Name: HTTP/2 Rapid Reset DDoS Attack Campaign
Start: 2023-10-19T07:07:00Z
End: 2023-10-19T07:07:33.000Z
Location: BrightTALK

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable. We offer Application Security, CDN, DNS, DDoS Protection, SASE, Zero Trust, and Developer Services. Find out how we can help to build a better Internet. 

Cloudflare and SentinelOne complementary portfolios offer easy integration and faster time to value. SentinelOne and Cloudflare work together to ensure that adopting Zero Trust Network Access is easy. Organizations integrate endpoint protection platforms like SentinelOne, add corporate identity providers, and connect their applications (SaaS, cloud, or on premises) to Cloudflare’s global edge network in minutes. With just a few clicks in the Cloudflare dashboard, administrators can apply default-deny, Zero Trust rules that restrict user access to sensitive applications based on device posture signals from SentinelOne Singularity XDR.

Empowering Zero Trust with Cloudflare and SentinelOne

Web applications are central to modern life. For governments, they are an important channel to communicate information to the public and provide essential services. For businesses, they serve as a source of revenue, efficiency, and customer insights.

Take a close look at the most important trends shaping the web application and API threat landscape today, including vulnerability exploitation, DDoS attacks, bot traffic, and third-party supply chain risk.

Join Cloudflare Application Security experts Daniele Molteni, Product Manager and Catherine Newcomb, Product Marketing Manager, for a discussion on the latest application and API security threat research sourced from Cloudflare’s global network, including:

Shifts in blocked web application and API traffic
The growth and increased complexity of DDoS attacks
The weaponization of vulnerabilities at breakneck speed
The growing risk of shadow APIs
Risks associated with third-party components such as scripts, outbound connections, and cookies

State of Application Security in 2024

The proliferation of APIs is only growing, with more than one-third of organizations saying all their applications use APIs today. This is expected to increase to 50% of organizations over the next two years.

With the number of APIs exploding, security issues are also on the rise. 92% of organizations experienced at least one security incident from insecure APIs in the last year.

Join us in this webinar on API security featuring Melinda Marks, Practice Director, Enterprise Strategy Group, Humair Ahmed, Technical Marketing Director, Cloudflare and Alan Chi, Practice Manager, Optiv, to learn about:
• The importance of API security
• Top API security challenges
• Future API trends and predictions
• Types of API security incidents and their impacts

API Security with Cloudflare and Optiv

Cloudflare operates one of the most widely used public resolvers in the world, is a DNS authority, and has a bevy of first-party data that provides visibility into today’s threats. This experience gives Cloudflare a unique opportunity to identify emerging attack types against which we must defend—and insight which they can deliver to you.

Enterprise Strategy Group Principal Analyst Dave Gruber joins Trevor Lyness, Senior Product Marketing Manager at Cloudflare, and Andre Rosario, Offensive Security Consultant from GuidePoint Security, to deconstruct Cloudflare’s 2024 Security Brief & Threat Report.

Watch this can’t-miss conversation to discover how Generative AI is impacting offensive and defensive security operations, and have this expert panel guide you through:
1. Phishing trends (including 4 new attack types and how to protect against them)
2. The prevalence of DDoS attacks and how Cloudflare is poised to stop them
3. How the vulnerability exploitation landscape is changing 
4. And why are APIs becoming a popular target for attackers? What steps can companies take to stay secure?

Cloudflare Threat Intel Reveals New Phishing, API, and DDoS Attack Trends featuring GuidePoint Security

"Securing modern work across users, devices, applications, networks, and clouds has never been more complicated. In a recent Forrester Consulting study commissioned by Cloudflare, 39% of IT and security respondents admitted that their organizations have lost control over their digital environments due to complexity challenges. 

Lost digital control can have consequences on customer experiences, employee productivity, time to market, risk profile, and more. A new approach is needed to address this critical business challenge and help organizations avoid these pitfalls and restore control. 

