Video: Cloudflare Application Security Demo | Duration: 2404s | Summary: Cloudflare Application Security Demo | Chapters: Introduction to Cloudflare (19.535s), Application Security Services (212.67499s), Cloudflare Dashboard Overview (331.045s), WAF Managed Rules (511.3s), Custom WAF Rules (820.995s), CloudFlare Analytics Insights (1133.59s), Session Conclusion (1614.25s), Cloudflare Rate Limiting (1641.0499s), Security for Unproxy DNS (1720.55s), Closing Remarks (1751.13s)

Transcript for "Cloudflare Application Security Demo": Cloudflare's connectivity cloud puts you back in control, making your world infinitely more productive and secure. Hello, everyone. Thanks for tuning in on this on demand session about how to enhance website security with Cloudflare. My name is Anna Rita. I'm a virtual solutions engineer at Cloudflare, and I'm really glad that you're taking the time today to watch this session. So whether you're exploring new security solutions, you're or you're just looking to strengthen your current defenses, I really hope that you will walk today with a clear, actionable insight on how Cloudflare can help protect your applications against evolving threats. So let's dive in. So in today's digital world, security is no longer just about keeping attackers out. It's also about protecting your reputation, about maintaining business continuity, and overall, just to ensure a seamless user experience for your users. Here's what we're going to cover in today's session. First, we'll look at the current challenges in application security and how the threat landscape is evolving. Second, we'll cover why Cloudflare is uniquely positioned to address these challenges. And third, we are going to do a walk through of Cloudflare security tools in action just to show just how easy it is to manage and straighten your application security. So let's dive into the first part, the current landscape of application security. To understand the value of that Cloudflare is able to bring, it's important to look at the current state of security landscape. And for that, we are going to turn into Cloudflare radar. Cloudflare Radar, it's our global network intelligence platform that monitors Internet traffic and emerging security trends. So let's look over some of the data that we have here. In 02/2022, there were over 25,000 known vulnerabilities affecting web applications. That's about 25,000 potential weak spots in the software that businesses and organizations around the world rely on. So every one of these vulnerabilities could actually be an entry point for attackers. And in 02/2023, that number increased by 20. So the threat landscape is definitely and clearly becoming more complex and more aggressive. And even more eye opening for me is the bots. Either good ones or bad ones, they now make up roughly 20% of all Internet traffic. So while of some of these bots are legitimate, many of them are probably not. So they might be scraping your content, they are probing for weaknesses, or just attempting to bypass security controls. This data makes one thing clear in my opinion. Organizations need security solutions that are not only strong, but also adaptable and intelligent. And that brings us to Cloudflare mission. At Cloudflare, our mission our mission is simple. We are helping build a better Internet. So this means that we are not just protecting against the latest threats. We are also working to create a safer, a faster, and more reliable digital environment. So whether you're a more small business that are looking to protect or a large enterprise that is dealing with complex threats, our goal is to provide an environment where applications can thrive, giving you the freedom to focus on growth without that constant worrying about security. And we can achieve this every day through our vast global infrastructure. So how how do we do it? Let's take a closer look at why Closer is uniquely positioned to help you tackle these challenges. Cloudflare is a global network with data centers in over 320 seaters. So this allows us to process millions of requests per second. We are delivering security while delivering performance and reliability at an unmatched scale. But how does this global network actually enhance security? This is not only about building barriers around your applications. You need real time global visibility into threats no matter where they are maybe originating from. CloudFront network is acting as your first line of defense. We are blocking malicious traffic closer to its source if it, even before it reaches to it reaches to your applications. By applying these firewall rules across your global edge network, you can neutralize threats as close to to their origin as possible, making Cloudflare ideal for defending against large scale attacks like the DDoS ones. And now let's explore the application security tools that Cloudflare provides to keep you protected. Cloudflare application security portfolio is designed to protect your most critical assets, maybe applications, your or APIs, and we do this from a wide range of evolving threats. We stop abuse. We, block bad bots. We prevent video as mitigation, and we are able to also monitor false speeches payloads and browser supply chain vulnerabilities. What sets Cofa apart