In a time where digital threats are evolving rapidly, Cloudflare continues to invest in cutting-edge technology that enables businesses to build, scale, and secure digital operations. GISEC 2025 attendees will get a first-hand look at Cloudflare’s Zero Trust platform, AI-native security innovations, Developer Platform, and DDoS mitigation capabilities, all engineered to meet the security demands of modern enterprises.

“As cyber threats become more sophisticated and the region experiences a surge in digital adoption, Cloudflare is committed to enabling secure, resilient, and fast digital experiences,” said Bashar Bashaireh, AVP, Middle East, Türkiye & North Africa at Cloudflare. “Our presence at GISEC reflects our commitment to helping organizations across the Middle East stay ahead of evolving threats, build more secure architectures, and embrace digital transformation with confidence.”

At Security Week 2025, Cloudflare introduced significant advancements to its Zero Trust suite, including Browser Isolation improvements, phishing-resistant authentication, and AI-powered threat detection – making Zero Trust easier to deploy and more powerful for global teams. According to Cloudflare’s Q1 2025 DDoS Threat Report, the company mitigated over 20.5 million DDoS attacks, up 358% YoY. Cloudflare blocked 4.8 billion packets per second (Bpps) attacks, 52% higher than the previous benchmark, and separately defended against a massive 6.5 terabits-per-second (Tbps) flood, matching the highest bandwidth attacks ever reported. Cloudflare will showcase its automated mitigation system, capable of stopping attacks in under 3 seconds, and how its 1.5 Tbps+ edge network ensures constant protection.

At Developer Week in April, Cloudflare unveiled Workers AI Templates, enhanced observability tooling, and WebSocket support, giving developers faster paths to building secure, scalable applications. The Workers AI platform, now running on GPUs in 180+ cities, empowers organizations to deploy low-latency, inference-ready AI apps globally.

Cloudflare’s recent Middle East & Turkey Security Report highlights that 73% of businesses in the region expect an increase in cyberattacks in 2025, yet 60% feel underprepared. Cloudflare’s regional presence and capabilities help bridge this gap with cloud-native solutions built for modern threats. Cloudflare is collaborating with Diligent and Qualys to power a next-generation cyber risk reporting solution—transforming how boards and executive teams gain visibility into cybersecurity posture.

As organizations across the Middle East accelerate cloud adoption and digital transformation, Cloudflare remains a trusted partner in securing networks, web applications, and APIs. The company’s global edge network ensures performance and compliance, while innovations in SASE and AI inference help customers stay resilient and competitive.

For more than a decade, Cloudflare has published biannual transparency reports, offering insights into how we handle legal requests and reports of abuse related to the websites that use our services. The reports have become an industry best practice, and with the introduction of the European Union’s Digital Services Act (DSA), Cloudflare has revamped the reports to reflect new obligations and ensure alignment with evolving global regulations.

Key Updates in the 2024 Transparency Reports:

• New Data Categories: Including more detailed information on hosted content abuse, phishing mitigation efforts, and response times to various abuse reports.
• Dual Report Structure: The 2024 reports are divided into two parts:
  • Legal Requests for Information: Covers government, law enforcement, and civil requests for customer data globally.
  • Abuse Processes: Details how Cloudflare handles abuse reports and legal requests to restrict or terminate user access.
• Improved Formatting: A more user-friendly layout and additional context boxes to highlight key trends and developments.
• Machine-Readable Data: A machine-readable version of the report, in line with DSA requirements, for easier access and analysis.
• Warrant Canaries: Located on the Trust Hub landing page to continue providing transparency about our practices.

Cloudflare’s longstanding commitment to transparency continues to drive these updates, ensuring the public can trust how we manage legal requests and abuse reports. The 2024 Transparency Reports reflect the growing scale and complexity of Cloudflare’s services and will be published twice annually.

