Why Cloudflare's DNS Service Doesn't Align with Zero Trust Principles
Paul Walsh
Making the internet safer through a radically new, human-centric approach to anti-phishing security. Most leading security companies license my patents for mobile app security. More pending for SMS security.
Cloudflare vs. Cisco: A Battle of Similarities
In a recent and rather bold move, Cloudflare took to public platforms to disparage Cisco's approach to DNS security. They assert that their method is superior, because of their adoption of Zero Trust. However, the irony is glaring. Cloudflare's DNS service is cut from the same cloth as Cisco's—both rely on threat detection, effectively disqualifying them from aligning with Zero Trust principles.
Zero Trust is the complete opposite to today’s anti-phishing security - it operates on a verification-centric model. Like threat-based security, it relies on databases, but these databases are collections of verified URIs that are dynamically authenticated every time there is a request to access them. This core difference disqualifies Cloudflare's model from being a Zero Trust strategy. We could leave it at that, but let's delve into some additional insights.
As a pioneer in Zero Trust URL & Web access authentication, I find it imperative to set the record straight. Contrary to what these companies may claim, no DNS service in the world currently operates on a Zero Trust strategy.\
How to Discern Authentic Zero Trust Anti-Phishing Strategies from Vendor Claims
AI and ML Hit a Wall: The Limits of Patternless URI Verification in Zero Trust
Artificial intelligence (AI) and machine learning (ML) technologies are fundamentally limited when it comes to URI strings that lack discernible patterns in most cases. These technologies thrive on large datasets and historical information to make predictions or identifications. When faced with strings of text that don't exhibit any pattern—like new, unreported dangerous URLs (especially on safe domains like play.google.com)—the algorithms can't effectively make reliable judgments.
Open source zero trust networking
1 年I agree. Zero Trust assumes network breach and compromise, this means we cannot trust weak network identifiers, we need strong crypto and authenticate-before-connect!
Helping Build a Better Internet at Cloudflare:(NYSE: NET)
1 年https://www.cloudflare.com/products/zero-trust/cloudflare-vs-cisco-umbrella/ <- the link to Cloudflare 's public facing website making this bold claim Jennifer Taylor Matthew Prince Brent Remai - To add imput and clarify. Paul Walsh healthy critique is always welcome. At the end of the day; we are all trying to stop the bad guys and.... Iron sharpens iron. If our marketing material appears disingenuous or not true to the "boots on the ground/hands on the keyboard"- or unclear..then we should have a discussion. That being said, as this is on our homepage-I like add those far smarter than me to clarify the position we are presenting to the entire planet earth. Hopefully to have a healthy discourse and learn from each other. Thanks sharing your views Paul! ;)