DDoS report, certificate changes, QR phishing, and more

Hello everyone and welcome to This Week in Net. It's the April the 19th,2024 edition. And this week we're going to talk about DDoS, about Let's Encrypt, so certificates and a lot of other stuff.

I'm your host João Tomé, based in Lisbon, Portugal. And with me I have for the first time in our show, our field CTO, Trey Gwynne.

Hello Trey, how are you?

Great, how are you doing? It's a beautiful Friday morning here.

I think it's probably later in the day. You're closer to the weekend than me. I'm closer to the weekend for sure.

And today's not very sunny in Lisbon, but in the past few days there was a lot of sun, people going to the beach, so good weather.

Bring on the spring. Exactly. For those who don't know, you're based in San Francisco, right?

In the Bay Area? I'm in San Francisco, which is where Cloudflare's headquarters are and our famous lava lamp wall, which I know you've discussed before.

Yeah, and so happy to be here and really excited to talk about some of the blog posts and things that we've been pushing out recently.

And you, for those who don't know, you work closely to customers in your field CTO job.

You're one of our field CTOs, but you work for a long time now at Cloudflare with different roles.

So you've been around in terms of Cloudflare for sure, right? Yeah, so I started Cloudflare almost 11 years ago.

There was 42 people. I was the 42nd person when we started, which if you have read Hitchhiker's Guide to the Galaxy, makes me feel really special.

And I was the first solution engineer and built the solution engineering team for about eight years.

And then I got my dream job, which is field CTO.

So I help out our CTO, John Graham-Cumming, with a lot of the sort of external responsibilities.

So flying around and talking to customers, partners, interacting with government, sort of trying to explain oftentimes what we do and why we do it and how we can work together.

One of the things you do is, of course, like you were saying, talk with a lot of customers.

In 2024 right now, what are those main things that people discuss more about security?

Yeah, there's a lot of things.

So I end up spending a great deal of my time talking to large customers and governments.

And so there are some common trends that continue to happen. Everyone wants to digitally modernize.

Everyone talks about AI all the time. There's never a conversation, like you can't go seven minutes without talking about AI.

It is very exciting. But also, I think an interesting trend is a real shift in the conversation towards privacy.

So privacy, government regulations are requiring more and more privacy, but enterprises and companies, I think, are seeing it more as a differentiator.

And so it's great to see that focus on what we see as an important part of the Internet really being accepted and internalized by a lot more organizations.

And so happy to see things moving in that direction. We have a few blog posts to go over that were in the past few weeks.

Why not start, in this case, specifically with our DDoS report?

We launched this week our DDoS report.

We launch it every quarter. This is something close to heart because the radar team also helps here.

Our DDoS report, regarding the first quarter of 2024, highlights a few specific trends that are relevant in this area.

For those who don't know, DDoS is short for Distributive Denial of Service attack.

Really common in terms of hackers, attackers trying to put sites and services down with a lot of requests and unwanted requests, in a sense.

So this prevents those specific things.

There's a few key insights here. Do you want to highlight any?

Yeah. As you mentioned, DDoS or Denial of Service is about overwhelming systems so they can't serve legitimate customers.

It is a favorite tactic of bad actors because it's easy.

You don't have to break into a system. You don't have to fish an end user or find some compromise.

You just flood someone with traffic. The first big trend is there's more.

Unfortunately, this is the trend all the time.

There's always more DDoS there because it works, unfortunately. Really, it works because more and more our lives and society and everything is dependent on the Internet.

More things are online. We're doing education, banking, voting, etc.

All these things are happening online. That's great. It's really powerful for society and empowers a lot of people.

At the same time, it opens up this vector. This is probably the easiest vector for a bad actor to try to influence.

We're always seeing this increase of the amount of DDoS attacks, the scale of them.

It turns out that everyone's working really hard to innovate and get smarter at things, but so are the bad actors.