is that we use the same the same solutions to protect your own infrastructure, meaning our products are actually battle tested against the very same challenges you are facing. So now that we have viewed and reviewed Cloudflare security portfolio, let's take a closer look at at how these tools work in practice. To give you an end on look at Cloudflare security capabilities, we have created a real world scenario. We have so please meet FrameEmory Studio. FrameEmory Studio is a global online photography agency where, the idea here is to capture artistic pictures and sharing them with millions of users around the world. But like many businesses with a strong online presence, they are facing several key security challenges. As a creative platform, protecting their intellectual property from unauthorized copying is a major concern. Secondly, managing security across a global platform requires comprehensive visibility into threats from all corners of the Internet. And lastly, like any organization, they are vulnerable to new unpatched vulnerabilities making real time defense a critical aspect as well. So it's time to demo now. Let's dive into the demo to see how Topher addresses these challenges. And we are doing so from an admin perspective, and we are going to walk you through the following tools. First, the WAF application firewall or WAF to prevent attacks on their web applications. Second, bot management to block malicious bots while allowing legitimate traffic. Then we're also going to simulate an attack to show how threats are stopped in real time, and we are going to finish by diving into analytics and logs to highlight the deep insights and visibility that Cloudflare provides. So I'm now now going to, share my screen. Okay? We are going to transition to the live demo. We are going to explore together, and see how how fair operates in real time to protect Frameme on your studio. So please bear with me for a moment while I switch to my demo environment. And let's take a closer look at the dashboard and tools that we are going to use to protect Premiere Studio. So let's begin by taking a look at the website that we are going to use for this demo. So FrameMarriage Studio. So on this site, visitors can browse through images. They can, read blogs. They can learn more about the company. They can get in contact with the team if they they want to. So it's pretty much a typical online productivity business. Right? So now that we have seen the user facing side of the website, let's move to the Cloudflare dashboard to explore how security works behind the scenes. So this is the Cloudflare dashboard, which is going to be, and it is, your central hub for managing application security performance and even more. To access the dashboard, you just need to go to -.callfair.com and log in. If you are going to if you're new, a morning on the main takes just a few steps. You click on add a domain, and you follow the simple steps to point your domain to Cloudflare. This type of process typically takes under five minutes, and once it's completed, Cloudflare will automatically act as a reverse proxy for your traffic. This means that all web traffic is going to flow through Cloudflare global anycast network, ensuring users connected to the nearest data center, reducing latency while also improving security and performance. So initially, this means that the requests are handled by Cloudflare, and if needed, they are forward to your origin server. So this in between role that Cloudflare has here allows us to deploy various application services, such as web application firewall and DDoS mitigation. So by default, your website is also protected against DDoS attacks. So with Cloudflare, not only is your traffic optimized for speed and performance, but every request is protected by default. So this includes the built in DDoS protection, which has a massive mitigation capacity. So in the event of an attack, Cloudflare absorbs all of that malicious traffic, preventing any service interrupt interruption. Pretty cool. Right? So once your zone is onboarded, you will be able to start monitoring detailed analytics to get real time insights into your website's performance and security. You can do analytics for a specific time frame. We have selected here twenty four hours, but you can also select seven days or thirty days as well. And you'll be able to see a snapshot of requests and user interaction. So you'll see data such as the total number of, requests, the the the caching details, the unique visitor counts. And if you want to dive a little bit deeper, you can scroll down just a little bit more, and you can click on more analytics. If you click here, you'll have a more granular breakdown, which takes you to actually the analytics and logs section where you can dive deep into trends and logs. So while performance metrics are very variable as well, our focus today is security. Right? So let's switch on to the security tab that we have here in the menu as well. So once we click, we are taken to a dedicated security dashboard that offers powerful insights into the safety of our sites. Here, you will be able to get an overview of threats, of attack attempts, and protection measures that have been automatically applied by Cloudflare. So this dashboard