Out of those 6 million, Cloudflare’s autonomous DDoS defence systems detected and mitigated over 200 hyper-volumetric DDoS attacks exceeding rates of 3 terabits per second (Tbps) and 2 billion packets per second (Bpps). The largest attack peaked at 4.2 Tbps and lasted just a minute. The Banking & Financial Services industry was subjected to the most DDoS attacks. China was the country most targeted by DDoS attacks, and Indonesia was the largest source of DDoS attacks.

In Q3, Cloudflare’s systems mitigated nearly 6 million DDoS attacks bringing it to a total of 14.5 million DDoS attacks year-to-date (4.5 million in Q1 and 4 million in Q2). That’s an average of around 2,200 DDoS attacks every hour. Of those attacks, Cloudflare mitigated over 200 hyper-volumetric network-layer DDoS attacks that exceeded 1 Tbps or 1 Bpps. The largest attacks peaked at 3.8 Tbps and 2.2 Bpps. At the time of writing the Q3 report, on October 21, 2024, Cloudflare’s systems autonomously detected and mitigated a 4.2 Tbps DDoS attack that lasted around a minute.

Of the 6 million DDoS attacks, half were HTTP (application layer) DDoS attacks and half were network layer DDoS attacks. Network layer DDoS attacks increased by 51% QoQ and 45% YoY, and HTTP DDoS attacks increased by 61% QoQ and 68% YoY. 90% of DDoS attacks, including the largest of attacks, were very short-lived. The company did see, however, a slight increase (7%) in attacks lasting more than an hour. These longer attacks accounted for 3% of all attacks.

In Q3, Cloudflare saw an even distribution in the number of network-layer DDoS attacks compared to HTTP DDoS attacks. Of the network-layer DDoS attacks, SYN flood was the top attack vector followed by DNS flood attacks, UDP floods, SSDP reflection attacks, and ICMP reflection attacks. On the application layer, 72% of HTTP DDoS attacks were launched by known botnets and automatically mitigated by our proprietary heuristics.

In Q3, the company observed a 4,000% increase in SSDP amplification attacks compared to the previous quarter. Disabling UPnP on unnecessary devices and using DDoS mitigation strategies can help defend against this attack. In Q3, 80% of HTTP DDoS attack traffic impersonated the Google Chrome browser, which was the most common user agent observed in attacks. More specifically, Chrome 118, 119, 120, and 121 were the most common versions.

In second place, no user agent was seen for 9% of HTTP DDoS attack traffic. In third and fourth place, attacks were observed using the Go-http-client and fasthttp user agents. The former is the default HTTP client in Go’s standard library and the latter is a high-performance alternative. fasthttp is used to build fast web applications but is often used for DDoS attacks and web scraping too.

China was the most attacked location in the third quarter of 2024. The United Arab Emirates was ranked second, with Hong Kong in third place, followed closely by Singapore, Germany, and Brazil. In Q3, Banking & Financial Services was the most targeted by DDoS attacks. Information Technology & Services was ranked in second place, followed by the Telecommunications, Service Providers, and Carriers sector. Cryptocurrency, Internet, Gambling & Casinos, and Gaming followed closely behind as the next most targeted industries. Consumer Electronics, Construction & Civil Engineering, and the Retail industries rounded out the top ten most attacked industries.

Indonesia was the largest source of DDoS attacks in the third quarter of 2024. The Netherlands was the second-largest source, followed by Germany, Argentina, and Colombia. The next five largest sources included Singapore, Hong Kong, Russia, Finland, and Ukraine. The unprecedented surge in hyper-volumetric DDoS is capable of overwhelming Internet properties, particularly those relying on capacity-limited cloud services or on-premise solutions. The increasing use of powerful botnets, fuelled by geopolitical tensions and global events, is expanding the range of organizations at risk — many of which were not traditionally considered prime targets for DDoS attacks. Unfortunately, too many organizations reactively deploy DDoS protections after an attack has already caused significant damage.