They're coming up with clever new ways of doing DDoS all the time.

We're seeing innovation on both sides, both the attackers and the protectors.

We also, for example, put here some numbers, a lot of numbers, actually.

One is quite evident and goes along with what you were saying, 50% of year-over-year increase in DDoS attacks.

We may get 4.5 million DDoS attacks during the first quarter.

That's crazy, right? Millions of DDoS attacks in a quarter. That means that they're happening several times a second, essentially, throughout the quarter.

They're just constantly happening.

Obviously, the other thing here, there's more.

You have to have really good protections to stop it. The other big push was this increase in the amount of DNS -based DDoS attacks.

It's interesting, like I said, that attackers are finding new ways to attack.

Oftentimes, it's interesting because people want to wrap their head around, they say, what's a big DDoS attack?

What's the bandwidth? You saw that graph up there a second ago. There was a two terabit attack against somebody.

People like to talk about big attacks versus small attacks.

I think it's easy because you can wrap your head around, well, it's a bigger number, therefore, it's a bigger attack.

They're not always more painful or harder to defend against.

I think the really interesting thing with DDoS is there's this concept in the Internet called the OSI stack, or the different layers of the Internet.

I think of this as similar to a phone system. If you're giving someone a call on the phone, you dial their phone, it rings on the other end.

The protocol is it rings on their side. You pick up and maybe you say hello.

Then we have a conversation. With the Internet and the OSI stack of layers one, two, three, and four, it's really about dialing the phone and answering the phone and how that connection works.

Then the top layer, just layer seven, that's the application layer.

That's really the language you're speaking on the phone call.

You have to decide, are you speaking French? Are you speaking German? Portuguese?

Etc. When you're an attacker, you can actually attack at those different layers.

When you think about these big two terabit attacks, really what they're doing is they're just flooding at a lower layer, layer three and layer four.

They're flooding a huge amount of garbage down your Internet connection.

It turns out that it's easy to identify that it's garbage and block it.

You just have to have the capacity to accept it and then throw it away.

Really, that's just a capacity game.

If you're a big network like Cloudflare, we can stop that. Other big networks can stop it.

But you really can't stop it on the premise anymore. This is a thing you need a cloud provider to sort out for you, but it's easy.

Then when you go up to layer seven-based attacks, which is the language you're speaking, then you really have to understand the protocol.

This is a very long-winded way to say what I think was interesting in DDoS is there's a shift from these dumb, large network attacks to layer seven attacks.

We're seeing layer seven attacks both in the HTTP protocol.

These are these massive HTTP floods, and we talk about that here, these continuation floods and the reset attacks.

Things are actually finding vulnerabilities in the protocol itself that make it easier to launch massive high-rate attacks, which you actually have to answer the phone, say hello, try to figure out what somebody wants, and then discover that it's a fraudulent request, which is a really expensive way to stop it versus just saying, block this phone number.

That's really expensive on the HTTP side. Then the big increase of DNS-based attacks, that's actually in layer seven, but in DNS, like the protocol of asking for a DNS question and getting that DNS response and finding these clever ways to overwhelm someone's DNS infrastructure because you're overwhelming them with a number of queries.

The funny thing with DNS is that there's a lot of stuff in DNS that it's a pretty loosely coupled stateless protocol.

Oftentimes, it runs on a protocol called UDP.

You can send queries off and get responses, and you can spoof who you are, et cetera.

It's an easy protocol to do fraudulent queries inside of.

That's really hard to deal with. We've seen this big increase of DNS-based attacks because if you can knock someone's DNS infrastructure over, it's like the phone book or the Internet, and then everything in that domain goes offline.

That doesn't work, right? Yeah. Apologies. You just got me on a tirade there.

I'm trying to connect all these things together. You got to think about the layers of the Internet and where these attacks are happening.

There's the volume of the upper layer three, and then you've got your application attacks.

Why these DNS attacks are so interesting is that it is an application layer attack, but in DNS.

