Cloudflare new offering IDS!

This is huge! Not only this can be added to their Cloudflare One service (which is a crazy good offer), but its running on top of their other 2 new services: Magic Transit and Magic Firewall.

It appears that the new IDS service is a premium add on service that can be obtained through their sales team and designed mostly likely to tailor towards new enterprise customers. This offer will directly take away from Palo Alto, Fortinet, Checkpoint, F5, and other legacy and “next gen” firewall/IDS solutions as well as from threat hunting and other managed security solutions.

Full details available at:…

The best part I like from this article is:

“Cloudflare was built from the ground up to be infinitely scalable. Every edge data center runs the exact same software, allowing us to field out workload efficiently and at massive scale.”


And for those (like me) who didn’t know what “IDS” stands for, here are a few excerpts:

Today, we’re very excited to announce our plans for Cloudflare Intrusion Detection System, a new product that monitors your network and alerts when an attack is suspected. With deep integration into Cloudflare One, Cloudflare Intrusion Detection System gives you a bird’s eye view of your entire global network and inspects all traffic for bad behavior, regardless of whether it came from outside or inside your network.

Enterprises build firewall rules to keep their networks safe from external and internal threats. When bad actors try to attack a network, those firewalls check if the attack matches a rule pattern. If it does, the firewall steps in and blocks the attack.

Teams used to configure those rules across physical firewall appliances, frequently of different makes and models, deployed to physical locations. Yesterday, we announced Magic Firewall, Cloudflare’s network-level firewall delivered in our data centers around the world. Your team can write a firewall rule once, deploy it to Cloudflare, and our global network will protect your offices and data centers without the need for on-premises hardware.

This is great if you know where attacks are coming from. If you don’t have that level of certainty, finding those types of attacks becomes expensive guesswork. Sophisticated attackers can prod a network’s defenses to determine what rules do or do not exist. They can exploit that information to launch quieter attacks. Or even worse: compromise your employees and attack from the inside.

We’re excited to end Zero Trust week by announcing one more thing: Cloudflare Intrusion Detection System (IDS), a solution that analyzes your entire network simultaneously and alerts you to events that your rules might not catch.

Cloudflare IDS represents a critical piece of Cloudflare One. With WARP connecting your devices, and Magic Transit connecting your offices and data centers to Cloudflare, Cloudflare IDS sits on top of both, allowing you to examine and evaluate all traffic simultaneously. This gives you a single view of what’s happening inside of your network and where breaches might have occurred. Cloudflare IDS is also constantly getting better at identifying threats and attacks. You can opt in to receive alerts, and with a single-click, quickly and easily block intrusion attempts that sneak past static rules. Most importantly, your team benefits from the intelligence Cloudflare gathers from attacks in other regions or industries to flag events that impact you.

It sounds VERY impressive.



I agree, IDS does sound impressive. I hold a large position in Cloudflare and I think the company and the stock have a bright future. That said, I try hard not to let my enthusiasm cloud (if you will) my thinking and my judgement with this or any company I own. From my perspective, the greatest threat to the company and the stock is not from competition per se, but it is from the very threats they are intended to guard against. We know that both criminal organizations and state-sponsored groups continue to perpetrate cyber attacks aimed at fraud, theft, espionage, etc. They are well funded and very sophisticated, and they do not sleep. It would be naive to think they are not trying hard to develop tools to bypass the protections Cloudflare offers their clients. There is a lot of money at stake, and there is a lot more than just money at stake. We know from other examples that these potential bad actors will go so far as to have people on their own payrolls working for software companies to actually influence the code being used. To be clear, this is not just a concern for Cloudflare, but for any of our companies that sell themselves as providing security.

From my perspective, the greatest risk with any of these companies is that their product becomes compromised and there is a major security breach that becomes public. Reputational damage would be huge, and I suspect we could see share price take a serious haircut were it to happen. That said, I am not saying avoid investing or dump the shares you are holding. I too hold shares in most of the companies we discuss here. I too have made good money and expect to continue doing so. I am saying there is value in mitigating risk by not putting so many eggs in one of these baskets that a major drop in share price would be catastrophic for you. Invest in winners (plural), and ask yourself how you would feel and how you would react if one of these winners lost half or more of its market cap over the course of a few hours because something went badly wrong. Don’t invest money you can’t afford to lose.




Hi Dorset,

Thank you for the extra feedback. Cloudflare doesn’t add any additional risks that are not already present by anyone using a standard boxed up firewall, IDS, IPS, VPN or any other similar device.

All of these technologies are exposed to zero day vulnerabilities, so there is not added risk from operating in the cloud space vs on premises.

On the other side zero trust technologies are designed exactly to be able to mitigate an attack coming from within, in this case using Crowdstrike for example for end point protection will mitigate any risks associated with anyone bypassing your firewall being that Palo Altto or Cloudflare.

In addition Cloudflare doesn’t really store any sensitive information in general, the risks are much higher for SaaS companies like Salesforce, Paycom, etc or PaaS like AWS, Azure, Google Cloud, etc which if compromised can expose sensitive data.


Reading through the investor relations site over the past several days; I keep coming back to the opening paragraph on the landing page for Cloudflare, perhaps the mission statement:

“Cloudflare, Inc. (NYSE: NET) is on a mission to help build a better Internet. We have built a global cloud platform that delivers a broad range of network services to businesses of all sizes around the world—making them more secure, enhancing the performance of their business-critical applications, and eliminating the cost and complexity of managing and integrating individual network hardware. Today, approximately 16% of the Fortune 1,000 are paying Cloudflare customers.”

Consider me intrigue by the fact that currently, ONLY 16% of the Fortune 1,000 are paying Cloudflare customers. Can’t wait for the sales team to start locking down an incrementally larger portion of those customers. And not a single mention of “EDGE” in that paragraph.

Long NET


Intrusion Detection System, a new product that monitors your network and alerts when an attack is

Is it something what CRWD is already doing? Is this competition for CRWD, sorry im not a IT gguy. Thanks


This is a network level service (IDS), Crowdstrike is focusing on end point (actual devices, cloud servers, etc), they are not direct competitors. In fact they are partners through the Cloudflare One offering, they are partners with Okta as well.


Is it something what CRWD is already doing?

They recently announced partnering with CrowdStrike, VMware, Carbon Black, SentinelOne and Tanium, among others, so it seems that this is just to make their product stronger, not to move in on them.



Developing an competitive IDS/IPS is no trivial undertaking. And there are long term maintenance burdens to keep the detections current. I am wondering if NET has a silent partner with this feature.