In this webinar, guest speaker, Heath Mullins, Senior Analyst at Forrester, will present on the landscape of digital complexity. Attend this session to learn more about: 
Factors that contribute to loss of IT and security control
Business implications as a result of lost control  
How Cloudflare’s connectivity cloud helps manage the chaos"

Regain IT & Security Control: Cloudflare’s Connectivity Cloud Tames Complexity

Over the past year we’ve seen the rise in the use of AI bring about massive productivity and creativity increases, but also an increasing amount of security risk in the form of data exposure. However, AI is here to stay, and businesses and their security teams need to adapt to make sure teams can benefit from its capabilities, while limiting any potential risk. At the same time, in its evolving landscape, more and more developers are starting to integrate AI in business apps without optimizing for cost, performance or security.

Join us in this innovation driven session on AI and security, where we explore:

- The data security risks associated with employees using generative AI and their impact on companies.
- Strategies for balancing the data security risks and benefits of permitting users to employ generative AI safely.
- The tools available to help developers integrate AI into their applications while minimizing the risk of excessive cloud expenses and data exposure.

Generative AI Security: Balancing the risks and rewards of using AI

Western Health is the major healthcare provider to western Melbourne, one of the fastest growing and most diverse regions of Australia. In recent years, Western Health has partnered with Cloudflare’s connectivity cloud to modernize and consolidate its IT and security across its 11,000 employees and four public hospitals.

Join Cameron McBride (Director, Digital Technology Services, Western Health) and Fernando Serto (Field CTO, Cloudflare) in a conversation exploring this journey, including:

- How Western Health has strengthened its security posture with Zero Trust best practices
- What use cases Western Health has prioritized with practical guidance to achieve success
- How consolidating IT and security with a connectivity cloud is unlocking opportunities for digital transformation

How a leading healthcare provider mitigates risk and saves money with cloud

The threat landscape challenges cybersecurity practitioners everywhere, and preparation is a priority for leaders across the Asia-Pacific region. According to Foundry’s 2022 Security Priorities Study, 53% of APAC enterprises view preparedness in responding to security incidents as their #1 priority.  

A recent Cloudflare survey of more than 4,000 security decision-makers across the region shows that there’s still work to be done; less than half of respondents feel they were highly prepared to prevent security incidents. This despite 76% experiencing a greater number of incidents in the past 12 months. 

This CSO webinar – featuring Fernando Serto, Field Chief Technology Officer APJC of Cloudflare and Deepak Maharaj, Head of InfoSec Architecture, Engineering and PMO at AirAsia – will outline the state of cybersecurity priorities across the region, covering key business challenges while outlining areas of best practice.  

How can cybersecurity leaders address rising threat levels? How can they support business growth and protect their organisations at the same time? What are some key considerations for cybersecurity leaders when developing their 90-day plan? 

Our points of discussion

- Exploring the threat landscape across the region  
- Sharing challenges in effectively protecting enterprises 
- Outlining strategies for identifying vulnerabilities / Sharing common blind spots in threat detection 
- Exploring best practices, hiring diverse teams, setting goals

Securing Tomorrow: Top Cybersecurity Priorities in the Face of New Threats

Your employees work everywhere. Your physical locations span the globe. Your applications run on-prem, in the cloud, or likely some combination of both. 

IT teams are tasked with connecting everything, everyone, everywhere—all while meeting complex security and performance requirements. And legacy WANs just weren’t built for secure connectivity the way modern organizations need them to be. 

Join this webinar to learn about: 

- Simplifying branch and hybrid/multi-cloud connectivity
- Converging networking and Zero Trust security with SASE
- Scaling WAN performance while reducing costs
- How Cloudflare’s connectivity cloud is uniquely positioned to solve these challenges

Simplify the path to SASE with Magic WAN Connector

Nobody likes CAPTCHAs, and bots are getting past CAPTCHAs faster than humans. According to Forrester Research, 19% of US adults said that they abandon transactions because of a CAPTCHA. Cloudflare Bot Management provides a frustration-free, CAPTCHA-free web experience to your website visitors.