Makes sense. We also have a perspective here on top attack industries, specifically, in this case, gaming and gambling were clearly by volume number one.

Law firms and legal services also, in terms of global normalized data, also high in the list specifically.

Who has the money, right?

You've got to think about the attacker's motivation. They're out trying to attack an industry, trying to extort them sometimes to say, give me Bitcoin, so I'll stop DDoSing you.

You're going to go after the industries that have money.

You can see how that varies by country. Sometimes we have hacktivism as well, but I think what we've seen in the last quarter is mostly commercially oriented.

The DDoS report has a lot of trends that people can browse through. Also, specifically, the fact that some countries are in some situations more attacked than others.

There's this highlight here regarding Sweden, where DDoS attacks surged by more than 400% after its acceptance to the NATO alliance.

A big shift there specifically.

Even international changes and events make the news in terms of DDoS attacks in a sense.

That's where we see a lot of hacktivist groups.

Groups are affiliated with one country, another, or some political ideals.

You see this big spike as Sweden joined NATO. We saw big spikes of attacks to Taiwan when Nancy Pelosi from the US visited there.

It's interesting, you can find these spikes in the time series graph, and you can oftentimes associate them with world events.

True. We have other blog posts to go over. Where should we go next?

Do you want to go to Let's Encrypt? Yeah. I think this is super interesting.

Why? Let's start there. Oh, I can geek out all day long. These are some of the fundamental basics of how the Internet works and how we make the Internet private and secure.

In order to do that, we need encryption. It's easy to forget that 10 years ago, half the websites you went to on the Internet weren't even encrypted.

They were just HTTP without HTTPS. We don't even see that in the browser bar anymore.

It used to be this back in the day that you would get a lock that would show up when you were secure.

Now, it's the reverse. Secure is the default.

If for some reason, you go to a website that doesn't have HTTPS or SSL, then you get the big warning, this is not secure.

Some people are a little bit worried about that when they see that.

There's a reason for that specifically. This one is related to the fact that Let's Encrypt cross-site and chain will be expiring in September.

Then we have something to mitigate that. Do you mind if we can go in this one and geek out a little bit and talk about some of the fun little pieces of what is happening?

I think that the first thing, because we start off in here talking about public key infrastructure and how certificate authorities work.

It's an interesting point. You're going to connect your browser to some server and it uses this certificate to do a cryptographic operation to encrypt that, but it's also validating.

The certificate is doing two things.

It's like the keys or the lock that you're using to do encryption. It's letting you know that who you're talking to really is who you think you're talking to.

There's this challenge of, I want to get a certificate for Trey.com and I have to prove that I really am Trey.com to the certificate authority so that they'll issue me a certificate.

Then when other people see it, they know that I really am Trey.com, that I'm not someone impersonating, I'm not trying to pretend to be a bank, etc.

I'm not trying to trick you into entering your username and password into this website, that kind of thing.

But when you connect to Trey.com, you see the certificate.

Sure, it's issued by certificate authority, but why do you trust that certificate?

Why do you trust that certificate authority? Do you know how this works, Jao?

You probably do. I know a bit, but explain to the audience, please.

Yeah. It's a funny thing. It's what's called a chain of trust.

When you buy a new phone or you install a new version of macOS or Windows or Linux, they actually come pre-installed with the root of that chain.

We inherently trust these providers, these certificate authorities. And if they sign a certificate down below, then we trust that.

And if that thing signs the next thing, then it trusts and trusts and trusts all the way down to Trey .com.

And so, there's this idea of a chain of trust. The metaphor for this is you get a passport and someone shows up, they want to validate who they are.

They have a passport.

You say, okay, I trust that because you've got a passport. But I trust that passport because it's issued by the nation of Portugal.

And I also trust that Portugal is Portugal because the UN or something like that.

So, it's that sort of concept.

That's a lot of preamble.

