All posts in “web security”

Cloudflare says cutting off customers like 8chan is an IPO ‘risk factor’

Networking and web security giant Cloudflare says the recent 8chan controversy may be an ongoing “risk factor” for its business on the back of its upcoming initial public offering.

The San Francisco-based company and former Battlefield finalist, which filed its IPO paperwork with the U.S. Securities and Exchange Commission on Thursday, earlier this month took the rare step of pulling the plug on one of its customers, 8chan, an anonymous message board linked to recent domestic terrorist attacks in El Paso, Texas and Dayton, Ohio, which killed 31 people. The site is also linked to the shootings in New Zealand, which killed 50 people.

8chan became the second customer to have its service cut off by Cloudflare in the aftermath of the attacks. The first and other time Cloudflare booted one of its customers was neo-Nazi website The Daily Stormer in 2017, after it claimed the networking giant was secretly supportive of the website.

Cloudflare, which provides web security and denial-of-service protection for websites, recognizes those customer cut-offs as a risk factor for investors buying shares in the company’s common stock.

“Activities of our paying and free customers or the content of their websites and other Internet properties could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and other third parties,” the filing said. “Even if we comply with legal obligations to remove or disable customer content, we may maintain relationships with customers that others find hostile, offensive, or inappropriate.”

Cloudflare had long taken a stance of not policing who it provides service to, citing freedom of speech. In a 2015 interview with ZDNet, chief executive Matthew Prince said he didn’t ever want to be in a position where he was making “moral judgments on what’s good and bad,” and would instead defer to the courts.

“If a final court order comes down and says we can’t do something… governments have tanks and guns,” he said.

But since Prince changed his stance on both The Daily Stormer and 8chan, the company recognized it “experienced significant negative publicity” in the aftermath.

“We are aware of some potential customers that have indicated their decision to not subscribe to our products was impacted, at least in part, by the actions of certain of our paying and free customers,” said the filing. “We may also experience other adverse political, business and reputational consequences with prospective and current customers, employees, suppliers, and others related to the activities of our paying and free customers, especially if such hostile, offensive, or inappropriate use is high profile.”

Cloudflare has also come under fire in recent months for allegedly supplying web protection services to sites that promote and support terrorism, including al-Shabaab and the Taliban, both of which are covered under U.S. Treasury sanctions.

In response, the company said it tries “to be neutral,” but wouldn’t comment specifically on the matter.

PerimeterX secures $43M to protect web apps from bot attacks

We know by now that modern website attacks are typically automated, as armies of bots knock on doors until they inevitably find vulnerabilities and take advantage. PerimeterX, a San Francisco startup wants to protect sites from these automated assaults. Today, it announced a $43 million Series C.

The round was led by Scale Venture Partners . New investor Adams Street Partners joined existing investors Canaan Partners, Vertex Ventures and Data Collective in the round. Ariel Tseitlin, a partner at Scale will be joining the company’s board under the terms of the deal. Today’s investment brings the total raised to over $77 million, according to Crunchbase data.

Omri Iluz, co-founder and CEO at PerimeterX says bots have become the preferred way of hackers to attack websites and mobile apps, and his company has developed a way to defend against that kind of approach.It uses an approach called behavioral fingerprinting to blunt these automated attacks.

“Once we gain visibility into the behavior of the user, we are able to discern between normal behavior and an anomalous behavior that looks like it’s coming from an automated tool,” he said. The solution looks at attributes like mouse movements and swipes. It also analyze the hardware to understand the graphics driver and audio driver of whatever device the bot is purporting to be.

To achieve this kind of identification requires massive amounts of data and PerimeterX uses machine learning to help understand normal behavior and shut down anomalous behavior in an automated fashion.

The company was founded in 2014 and currently as 140 employees. Ariel Tseitlin from Scale Venture Partners, who is leading the round, says as companies reach this level of maturity, the Series C money tends to go into sales and marketing to push the revenue pedal and scale the company.

“While there is a lot of opportunity in R&D, generally at this stage most of the dollars are going for sales and marketing, so hiring more salespeople, hiring more marketers more sales ops.
That’s where a big part of the expansion comes from, and that tends to be pretty closely correlated to revenue growth, and pretty closely correlated to just greater growth in general,” he explained

We wrote about Signal Sciences’ funding last week, a company that also works to protect web apps using a firewall approach. Iluz says that the two companies often work together in the same customers, rather than competing because they attack the problem differently.