the challenge of employees becoming more comfortable using the Internet but staying secure from their personal and corporate devices:

Whether you call this SASE or simply the new reality, today’s enterprises need flexibility at every layer of the network and application tier. Secure and authenticated access is essential for users wherever they are: in the office, on mobile devices, or working from home.

Enterprise network architectures need to transform to modern, advanced technology approaches that still require secure, filtered Internet access for SaaS or public cloud access, secure application connectivity to protect against hackers and DDoS attacks, and fast, reliable access to home and branch offices.

Cloudflare's distributed edge system (POP) sits in front of an organization's/enterprise's applications deployed in the cloud, on-premise or SaaS and receives all traffic from users, bots and attackers. All connections to the organization/enterprise using Cloudflare services must go through POPs via the BGP Anycast protocol. Anycast deployment allows for uniform network setup, design, and services running across all edge data centers.

Therefore, Cloudflare's security solutions such as anti-DDoS, WAF, Bot Management can be seamlessly integrated, combined with performance enhancement solutions (CDN, Loadbalancing, Argo Smart Routing...) to provide comprehensive protection against multiple DDoS attacks on L3/4 and L7 without sacrificing service quality, ensuring the best user experience.

With Cloudflare’s extensive global presence, traffic is secured, routed, and filtered using real-time Internet intelligence to protect against the latest threats and route the best routes.

Cloudflare One leverages the power of the Cloudflare network with best-in-class identity management and device integrity to create a complete solution for today’s and tomorrow’s enterprise networks.

Partner Ecosystem: Identity Management

Most organizations already have one or more identity management systems in place. Rather than requiring them to change, Cloudflare integrates with all the leading identity providers, including Microsoft Active Directory, Google Workspace, Okta, Ping Identity, OneLogin, and widely adopted consumer and developer identity platforms like Github, LinkedIn, and Facebook.

Notably, Cloudflare One does not require organizations to standardize on just one identity provider. Cloudflare recognizes that many companies may have one identity provider for full-time employees and another for contract use, or one they choose themselves and another they inherit from an acquisition.

Cloudflare One will integrate with one or more identity providers and then allow you to set consistent policies across all your applications.

Partner Ecosystem: Device Integrity

In addition to identity, device integrity and endpoint security are a key part of a Zero Trust solution. Cloudflare has announced partnerships with CrowdStrike, VMware Carbon Black, SentinelOne, and Tanium. These providers run on devices and ensure they are not compromised.

Again, organizations can focus on a single provider to ensure device integrity or can combine with Cloudflare One to provide a consistent control plane.