The interesting challenge is that Let's Encrypt is this fantastic free certificate authority.

Because also 10 years ago, people used to pay like $1,000 per certificate.

It was crazy. And now, certificates are just completely free because it's just like it's good for the Internet.

Yeah, exactly. So, when Let's Encrypt wanted to get started, they said, hey, we're going to do this free certificate authority.

But they needed someone to sign them to get started, to be trusted.

And so, they were signed. It's called cross-signing.

They've been cross-signed by an older certificate authority.

And that initial signing is actually expiring next year. Or actually, I think in September of this year.

In September, yeah. Yeah. And so, that initial cross-signing expires in September of this year.

And so, anything that certificate of chain is trust based on that is going to expire in September.

And that's problematic, obviously.

And so, Let's Encrypt has been planning for this for a long time.

And they've already started switching over to a new sort of cross-signing route of trust.

And so, if we go into this, it'll be interesting. So, we'll have some details here.

And so, here we are. In that second paragraph, the ISRG route.

Yeah. And so, the new top of that is this ISRG X1 route. And that's what's now going to sign the new Let's Encrypt certs.

But because those route certs just have to be baked into your operating system, it's just baked into your phone or your Mac or Linux, et cetera.

If you have an old enough version of a phone or Linux, it doesn't have that ISRG route.

So, it can't trust the new certificates, which is a really interesting conundrum.

So, what are we supposed to do? Because the folks with the old phones and the old laptops tend to be in parts of the world that don't have a bunch of money to throw at phones and laptops.

And you don't really want to impact their ability to connect to the end end and connect all these sites, but you also want them to be secure.

So, what are we to do? And so, that's really the conundrum that we've gone into when we're talking about this.

And the way we're solving this is Cloudflare, as they sort of highlighted there, is we're committed to making the Internet secure and private, but it needs to also be highly accessible.

So, we talk about no browsers left behind. What are the things we can do technologically to make it accessible to everyone?

And we have all these different ways that we issue certificates and manage them on behalf of our customers, but what we're going to end up doing is stop using Let's Encrypt for a while on a class of our certificate that we issue.

And we're really doing that because we can issue for multiple providers, multiple CAs or certificate authorities, Let's Encrypt and others.

And we're going to actually shift away from Let's Encrypt for a bunch of certificates, just because we know that those certificates don't have the change of trust problem to start with.

We allow a lot of our customers to decide which certificate authorities they use.

And if they've chosen to use Let's Encrypt, we want to respect that choice and we'll keep doing it.

But we'll send them emails to say, hey, this percentage of your users are on old devices and essentially it's going to break after September.

Are you aware of this? You can do this change, et cetera. And so, those are some of the things that we're working to balance this idea of helping things move forward.

And we really applaud what Let's Encrypt is doing, but at the same time, trying to keep everything available.

And so, I'm sure we will over time bring Let's Encrypt back into the fold as far as where we're issuing certificates from.

But we need to let just the percentage of devices out there that support modern root trust, we need to let those die off and the new devices come back in.

And it's quite important because the idea is for our customers' customers not to be impacted by this.

So, they will continue to access the Internet as always, nothing changing for them.

That's the objective here, right? Even if we, for a period of time, change that for the benefit of those that are using older devices in a sense, right?

Yeah, exactly. I think we have our principles laid out below, but we want the Internet to be secure.

It's got to be incredibly easy and we manage certificates, we should manage it and allow someone to take advantage of the most sophisticated security and the best privacy, but maintain compatibility.

Even in the past, what we've done in the past and we still do today is if we recognize a really old device, we can issue an older set of encryption to them.

But then when we see a new device, we can actually support the most modern encryption for that.

And so, we're always trying to support the best thing that the client can support.

And so, I think it's sort of a manifestation of how we're trying to always help make the Internet better and trying to drive through all these standards, but keeping people connected because if the Internet does anything, that's what it's for, right?