lets you monitor security events in real time and make quick decision if any incident arises. So let's take a closer look at how we protect against web based threats using Cover Web Application firewall, which is WAF. So the WAF for is a the WAF provides a a security first line of defense against many types of web attacks. So it protects your website from common vulnerabilities like SQL injection and cross site scripting by filtering and monitoring HTTP traffic between your web application and the Internet. So as you can see here, here we have a pretty big list of security rules that, Cloudflare allows you to do. So you have custom rules. You have advanced rate limiting rules. You have API sequence rules. There are managers, so on and so forth. Let's imagine together that a frame member of Studio is dealing with an increase in malicious traffic like cross site scripting attacks. The cross site scripting attack is a type of attack where actors will attempt to inject malicious scripts into web pages. So with managed rules, we can ensure that these attacks are blocked by default. Now you might be wondering, okay. What exactly are managed rules and how do they work? Managed rules are a preconfigured set of rules that Cloudflare creates and maintains for you. So these rules are designed to protect your application against common threats such as SQL, such as cross site scripting, and even other web vulnerabilities. Again, these ones are created and maintained by our security experts, and they are updated regularly by them as well. The goal of this is to ensure that businesses, such as frame memory of users, are automatically protected against the latest vulnerabilities without needing to go there manually, create a rule for each one of these new threats. So manage rules also help to reduce false false positives, making your personal rule engine more accurate. And this is part of our protect by default approach, which allows businesses to block harmful traffic without the need for custom configuration. Let's just open one to see exactly how this work. Let's see the the second one, Cloudflare managed rule set. Call fair manage rule set is one of the manage rules that Cloudflare allows you to to choose from. And if you scroll down a little bit more and you click on browse rules, you're going to have a better view of of this rule, and we can see that each rule has a default action that varies according to the parameters of this rule. In this case, since we are protecting different vulnerabilities, of course, that our auction all all actions are set to block. However, we can definitely adjust and override this manage rule set by choosing another option. It might be manage challenge, JavaScript challenge, interactive challenge, or even log. These manage rules are also recognized by tags as we can see right here. So this allows us to filter the rules by specific tab to understand how Qualify protects for a specific from a specific specific vulnerability or an attack. So imagine that we want to know exactly only about cross site scripting attacks. We would click on a specific tag, and it will give me a list of all the managed rules that are regarding cross site scripting attacks. And by talking about cross cross site scripting attack, let's see how WAF, of how the security rules are able to enter, to handle a real world attack. I wanna test where I will attempt to execute a cross site scripting attack of the website contacts page. So so let's go back to friendmemberstudio.net. Okay. And we are going to navigate to the contact page. Here we have. And we are going to input a malicious string to simulate and I already have it here prepared, so it's just about copying, pasting, and let's click enter. Okay. So we see that we are immediately blocked. We are prevent and by doing so, we are preventing malicious code from executing on the website. This attack is blocked by call fair managed rules. Here's why. Call site scripting detection. This type of string is attempting to inject an HTML element with an on context menu attribute, and this will typically trigger a JavaScript alert if successful. However, since we have the security rules here, they are instantly recognizing this as a malicious action, and it's preventing the attack from executing. By blocking this string, Cloudflare ensured that malicious actors cannot exploit vulnerabilities through JavaScript injection. So we are protecting the website from unauthorized actions or even data threat theft. So this shows that Cloudflare managed rules helps you to keep your site safe from cross site scripting attacks without even requiring manual information. So everything is enabled by you automatically behind the scenes. Now going back to this to our dashboard, we can see that, Cloudflare WAF has successfully detected and blocked this, cross site scripting intent. So this real time protection is crucial because it prevents security breaches. And besides the cross site screening that we have just seen, the managed rule set also protects against SQL injections and even on other common threats. In addition to the managed rule set, Copper also offers a rule set for a leaked credential. So it checks if someone is illegally trying to get credentials. And also OWASP security risks, providing