Join our experts as they discuss managing bots and abusive traffic. In this webinar, you’ll:

- See how legacy methods to stop bots provide a poor user experience, allow abusive traffic, and overwork IT teams
- Discover why 60,000 enterprises and small businesses are using the latest Bot Management capability: Turnstile 
- Learn about Cloudflare’s layered security model for bot management
- See how Cloudflare Bot Management stops bots and mitigates fraud with our Managed Challenge and Turnstile capabilities – without CAPTCHAs
- Watch Cloudflare Bot Management in action in a live demo

How to stop bots without CAPTCHAs

Join our upcoming webinar, as we delve into the dynamic landscape of cybersecurity challenges. This practical session is tailored for cybersecurity specialists of all calibers seeking actionable insights. Explore the intricacies of mitigating evolving application layer attacks through a comprehensive discussion, complete with real-world examples.

The webinar will feature a live dashboard demo showcasing cutting-edge security tools, providing participants with tangible solutions to bolster their defense strategies. Engage in a robust Q&A session to address specific concerns and glean expert advice for navigating the ever-evolving cybersecurity terrain.

Here is a summary of what will be covered in this webinar:

- Understanding the Landscape: Explore the current state of DDoS, bot, and application layer security threats.
- Real-world Scenarios: Delve into practical examples of recent attacks and their impact on organizations.
- Mitigation Strategies: Uncover effective countermeasures and mitigation techniques to enhance security posture.
- Live Demo: Witness a hands-on demonstration of state-of-the-art security tools through a comprehensive dashboard showcase.
- Q&A Session: Engage with our cybersecurity experts in a dynamic question and answer session to address your specific challenges and concerns.

Responding to evolving DDoS, bot and app security challenges: Facts & threats

The shift to SaaS-delivered corporate applications shows no signs of letting up — and pressure is growing on IT leaders to modernize corporate networks, simplify connectivity, and improve end-user experiences. In this session, we’ll discuss strategies for accomplishing all three. 

Join this live replay session from our flagship Connect event to learn: 

Why SD-WAN is not enough for modern work
What a SASE architecture looks like
How to roadmap your current state of connectivity to an end state of SASE

Making the journey from MPLS to SASE

The financial services industry continues to be a popular attack target, in large part due to the sensitive data and personal information financial institutions safeguard. These institutions are subjected to data scraping, credential stuffing, network intrusion attempts, and more — all while needing to provide fast, reliable service for their end-users and remain compliant with the strictest possible privacy and security regulations. 

Q2 delivers SaaS solutions for financial institutions. Cloudflare, a chosen partner of Q2, enables Q2 to bring their customers visibility across the threat landscape and potential attack vectors that are important to monitor. Join Q2 Principal Security Architect Josh Pena and Cloudflare Product Marketing Manager Catherine Newcomb to learn how SaaS platforms like Q2 can:

Use Cloudflare as a defense capability which creates an important differentiator with their own customers
Break down traditional complex IT barriers that impede threat visibility
Protect sensitive data and systems with modern tactics

How Cloudflare helps financial institutions improve visibility into threats

Modern knowledge workers spend the vast majority of their time leveraging cloud-based productivity tools like collaboration suites, email, chat, and now emerging AI tools like ChatGPT. As these SaaS and cloud apps are becoming increasingly essential, they have also increasingly become targets for data exfiltration by threat actors. 

In fact, 82% of breaches today involve data stored in cloud environments. The good news is Gartner says that 99% of cloud breaches are preventable misconfigurations or mistakes by end users. 