Exactly, working. It should work for sure. We still have a few minutes just to go a quick overview of other blog posts.

Two weeks ago, actually, almost two weeks ago, we had this blog post about the major data center power failure again.

And this blog post explained really well how after just four months of other power hours that we had in November, this time it was because we put something that we call core orange into work in a sense.

And it was a much different situation with this power outage in one of the data centers, right?

I mean, we had, you know, very embarrassing and we let our customers down back in November because we had a major power outage, which is not supposed to happen in a core data center, but it had a huge impact.

But because of that, we're committed to doing things right.

So, we redirected as part of code orange, we redirected all of engineering resources for the last five months to basically removing or reducing our dependencies on any individual data center.

And we've been running our own internal tests, but in this case, mother nature or Murphy's law did the next round of tests for us.

And we had shockingly another major power outage of the same facility, which is, you know, the chances of that are so minuscule, but it forced us into this other test.

And what we saw was instead of having, you know, a massive outage, we had essentially very, other than our analytics, there was like seven minutes of impact instead of the, you know, days of impact.

And so, and it was all the, we're able to rebuild the entire facility in an automated fashion.

And so, essentially what we're seeing is that the work we've done has worked and we recognize that we're not done yet.

We still have to get our analytics platform to be as resilient as the rest of the control plane, but that's on its way.

It's just the time it takes to order servers and have them shipped and put in other facilities, but we're well on our way and it's good to see that the work we did paid off so well.

Even though we had this crazy, you know, coincidence of power outage, it should never happen twice in the same facility in a matter of, you know, five, six months.

Four months in the case, but in the sense, many customers weren't even aware of this completely because this was mostly a part of the analytics situation.

And it lasted in this case, much less time than previously, but as you said.

Well, it lasted less because everything automatically filled over as it's supposed to.

And like the work we did to build that high availability actually functioned.

So it was good to see the impact on the backend, just as many servers went offline.

It just didn't have an impact on the actual service, which is the way it's supposed to work.

Yeah. Service never stopped working in this situation specifically.

And also in the other situation, the, I wrote a blog post about a total eclipse in the West early last week.

It got some media attention, even the New York Times. But it's mostly regarding the most impacted States in Mexico, Canada, during the eclipse, all news a little bit by now, but you have like a chart here that shows that the most impacted States are the ones usually where the total eclipse happened in a way.

I love that.

I love your blog post because it sort of brings us together in the real world as well.

And we actually get off our phones for a little bit here and there. And yeah, and it was as someone in the U .S.

had a lot of friends that went to the eclipse.

So thank you for writing that up and showing how the real world and the Internet are in the same world.

I was writing and jealous because I wanted to see the total eclipse and I was just writing the blog post, but it was fun either way, even so.

We already mentioned the Let's Encrypt. And also we had this blog post about improving authoritative DNS with the official release of Foundation DNS.

So this is a very specific thing, but very useful for many users, right?

Well, the very beginning, I went into my long drawn out explanation of DDoS and how important DNS is because if DNS falls over, everything falls over.

It's sort of like it's the phone books.

It's how you get to all the services you're trying to host or the applications.

And so Foundation DNS is we club has always been a big authoritative DNS provider, but we've always sort of had like one option on the menu.

Really Foundation DNS is about offering a second option for sort of more sophisticated customers or customers with higher requirements.

And we're now having sort of like the super version of authoritative DNS that offers those capabilities that are important to big companies and others.

And we're going to continue to offer our free service, which is fantastic.

And we will continue to invest there, but the Foundation DNS are for customers that just have other requirements and excited to see that that is now out and built on the same infrastructure that the rest of Cloudflare operates on.

In this case, this one was designed to enhance reliability, security, flexibility, and analytics specifically.

There's this Internet traffic analysis during the Iran's April the 13th attack on Israel.

Mostly the fact that we didn't see a lot of large attacks on Israel in terms of cyber attacks.