Commenting on the report, Bashar Bashaireh, VP – Middle East and Türkiye at Cloudflare, says: “Our observations confirm that businesses with well-prepared, comprehensive security strategies are far more resilient against these cyber threats. At Cloudflare, we’re committed to safeguarding your Internet presence. Through significant investment in our automated defences and a robust portfolio of security products, we ensure proactive protection against both current and emerging threats — so you don’t have to.”

At GITEX 2024, Cloudflare will demonstrate how its technologies are reshaping the landscape of digital infrastructure and security. The company will spotlight the connectivity cloud, a state-of-the-art solution designed to enhance connectivity and optimize performance for enterprises across the globe. This AI-enabled platform offers unparalleled visibility, reliability, security, privacy and speed by leveraging Cloudflare’s extensive global network that spans 330 cities in over 120 countries.

Key highlights of Cloudflare’s GITEX 2024 showcase will include:

• Connectivity cloud: A revolutionary platform that empowers enterprises with seamless, high-performance connectivity. By integrating advanced routing and traffic management technologies, the connectivity cloud helps organizations improve application performance and reliability while reducing latency and downtime.
• Zero Trust Security: Cloudflare One, Cloudflare’s comprehensive Zero Trust solutions will be on display, offering robust protection against modern cyber threats. This includes identity and access management, secure web gateways, and advanced threat detection capabilities.
• Scalable DDoS Protection: Demonstrations of Cloudflare’s industry-leading DDoS protection solutions will highlight how enterprises can safeguard their digital assets from malicious attacks while maintaining service availability.
• Optimised Content Delivery: Attendees will experience Cloudflare’s cutting-edge Content Delivery Network (CDN) services that accelerate website performance and ensure smooth, uninterrupted user experiences.
  The latest Cloudflare innovations announced at its recently concluded Birthday Week:
  • AI Audit tool – giving power back to creators and builders
  • Workers AI – helping to accelerate the development of AI applications
  • Speed Brain – helping web pages load 45% faster
  • The Democratisation of Critical Security Tools
  • The securitisation of Whatsapp, the world’s most popular messaging application
  • The free sharing of insights and findings of Cloudforce One, Cloudflare’s Threat Intelligence Research team

Bashar Bashaireh, RVP Middle East and Türkiye at Cloudflare commented on the company’s commitment to the region: “Today, everything needs to be connected to everything everywhere, all the time. This hyperconnectivity creates new challenges related to security, performance, resilience and privacy. As the world’s first connectivity cloud, Cloudflare helps connect and protect millions of customers globally. Everyone from individuals to the world’s largest enterprises uses our unified platform of networking, security, and developer services to succeed in the everywhere world.”

“The Middle East is experiencing rapid digital transformation, and we are proud to be at the forefront of this evolution. Cloudflare’s solutions are designed to meet the unique challenges faced by enterprises in this region, providing them with the tools they need to achieve secure, reliable, private and high-performance connectivity. Our participation at GITEX 2024 underscores our dedication to supporting Middle Eastern businesses as they navigate the complexities of today’s digital landscape,” Bashaireh continued.

Website owners, whether for-profit companies, media and news publications, or small personal sites, may be surprised to learn AI bots of all types are scanning their content thousands of times every day without the content creator knowing or being compensated, causing significant destruction of value for businesses large and small. Even when website owners are aware of how AI bots are using their content, they lack a sophisticated way to determine what scanning to allow and a simple way to take action. For society to continue to benefit from the depth and diversity of content on the Internet, content creators need the tools to take back control.

“AI will dramatically change content online, and we must all decide together what its future will look like,” said Matthew Prince, co-founder and CEO, Cloudflare. “Content creators and website owners of all sizes deserve to own and have control over their content. If they don’t, the quality of online information will deteriorate or be locked exclusively behind paywalls. With Cloudflare’s scale and global infrastructure, we believe we can provide the tools and set the standards to give websites, publishers, and content creators control and fair compensation for their contribution to the Internet, while still enabling AI model providers to innovate.”