a comprehensive shield against a wide range of attacks. OWASP stands for open web application security project for the ones that who don't know. So while these these managed rules that are there to protect you by default are amazing, The reality is that sometimes you need custom rules to enter specific situations because your business is unique. Right? So let's see how easily we can use Cloudflare dashboard to create and manage what we call cost rules, so the rules that are created by you. Let's go back to security rules where we have all the list. And as you can see here, we have custom rules. Let's take let's talk a bit more about custom rules now. Custom rules, they are flexible because they allow you to create and to edit and to manage them directly from the dashboard. So for example, you can block traffic from specific from specific countries, set specific actions like rate limiting or capture challenges, and you can get real time visibility on rule activity. So here you can observe a selection of all the custom rules that we have already established for the demo environment. As you can see here, some of the rules are currently active, right, as they are indicated here. Some of them are visible. You can see this in this statins column. And we can also observe that the various configured rules result in the scene these interactions. We have block, we have block and interactive challenge. And we also have, I mean, interactive challenge is the same as managed challenge. In addition to blocking or challenge and running traffic, Copper also provides detailed logs for each one of these requests. So this lets you monitor which rules are being triggered and review, the specific details of every interaction, giving you full transparency into what is happening in your website traffic. Now I want to draw your attention to the challenge contact page rule. So for context, I am located in Portugal in Lisbon. So let's consider the following. Let's see let's consider a scenario where frame members is historically had minimal customer engagement from Portugal because we are just, you know, geographical distance. So we so this leads to a general lack of awareness about frame members to you services in this specific region in Portugal. While I want to ensure that potential customers can still contact and visit my website, I would like to implement an additional layer of protection specifically for the contact page. So, therefore, I propose creating a rule to restrict access to the Frame Memory Studio contact page for users in Portugal. So this is exactly what we are doing here. We are challenging the contact page for users in Portugal. K? So what is the expected behavior here since I'm currently located in Portugal? The expected behavior here is that this rule will prompt a challenge before allowing access. Right? So let's see exactly what happens. I'm going to open an incognito page, Then we are going to frame memory Net, and now we are going to try accessing that specific page, the contact page. And as you can see here, we are immediately prompt with a challenge. And this verification took what? Seconds. Right? No capture, no process to complete, which sometimes it's a pain. Right? So Cloudflare deploys a JavaScript challenge to my browser to prove that we are legitimate users and we are not automated bots attempting to crawl the website. So once the validation is successfully complete, we are redirected back to the frame member studio contact page that we want to access. Let's now go back to the dashboard and explain and explore a bit more how to monitor all of these security activities in real time. Because the truth is that while having a wide range of features and flexibility is very crucial for protecting our websites, it's equally important to have access to reach and contact contextual data and analytics. So under the security and security, tough, we have analytics here. So here we can view all the mitigated requests that are triggered by by our security rules. Here I can see metrics such as, the number of block requests, the one that were mitigated by WAF, the ones that are served by WAFER, and all of these very interesting data as well. If we scroll further a little bit more, we are going to see sample logs section. This section provides details of individual security events, helping you to investigate specific requests or attacks. So if I come over here, we can see that this was not mitigated because this was clean traffic, likely human, and we have all of these, interesting data to analyze from. Scrolling up a little bit more, moving beyond the traffic analysis that we are seeing here, we can also explore attack analysis. The attack analysis score helps prioritize potential harmful traffic. So here, Cloudflare is actually utilizing machine learning to access the likelihood of requests being malicious with scoring filters that are built into the platform. So a score of one will indicate that the request is almost suddenly malicious, and a score of ninety ninety nine will indicate that the request is likely clean. And then we also have the score of 100 that indicates that the confirm was did not score the request. These scores are crucial because they allow you to create custom WAF rules to take appropriate