So that was in play. There's also some Internet trends there specifically, for example, the fact that in Palestine traffic dropped when the sirens were alerting of incoming attacks.

But in Israel, Internet traffic increased. That was because people were more checking the news online.

And apparently in Palestine, they potentially were seeing more, for example, on TV.

So that makes a difference usually also.

We also celebrated the fact that we have a chief partner Tom Evans that joined the team.

Welcome, Tom. And also how Cloudflare email security protects against the evolving threat of QR phishing.

Everyone knows QR codes are around for a few years now and quite popular still.

And apparently attackers favor QR codes to do some QR phishing.

This blog deals with that specifically, right?

Yeah, I think this is the last thing. If you let me ramble a little bit, this is super interesting.

But phishing really is about trying to get someone to do something they shouldn't.

And so it's not necessarily email specific.

You could call someone on the phone and phish them and say, pretend to be somebody.

And unfortunately, you're taking advantage of people's good nature. People want to do a good job.

They want to be helpful. And so you are trying to do that.

And oftentimes, email is the way that it's delivered. You pretend to be the boss and say, hey, please go do this and what have you.

But we're seeing more and more is this idea of multiple channels for this multi-channel phishing attacks.

Because we've gotten pretty good at...

Well, actually, the industry hasn't gotten very good at stopping phishing because it's still like 90% of incidents start with phishing.

But we're getting better at scanning an email and saying, okay, here's a link.

It points to something that's bad or here's the text that's in this email is challenging.

And so the attackers are trying to find other channels. A previous separate channel was to text individuals.

Actually, Cloudflare came under an attack like this, I believe it was last year.

Was it in 23 or in 2022? I think it was 22, I think, if I'm not mistaken.

Oh, 2022. Which was a phishing attack. Yeah. And so the SMS smishing, this is quishing.

That was a smishing attack. But we basically had a bunch of tech companies were targeted and the bad actors were texting a bunch of people with links in text messages.

Well, that's a smart move because generally you can't scan text messages for certain links.

And now this is just sort of a variation of that, which is sending someone an email, but with a QR code.

Because oftentimes your email filtering can't inspect that QR code, but the end user will point their phone at the screen and they will follow this QR code.

So it's a way to almost sort of like, it's like a Trojan horse to sort of hijack in these links.

And they're even doing certain tactics to make it hard for computers to read.

So this is kind of an emerging trend and we're having to do a fair bit of work here.

And we have computer vision and our anti-phishing thing so we can actually read the QR code.

Then we sort of follow that code and see if it's malicious or has become malicious.

And then we're having to tune the computer vision also to get around these challenges where the QR code itself is designed to not be very readable until an end user comes on and prints the brightness up of their phone or does it at an angle or something.

And it's funny, users will be so innovative that they're better at reading QR codes than computers are sometimes.

Interesting. I have a funny story there. I have an eight-year-old son and my son, when he sees a QR code anywhere, he wants me to pick my phone to see what is that.

So every brand now, even toy brands, they have like QR codes for everything.

So he wants me always to do that. So I think there's like curiosity, what could it be behind the QR code?

It is. And I think that's why attackers use this because there's this element of curiosity potentially that people are now more aware of not clicking links because they could be harmful.

But QR codes are not like, they could be harmful also because they're links in a sense.

And I don't think people are aware of that.

So they should, absolutely. And this gives some protection there.

And we've seen, as we say in the blog posts here, that some login services from Microsoft, signing services from DocuSign, they were already sending QR codes to make it easy for their end users.

But we've now trained people to expect these QR codes.

And then the attackers are going to take advantage of that training essentially and send something that looks like this, but then link you to the wrong, to a malicious site or try to harvest your password, et cetera.

So anyways, it's a thing to be aware of. This is like one more challenge because innovation continues to work on both sides of the good guys and the bad guys essentially.