With AI Audit, Cloudflare aims to give content creators information and take back control so there can be a transparent exchange between the websites that want greater control over their content, and the AI model providers that are in need of fresh data sources so that everyone benefits. With this announcement, Cloudflare aims to help any website:

• Automatically control AI bots, for free: AI is a quickly evolving space, and many website owners need time to understand and analyze how AI bots are affecting their traffic or business. Many small sites don’t have the skills or bandwidth to manually block AI bots. The ability to block all AI bots in one click puts content creators back in control.
• Tap into analytics to see how AI bots access their content: Every site using Cloudflare now has access to analytics to understand why, when, and how often AI models access their website. Website owners can now make a distinction between bots – for example, text-generative bots that still credit the source of the data they use when generating a response, versus bots that scrape data with no attribution or credit.
• Better protect their rights when negotiating with model providers: An increasing number of sites are signing agreements directly with model providers to license the training and retrieval of content in exchange for payment. Cloudflare’s AI Audit tab will provide advanced analytics to understand metrics that are commonly used in these negotiations, like the rate of crawling for certain sections or the entire page. Cloudflare will also model terms of use that every content creator can add to their sites to legally protect their rights.
• Set a fair price for the right to scan content and transact seamlessly (in development): Many site owners, whether they are the large companies of the future or a high-quality individual blogs, do not have the resources, context, or expertise to negotiate one-off deals that larger publishers are signing with AI model providers, and AI model providers do not have the bandwidth to do this with every site that approaches them. In the future, even the largest content creators will benefit from Cloudflare’s seamless price setting and transaction flow, making it easy for model providers to find fresh content to scan they may otherwise be blocked from, and content providers to take control and be paid for the value they create.

The report also finds a troubling rise in ransomware tactics used alongside DDoS attacks. In May 2024, 16% of Cloudflare’s customers reported experiencing extortion attempts alongside DDoS attacks. The report sheds light on the nature of these attacks:

• Targets: China was the most attacked country, followed by Turkey, Singapore, and Hong Kong. The Information Technology & Services industry was the primary target, followed by Food & Beverages and Consumer Goods.
• Attackers: While most victims couldn’t identify their attackers, those who did point to competitors, disgruntled users, and even state actors.
• Attack Duration: Most attacks are short-lived, with over half ending within 10 minutes, emphasizing the need for automated defences.
• Attack Size: While most attacks are relatively small, there has been an increase in larger attacks, with a significant number exceeding 1 million packets or requests per second.

Cloudflare’s report paints a picture of a rapidly evolving threat landscape. The rise of sophisticated attacks and an increase in ransomware tactics underscores the need for robust security solutions for businesses of all sizes.

Commenting on the report, Bashar Bashaireh, Managing Director & Head of Sales – Middle East and Türkiye at Cloudflare, “The majority of DDoS attacks are small and quick. However, even these attacks can disrupt online services that do not follow best practices for DDoS defense. Threat actor sophistication is increasing, perhaps due to the availability of Generative AI and developer copilots, resulting in attack code that delivers DDoS attacks that are harder to defend against. Even before the rise in attack sophistication, many organizations struggled to defend against these threats on their own. But they don’t need to. Cloudflare is here to help. We invest significant resources – so you don’t have to – to ensure our automated defenses, along with the entire portfolio of Cloudflare security products, can mitigate emerging threats.”

To address this, Cloudflare has developed advanced bot detection models specifically trained to identify AI bots. These models analyze traffic patterns and behaviour, including attempts to mimic human web browsing activity. This allows them to catch even the most cunning scraper bots. Cloudflare has also implemented a reporting system for website owners to flag suspected AI bots and crawlers. They plan to continuously update their blacklist based on user reports and manual investigations.

The rise of powerful generative AI models has fueled a massive demand for training data. This has led to a surge in AI scraper bots, often operating without permission or compensation for the data they collect. Many websites are opting to block these bots entirely. Studies show a significant number of top websites blocking bots used by leading AI companies. However, some vendors seem to disregard these blockers, prioritizing data collection over user consent.

