Today, it’s almost impossible to succeed in business without holding some aspects of your processes online. Whether it is storing company data on the backend, or offering the convenience of e-commerce transactions, each process is vulnerable to penetration by hackers or a bug that exposes key information. That is why detecting vulnerabilities and redirecting illegitimate traffic on a network before it has a chance to affect your systems is key to business performance. However, with the changing landscape and increasing complexity of network infrastructure, now more than ever it’s difficult to find these weaknesses. There is just too much information to synthesize for humans to monitor traffic events, and a rule-based algorithm does not sufficiently recognize patterns to secure Internet systems from penetration.5 That is where the startup CloudFlare comes in. CloudFlare’s mission is to build a better Internet, and integral to its success is using machine learning to prevent attacks on the network.7
CloudFlare offers Internet services by sitting between Internet servers, and the customer’s browsing activity to monitor traffic flows between the nodes. Founded in June 2017 and based out of San Francisco, CA, they offer a range of services such as content delivery, web-application firewalls, and denial-of-service (DDoS) Protection (when the cyber attack tries to interrupt the service being provided).6 Beneath these services is the use of machine learning. CloudFlare learns from harmful traffic trying to get onto the network, and continuously updates its algorithm to spread those learnings across the network.2 In this way, the CloudFlare system builds an understanding about what expected behavior should be on the system, so that when unexpected traffic hits the network, it will both stop the intrusion and integrate that pattern into its internal algorithm. This addresses the increasing complexity of today’s environment since the machine-learning algorithm doesn’t need to be told what to look for; instead, it follows an “unsupervised” approach. The developer doesn’t prescribe the algorithm with what an attack will look like but instead the algorithm learns on its own. Machine learning is an important step in the cyber security space as it moves to be proactive against vulnerabilities instead of reactive. That is, we detect malicious actors within the system before they are able to create harm.
In the next two years, the company is focusing on building out its mobile platform. Just seven months ago, CloudFlare announced their internet service provider platform (otherwise known as a DNS service) that offers privacy of the user’s browsing history. Now they are bringing that to mobile products.3 What makes this product different from its existing products, and other items on the market, is its ability to offer users privacy on their iPhone as well as an extremely fast browsing experience.6 This is extremely important today with so many transactions occurring on mobile phones, and the need for both speed and protection.
In in the long term, CloudFlare is building relationships with governments to help protect against potential hacks during elections. As of now, ten states implemented CloudFlare services.6 In the next two to ten years, it is likely to see more CloudFlare integration with electoral systems and other high-profile internet connected-systems.4 This comes at a crucial time when it is important to instill trust and security in public systems.
In addition to the steps mentioned above, the company should also focus its attention on protection for IoT devices. Given that so much of its growth comes from businesses expanding their portfolio of networked devices like IoT and other internet-enabled sensors, I recommend that CloudFlare consider how they can provide protection for them.1 This way, they are not just preventing attacks coming into the system, but attacks that can exist within the system as well.
Despite these recommendations, CloudFlare is making great progress to mend the problems that exist in the cyber security space. However, machine learning is just one aspect of the solution. Human error such as weak passwords, can mitigate even the strongest network defense. Thus, if CloudFlare wants to be all encompassing solution for business’ security, it should also address: how are you promoting other security best practices? Another key thing to consider since this is a service that can be purchased, is how are you preventing a hacker from acquiring the product and reverse engineering it? While CloudFlare makes the product easy to acquire, it is important they don’t compromise their product by letting it get into the wrong hands.
Word Count: 744
1 “Advanced DDoS Protection and Mitigation.” Cloudflare, www.cloudflare.com/ddos/.
2 Council, Young Entrepreneur. “How Machine Learning Will Impact Online Security This Year.” Forbes, Forbes Magazine, 8 May 2017, www.forbes.com/sites/theyec/2017/05/08/how-machine-learning-will-impact-online-security-this-year/#1cf11c2c18c3.
3 Fagioli, Brian. “Cloudflare Launches 18.104.22.168 Consumer DNS Service with a Focus on Privacy.” BetaNews, 1 Apr. 2018, betanews.com/2018/04/01/cloudflare-dns-privacy-four-ones/.
4 Hatmaker, Taylor. “Cloudflare Recruits State and Local Governments for Free Election Site Security Program.” TechCrunch, TechCrunch, 19 July 2018, techcrunch.com/2018/07/19/cloudflare-athenian-project/.
5 Mytton, David. “Have the Big Cloud Providers Won the Machine Learning Advantage?” Medium, Medium, 4 Dec. 2017, medium.com/@davidmytton/have-the-big-cloud-providers-won-the-machine-learning-advantage-c91e8da44f44.
6 Whittaker, Zack. “Cloudflare Rolls out Its 22.214.171.124 Privacy Service to IOS, Android.” TechCrunch, TechCrunch, 11 Nov. 2018, techcrunch.com/2018/11/11/cloudflare-privacy-dns-service-ios-android/.
7 Zatlyn, Michelle. “That’s Freaking Awesome: CloudFlare Automatically Learns How to Stop New Attacks.” The Cloudflare Blog, The Cloudflare Blog, 26 Jan. 2018, blog.cloudflare.com/thats-freaking-awesome-cloudflare-automatical/.