And there's some elements here if you want to learn more of your customer or try to see example -specific examples.

Well, a lot of blog posts we covered.

We won't mention this because I have someone from our team speaking directly about the fact that we were named in the 2024 Gartner Magic Quadrant next, and also that we have now Meta, LLAMA3 available on Call Center Workers AI for those developers that are building AI tools.

Yeah, that only came out yesterday and it's already available on Workers, which is super exciting.

So you can run your own version of Chat GPT right in the Worker.

But instead of doing Chat GPT, I should say it's LLAMA3, right?

So the Meta's open source large language model.

And it's basically accessible. All you do is an API call against it and you can run your own in Workers AI, which is super exciting.

Have you built a Chatbot yet?

Not yet, but to be honest, I already have open the Python notebook, Jupyter notebook to try it out.

So still haven't go into it, but I will. There's a code -specific one as well.

It was actually a code model. So I had not built mine either.

So I can't give you a hard time, but I'm always looking for the, like, what is the use case?

What's the thing, the fun hobby project that this is going to be great for?

And that was a good segue for Craig that did the video about it. So I'll share that after.

So this was great, Trey. Hope you liked it. Oh, this is so much fun.

Thank you so much for having given me some time to explain things that I think are interesting and fun to, and important for people to understand how they actually operate.

And I'm glad we were here and you make it easy for us, Joe. So thank you for that.

Thank you. All right. Well, on to another week and another week of how to make the Internet better.

Hope you have a great weekend. You too. Thank you. That's a wrap.

It happened.

It happened today. Meta Llama 3 was released, and I already updated our vanilla chat starter to have it.

If you haven't seen this before, this is a Cloudflare Pages app that's running on Workers AI, and you can choose the models that you want.

And it's a fully working application that is totally yours to have. I included in the notes here, I'll include the video that shows you how to set this all up.

It comes from a repo. You can use this template. It can be yours very quickly.

This can be yours. And so it has over here, it has the new model. Let's get started playing with it.

Let me show you this thing a little bit. And then I want you to jump in and go play with it.

So I chose that. I clicked apply changes. Now notice it's under beta, which means it's free.

It's free to run this inference. So I'm just going to have it introduce itself.

And I'll do send. And here we go. It's going to go.

Nice to meet you. So it's coming. It's rushing. It's very, very fast.

I've been very happy with how quick this is going. And it's great. I've been exploring it just a little bit.

I'm excited for you to get your hands on it, because I'm so excited for you to build the future of AI with Llama 3.

So also here, you can add these system messages.

So I'm going to click apply changes, and we'll say, you answer questions with words that only start with the letter A and I.

That seems hard, right? The user is going to ask you questions.

So I'm going to apply those changes. We're all set here.

Note that there's docs here, too, if you want to open up the docs and see how this works code wise as well.

So let's see. What are you excited about? So supposedly, this works a lot better.

I've seen that it does work tremendously good.

Astounding applications await acute artificial intelligence. Ambitions abound in awe-inspiring innovations.

Pretty amazing. That's pretty good. All right. So what is really cool is there is this new reasoning that's out.

Let me show you this really quick.

I have this little prompt over here. Grab this prompt.

It does this riddle. I have yet to see somebody get this riddle right.

So the riddle is six brothers are all spending their time together. Each brother is doing one activity at a time.

First brother's reading a book. Second brother's playing tennis.

You can't play tennis by yourself. I know that, but I've got great reasoning with one of his brothers.

Third brother's solving a crossword.

Fourth brother's watering a lawn. Fifth brother's drawing a picture. What was the sixth brother doing?

Why don't you tell me, brother? So look at this reasoning.

Must be one of the brothers playing tennis.

I have not seen this go. The sixth brother was playing tennis.

Now, how cool is that? How cool is that? So get this. Play with this.

Please let us know what you end up building with this. And I will attach a link for how to do this.

Again, this whole thing will be free to do. And I want you to play with this and then take this app and make it yours.