actions based on a perceived threat that we are seeing here. You don't even need to come here onto the security rules and create them. You can just quickly create a custom security rule, and you can do it right on the spot. Similarly, we also have the bot analysis next in this next step. They function in the exact same manner, but they access the likely use of a request being automated or coming from a human. Again, a score of 99 will indicate that it's a human request, whereas a score of one suggests that it is an automated one. You also might notice that what we are that we can see here on this graphic is that the majority of requests from main area studios, they originate from bots. And this is because this is our demo environment, and we would like we use traffic generators to simulate real world data. So now that we have established a solid understanding of the security dashboard and the insight that it provides. Let's simulate a large scale attack to see how Cloudflare is, is able to handle high volume of malicious requests. So to do so, I have actually prepared a Python script that sends thousands of cross site scripting injection attacks to FrameMamour Studio. So we probably are now able to see my Versus code, okay, where we have here the script prepared. So this is the the website that where we are going to execute our quest cross site scripting attacks. So you can see it's the same that we have just explored. And I'll be, sending thousand of interaction, which is a manageable number of four hour time frame. Sending more of them will extend the duration of this demo. And here we have running the script. And let's return to the Cloudflare dashboard to monitor these requests slide. Shall we? So I'm going to navigate to the analytics and logs section over here on the top. Okay? And I'm going to InstantFox, and I'm going to click on start streaming. So once the script starts, we can see that, the requests are, already appearing here in real time under the instant log section, with each one of them being blocked and marked as a four four hundred and three forbidden since this matches the type of attack that we initiated, just a few seconds ago. So as expected, the ones that are being that are 403 are being blocked. So this demonstrates call for ability to enter to end the larger volume of malicious traffic while maintaining maintaining data and performance of our website. Because I can still go to primary studio and everything, it will be just fine. So finally, let's review the security security analytics post attack. So to gain deeper insights into the traffic I'm that I'm currently sending, right, and to enhance our detection capabilities, we have established a login rule within our security rules. So let's go back to security, security rules, and let's or then again focus on the custom rules that we have just seen a few moments ago. So like I said, we have established a login rule within the WAF framework that utilizes an attack score. This score serves as an indicator of the likelihood that a request is malicious. As we have discussed it earlier, I'm actually simulating an attack by generating thousand of requests to observe how the system responds. So here we have the WAF attack score, below or equals to 50. And let's click here on this graph. Here, I can easily filter this rule by, the country. Okay? We can even, see the host and even more. So let's go to country. Let's filter it by Portugal. And as you can see here, once we we use it, we are in the event section, that provides these detailed insights into the individual rule interaction. And let's re redefine our focus for the last thirty minutes. So we and filtering the data for the Portugal like we are doing now. So as you can observe here, there's a notable spike here in request triggering this rule since we have initiated the simulated attack. By scrolling down, we can see crucial statistics that are related to this request specifically. So we can see a lot of information including, the source IP, the user agents, and the most frequently target paths and host name as well. So we have all these very important information. We can also see, the country that it's being generated from. So we have all of these crucial data. This type of insights allows businesses to update security measures in real time and redefining and refining even more their defense against these involving threats. So by integrating Qualtrics security tools, by using WAF, by using custom rules, by using managed rules, and real time analytics, businesses like Frame Member Studio, they can protect their online presence from malicious actors, ensuring their website remains operational and remains secure. With the ability to monitor, to block, and adapt to threats in real time, Cloudflare is able to to offer a solution for all of these security needs. So even if you're a small company or you're a larger enterprise. So I'm going to stop sharing, my my my screen, and I'm going to go back to this slides. Okay? So now that I've seen how Cloudflare tools protects your applications in real time, let's revisit some of the major application security challenges that we have highlighted at the beginning of the presentation. So as you can see here, we have things like zero devonabilities. We