The 3 Biggest Bombshells from Cloudflare Security Week

101domain is proud to partner with Cloudflare in making the Internet a safer place. Cloudflare was founded on the idea of offering affordable and accessible security to every individual and organization on the Internet. During Cloudflare’s annual security week, they give us a look into their why – their how – and a preview of where they are headed. This year they announced some big changes we can’t wait to share with you.

---

1. Backup Certificates

One of the significant benefits of adding Secure Web Accelerator powered by Cloudflare to your domains is getting a TLS (SSL) certificate for free. On top of that, Cloudflare manages all aspects of your certificate, from issuance to deployment to renewal. You know how cumbersome the process can be if you’ve ever installed an SSL certificate.

RELATED ARTICLE: A Beginner’s Guide to SSL

With 45 million certificates on the Cloudflare platform, they were pressed to find a solution to make its TLS resilient against unpredictable events such as key compromises, vulnerabilities, and mass revocations. With the introduction of backup certificates, Cloudflare can instantly deploy a backup certificate when one of these events occurs.

In the future, Cloudflare will also issue backup certificates for certificates that Secure Web Accelerator Professional clients upload themselves, so they can have a backup they can rely on. Overall, backup certificates help ensure customers stay secure and online in an emergency.

---

2. WAF for everyone

Web Application Firewall or WAF for short helps protect websites by filtering and monitoring traffic. WAF defends against many different types of attacks. A WAF operates through a set of rules. The power of joining the Cloudflare network is getting access to Cloudflare’s managed WAF rules modified by a team of engineers who have the most extensive data set available. Essentially, Cloudflare is constantly learning from its users how to better protect its users.

Previously only available with Plus and Professional users, Cloudflare Managed Ruleset is now available to all Secure Web Acceleratorplans on the new WAF engine. If you have Secure Web Accelerator, you are already receiving this protection. This ruleset provides mitigation rules for high-profile vulnerabilities such as Shellshock and Log4J and will be automatically updated whenever a relevant wide-ranging vulnerability is discovered.

To access the WAF user interface in the Cloudflare dashboard and a broader set of WAF rulesets and advanced WAF features, you will have to upgrade to Secure Web Accelerator Plus or Professional.

---

3. A New WAF Design

Cloudflare is launching a new WAF design available to Secure Web Accelerator Plus and Professional users. WAF allows you to differentiate malicious attacks from clean traffic. The new WAF design is a one-stop shop for web application security, bringing together firewall rules, managed rules, and rate-limiting rules.

Changes to the WAF navigation include the following:

1. Firewall is being renamed to Security.
2. Under Security, you will now find WAF.
3. Firewall rules, managed rules, and rate limiting rules will now appear under WAF. 

---

Conclusion

Security should never be an afterthought. The problem for many people and organizations is it’s difficult to gauge when you’ve “done enough” to protect yourself. Recent world events have brought cybersecurity to the forefront of many conversations. Not everyone is a security expert. We don’t expect you to be. That’s why we’ve partnered with Cloudflare to strengthen your cyber security posture and give you peace of mind knowing that you are doing exactly what you need to do to keep your website online and protect your data from being stolen or misused.