In this webinar, we’ll provide tangible use cases to modernize your data protection strategy and reduce your data risk with Cloudflare. Join to this session to learn: 

How CISOs can protect source code and secure opaque AI tools
Recommendations for improving data visibility, control, and compliance
Benefits of adopting a Zero Trust approach to mitigate modern data risks

Three recommendations to modernise your data protection with Cloudflare One

Welcome to Cloudflare CIO Week 2023!

This CIO Week we’ll demonstrate how Cloudflare is helping CIOs keep data, devices and employees both safe and fast across hybrid and remote environments. We’ll show how Cloudflare accelerates digital transformation and modernizes networking and security towards a Zero Trust model.

In this episode, tune in for a conversation with Cloudflare's CIO Juan Rodriguez, and Corey Mahan.

Tune in all week for more news, announcements, and thought-provoking discussions!

Fireside Chat with Juan Rodriguez Estevez

Many organizations store large, infrequently changing assets - videos, images, or large binary files on cloud provider networks for easy access. While this is more efficient and scalable than on-premises storage, anytime an asset is fetched from the origin server, an egress fee or “egress tax” is incurred. These egress fees can become a significant cost that is usually miscalculated or ignored during budgeting.

Cloudflare’s Cache Reserve helps minimize egress fees by reducing unnecessary origin egress and optimizing cache hit ratios.

Join us as we discuss:
- The limitations of legacy storage solutions
- Why cloud egress fees are a major "hidden charge" for organizations
- How Cloudflare CDN and Cache Reserve can help maximize savings and optimize performance
- A technical walkthrough of these solutions

Cache Reserve: Eliminating the Creeping Costs of Egress Fees

This webinar will explore the environmental impact of each hop in a packet’s journey across the Internet, from end user to application, and break down how organizations can reduce their carbon impact by migrating security and networking functions away from legacy hardware to the cloud.

Cloudflare takes a holistic and transparent approach to sustainability including publishing a yearly Impact Report, where they incorporate actions to contribute to a more sustainable internet. Through the report, Cloudflare showcases their commitment to advancing their mission, making a positive impact on billions of internet users worldwide.

How transitioning to cloudnative architecture improves security & sustainability

As a go-to productivity suite for many businesses, Microsoft 365 delivers excellent native security defenses to help teams collaborate and communicate safely. 

Over the years, built-in security for SaaS apps has improved to block some of the more common threats targeting organizations. However, bad actors are simultaneously evolving to become more evasive. Today’s attacks are increasingly more targeted and sophisticated with the ability to bypass native app security functionality. 

In this webinar, learn how layering a Zero Trust approach to enhance your Microsoft 365 security can proactively stop attacks and significantly minimize cyber threats like phishing, data exfiltration, account takeover, and more.

Join this session to:

Deep dive into how this joint solution targets Microsoft 365 security challenges and threats
Study the customer & vendor shared responsibility model for Microsoft security
Understand how Cloudflare Zero Trust services such as Area 1 Email Security, CASB, and Access can prevent, block, and isolate threats across Microsoft 365

Enhance your Microsoft 365 security with Cloudflare Zero Trust

Cloudflare, along with Google and Amazon AWS, disclosed the existence of a novel zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric Distributed Denial of Service (DDoS) attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous attack we’ve observed, which exceeded 201 million requests per second (rps). Since the end of August 2023, Cloudflare has mitigated more than 1,100 other attacks with over 10 million rps — and 184 attacks that were greater than our previous DDoS record of 71 million rps.

Learn about the HTTP/2 Rapid Reset flaw, the ongoing DDoS attack campaign, and best practices to protect your organization with Cloudflare CSO, Grant Bourzikas, and Cloudflare Field CTO, John Engates.

HTTP/2 Rapid Reset DDoS Attack Campaign

Cyber Defence

Threat Defence

Collaboration

Network Security

Threat Management

Cyber Resilience

DDoS

Web Security

Cyber Attacks

Endpoint Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

HTTP/2 Rapid Reset DDoS Attack Campaign

Presented by

About this talk

Cloudflare