have, increasing number of new threats, multiple call providers, management complexity in this configuration. Cloudflare has a solution for this. Cloudflare effectively addresses these challenges with features like manage rules, which are automatically up to date for you. We have our advanced managing learning capabilities and our global network that provides robust bot management and the device protection. We also have that amazing dashboard, which is a centralized platform where IT teams can easily monitor analytics. They can use rule templates if they have them. They can access this documentation. And as we demonstrated, Cloudflare tools automatically block malicious requests, and they filter out on full bots. So it's it gives the the team to, to allow them to focus on your businesses with the peace of mind that your applications are being secured. And I just want to also say that choosing Cloudflare to protect your business is the same choice that several of the biggest companies in the world already did as well. So let's take a moment to highlight some of the global brands that trust Cloudflare to secure their business. We have Upwork, which is a leading global freelancing platform. They have over, 18,000,000 skilled freelancers and 5,000,000 clients in more than 180 nations. And they already rely on Cloudflare to protect their fast network and ensuring smooth operations. Then we have HubSpot, which is an industry leader in SaaS products for inbound sales and marketing, and they are also using Cloudflare to enhance their security posture and deliver seamless experience to their users. We also have Kava, which is probably the most known brand here. They are a graphic design platform that you that is utilized by over 35,000,000 people worldwide. So with such a large user base, they do trust over to safeguard the applications and data from imaging threats. And lastly, we have Chroma 24, which is a re, low, largest one of the largest online marketplace for luxury watches, and they also depend on culture to maintain insecure a shopping experience that is seamless and easy for their customers. So these examples, they illustrate the diverse range of industry that are already benefiting from Cloudflare with both security solutions, enabling them again to focus on innovation and growth as well. Now let's discuss how Cloudflare can ensure fully integrated application performance alongside security. At Cloudflare, we believe that security and performance should go end in end. So our our solutions are designed to work seamlessly together. So we ensure applications can run smoothly while being protected from threats. We have our global network, that we have already explained before. So your content is delivered quickly and in a wearable manner to your users no matter where they are because we have this, our Anycast technology that routes traffic to the nearest data center. So we reduce latency, and we enhance user experience. Moreover, we also have our CDN that caches your static content, which speeds up all the load times and reduces the load for, on your origin service. And we also offer optimizations that enhance performance such as imagecom compression, and minification of Java clips, and so on. And additionally, we have our load balancing features that will dynamically distribute traffic to the most available responsive server ensuring there that your application remains resilient even during those traffic spikes. So in essence, Copa provides the comprehensive solution that integrates application series and performance and performance all in one. So by addressing both of these simultaneously, we empower businesses to deliver exceptional user experience while keeping the application secure. As we wrap up, I want to make sure that you have everything that you need to begin your journey with offer. So like we said, creating an account is easy and it's very, very quick. You just need to follow these steps. You visit Cloudflare.com and you click on sign up in the top right corner. You fill out the registration and you verify your email. And once and once you're logged in, you can start adding our website and exploring, all these foundational features just like we have done now a few minutes ago. We are here to support you. So if you have any questions, or you want to learn more, do not hesitate to reach out. You can visit our contact us page for assistance, and you can also schedule a conversation with our team to discuss how our solutions can also fit your needs. Because we really do want to help and to enhance your application security and performance. So I just want to thank you all, for joining today. We hope that this session has provided you with valuable insights into how software can enhance your application security. If you have found this session helpful, I invite you to join the rest of our demos. It's a great opportunity to learn more and to optimize applications and and to to get your questions answered in in a very, rapid manner as well. And, again, if you have any further, inquiries or you need assistance, do not hesitate to reach out. We are here to build, a safer and a more efficient online presence. So thank you so much today, and we look forward to see you, in the next demo as well. Thank you so much. Bye.