Blocking all bots can have unintended consequences. Some AI tools, like Google’s AI Overviews, exclude websites that block specific crawlers. This can limit valuable referral traffic for website owners. Cloudflare’s tool offers a potential solution, but its effectiveness hinges on the accurate detection of these clandestine AI bots. The ongoing battle between website owners and AI companies highlights the need for a clearer regulatory framework to govern data collection practices in the AI training landscape.

Today, entire applications are built on serverless architectures, from compute to databases, storage, queues, and more. Still, observability is often regarded as one of the weaknesses of serverless architectures — trading off visibility into the application’s behaviour for a scalable infrastructure that doesn’t need to be managed. Building and debugging production applications requires the ability to understand trends and patterns, identify performance bottlenecks, and isolate errors to ensure ongoing reliability, scalability, and security. Having access to this level of visibility, preferably all within one platform, is a critical factor developers consider when choosing a platform on which to build.

“Two million developers building on Cloudflare trust us to help scale their apps globally, but can still struggle to understand the behaviour of their cloud applications,” said Matthew Prince, co-founder and CEO, Cloudflare. “We believe that to be the leading developer platform, having the best observability tools built in is going to be table-stakes. Baselime has raised the standard for serverless observability and we can further unlock those insights for every developer building on our platform.”

With this acquisition, Cloudflare enters into the observability market to further enable developers to deploy services in production — allowing teams to identify when a release has gone wrong and needs to be rolled back, investigate bugs and regressions, optimize performance, and more. Developers will also benefit from the ability to optimize the cost of their serverless applications, by understanding the rate of requests made and analyzing sources of latency.

With this acquisition, Baselime will be integrated into Cloudflare’s developer platform, helping developers push the boundaries of modern observability to:

1. Analyze their observability data across thousands of possible fields and values, to surface all errors, requests, or performance issues for specific users or across their entire applications.
2. Enable and adopt OpenTelemetry-based tools and standards to facilitate integration with a diverse set of application frameworks and cloud providers. These tools and standards enable developers to easily and consistently instrument their applications for rich observability data, making it easier to quickly troubleshoot issues, whether they impact a single user, a subset of users or the entire application.
3. Extract insights from their observability data thanks to a suite of developer experience improvements, including real-time error tracking based on logs and traces, actionable alerts, trace diagrams and timelines, an approachable query engine, and an AI debugging assistant.

“Cloudflare is building the next frontier of cloud computing with their connectivity cloud. Our core mission has always been to simplify and innovate observability for the future of the cloud, and Cloudflare’s ecosystem offers the ideal ground to further this cause,” said Boris Tane, founder and CEO, Baselime. “With Cloudflare, we’re positioned to deeply integrate into a platform that two million developers trust, enabling them to build, ship, and troubleshoot applications fast. I am incredibly excited about the potential of what we can build together and the impact it will have on developers around the world.”

The conventional perception often pits security against privacy. Establishing robust security measures involves identifying potential threats, yet this process may involve scrutinising sensitive or personal data, posing a risk to privacy. In truth, the key to ensuring data privacy lies in the implementation of effective data security. A meticulously crafted, privacy-centric security program not only provides substantial advantages to any organization but also mitigates potential privacy concerns.

Security vs. privacy misconception
The notion that security and privacy conflict arises when these two concepts are taken to their extremes. Within this perspective, any potential access to sensitive data is perceived as a breach of privacy, something to be avoided at any cost. Embracing this viewpoint significantly hinders the effectiveness of security programs in identifying and addressing potential threats.

Take, for instance, the realm of network traffic analysis. Packet inspection, a crucial tool in corporate cybersecurity, is commonly implemented through firewalls, seen as a fundamental security measure in various jurisdictions globally. By scrutinizing the content of network packets, it becomes possible to detect potential malware infections, data exfiltration, account takeover, and other threats. However, from a privacy standpoint, concerns arise when packet inspection involves personally identifiable information (PII) or other sensitive data.