And we're so excited to see you build the future of AI with Metalova 3.

Hang on soon. Bye. Hey, folks.

I'm Michael Keen on the Zero Trust team at Cloudflare down in Austin, Texas.

And this week, you might have saw we announced that Cloudflare was recognized for the second year in a row in the Gartner Magic Quadrant for Security Service Edge or SSE.

You might wonder, what is SSE? SSE is part of a broader trend you might also have heard of called SASE.

And SASE stands for Secure Access Service Edge.

It's essentially stitching together both security and networking on one converged platform.

It's kind of organizations taking both the consolidation trend and the network modernization trend and doing them both at once.

But that's a lot to tackle. And most are approaching it over many years with just many use cases along the way.

So SSE emerged as kind of the security half of the equation.

It composes individual services you might have heard of called Zero Trust Network Access or Secure Hub Gateway, Cloud Access Security Broker, data loss prevention, just to name a few.

And as orgs make progress on that journey, they're really creating more modern architecture.

And they see tons of benefits to their business where their employees are happier with a better experience.

Their operations are more streamlined. They're reducing risk because they're not using a bunch of point solutions, not designed to work together.

And really, when they do all of that, see a total cost of ownership reduction over time.

It's really kind of the enterprise security flavor of this broader consolidation trend.

And Cloudflare is tackling kind of the largest part of the issue with single vendor SASE.

In typical Cloudflare fashion, we're going to try to create it all.

So then by definition, we also have an SSE platform because that's kind of when you just use the security half of it.

So does Cloudflare have anything special in the SSE space?

I think, you know, the most interesting thing about Cloudflare in the SSE space is it's not what we started with.

And that almost sounds counterintuitive at first.

But when we were building out our CDN, improving our WAF, improving our data loss mitigation over the last many years, we probably didn't know it at the time.

But what we really were building was a connectivity cloud.

And this is a global network of a ton of individual programmable services where you can basically use all of them or just a portion in whatever order that you want.

And in that connectivity cloud, SSE and SASE are just a portion of it.

So this kind of set us up for probably the strongest foundation in this market, just because we did the really hard thing first by building out that really reliable and fast global network first and built ourselves a platform on which we can just keep building and keep shipping new capabilities really quickly.

So, yes, when we first entered the SSE market, we probably looked around and said, you know, there's a lot to build, a lot to catch up on.

But thankfully, we knew we had all the pieces to do it right and do it really quick.

Hi, I'm Noelle Kagan, based in Portland, Oregon, and I work with the product team here at Cloudflare.

And so you might be wondering, what is contributing to this momentum?

Why are we growing so much in this SSE space? And I think this is really just a reward for the hard effort and work that our teams have put in.

We've been growing our engineering and our product teams a lot, and we've been spending a lot of time listening to our customers on what are their needs and how do we better solve the problems that they're having.

And so in addition to some of the amazing Zero Trust network access solutions that we already had, we started really investing in some of our other areas of growth, particularly around data security, expanding our data loss prevention products, our cloud access security broker products, and getting more into digital experience monitoring, making sure that our customers can really understand what's going on within their networks and triage any sort of connectivity problems of their users.

And so we've really just been investing in all of these challenge areas for our customers and growing a ton.

And that additional depth has added a ton of momentum, and we're super excited to see how Gartner recognized that.

And then what's coming next?

Any teasers for what we can see in the future? I would say just continuing on that momentum, we're going to continue to expand those engineering and product teams, and we're going to keep listening to some of the areas that our customers have given feedback on to continue growing.

Again, data security is still another place we need to keep investing, as well as some other areas of analytics and more visibility for our customers.

So it's a lot of just listening to what's needed and just continuing to build.

We really have faith that our customers are going to put us on the right path, and we'll just keep growing in the space for them.

You can read more about this on our blog at blog.Cloudflare.com, or read more about our position in the report.