From a privacy absolutist perspective, a preference is often given to end-to-end encryption with no packet inspection. On the surface, these two viewpoints—ensuring necessary security and safeguarding personal data—may appear incompatible. Nevertheless, regulators emphasise that providing reasonable security is crucial for protecting data privacy, as evident in numerous privacy regulatory enforcement actions against companies experiencing security breaches. We believe that data privacy and security leaders can reconcile the apparent conflict between security and privacy absolutism, but it necessitates adopting a different perspective on data privacy and security altogether.

What are the potential threats?
Both data security and data privacy programs are founded on the core principle of risk management. Aligning the objectives of these programs entails examining the conceivable threats to an organization’s data. For any entity handling personal data, ensuring the security and privacy of such information is paramount. A primary concern within a data security program is the possibility that security solutions might inadvertently access personally identifiable information (PII) and other sensitive data while carrying out their functions. These tools, which could include email scanners, network packet analyzers, or file inspection systems, may inadvertently come across such confidential content.

Another significant risk to both corporate and customer data is the potential exposure to cybercriminals. For instance, contemporary ransomware tactics involve stealing and disclosing sensitive data if the targeted company refuses to pay the ransom. Even compliance with the ransom demand offers no assurance that the data will be erased and won’t be disclosed. Avoiding these risks entirely is impractical. An effective security program necessitates access to data, and inadequate security measures virtually guarantee the occurrence of data breaches.

Discovering a Path Toward Privacy-First Security
When security solutions are crafted with privacy as a central consideration, organizations can deploy robust security measures while safeguarding the personal data of their customers and employees. A comprehensive cost-benefit analysis reveals significant advantages in adopting a privacy-first approach to security.

For instance, proactively blocking malware before it infiltrates an organization’s systems can avert a potential data breach. Given the average cost of $4.45 million in 2023, coupled with the consequential impact on brand reputation and legal ramifications, preventing even a single data breach becomes paramount for any company. Hence, the importance of industry-leading security measures is indisputable. Any reputable security company should provide solutions that limit its access to sensitive data and ensure the protection of the personal data entrusted to its care.

Creating a Security Program with Privacy at the Forefront
Privacy and security can coexist harmoniously. A privacy-first security program assesses the risks associated with both implementing and not implementing security measures. If the advantages of deploying a security solution, such as email scanning, outweigh the drawbacks — which is highly probable — the organization should proceed with the careful implementation of this capability. When determining the suitability of a security tool for enhancing both data security and privacy, consider asking the following key questions:

• Does it provide clear benefits? The potential privacy risks of a security solution are only acceptable if it also reduces the risk of a data breach.
• Does it minimise access to personal data? A security solution should minimize the amount of potentially sensitive data it accesses and processes.
• Does the company prioritise security? Check how the company has handled past security incidents and prioritised security investment.
• Does it meet regulatory requirements? Verify that the company has privacy-focused certifications such as ISO 27701 and ISO 27018, and is certified to the prevailing local and international data privacy frameworks. If a company has these certifications in addition to standard security certifications such as PCI DSS, ISO 27001 and SOC 2 Type II, it’s a great sign that a vendor goes above and beyond on privacy and security.

Assessing all these criteria for the 60+ security tools typically employed by an average organization can be a substantial undertaking. This underscores the compelling case for security consolidation. Conducting thorough due diligence on a single vendor offering a comprehensive suite of capabilities is more manageable than conducting a superficial assessment of multiple individual point security products.

Download the Arabian Reseller GITEX 2023 Special Edition: https://arabianreseller.com/oct2023

If you liked the video, please like, share, and comment below.

Follow us on social media:
✓ Linkedin – https://www.linkedin.com/company/28160369/
✓ Twitter – https://twitter.com/arabianreseller
✓ Facebook – https://www.facebook.com/arabianreseller
✓ Website – http://www.arabianreseller.com/
✓ Future Tech Podcast – https://open.spotify.com/show/6ZT8KdXdzlmRaaRNQeZei8

For more videos, please subscribe to our channel. Also, hit the bell icon to join our Notification Squad!