Ivanti Connect Secure is a popular remote access solution that provides secure, clientless access to enterprise resources. It allows employees to safely connect to corporate networks and applications from anywhere, using any device. However, recently discovered vulnerabilities in Ivanti Connect Secure, namely CVE-2023-46805 and CVE-2024-21887, have raised concerns about the potential for attackers to exploit these flaws and gain unauthorized access to sensitive data and systems. In this blog post, we'll explore how Cloudflare's AI-powered security solutions, combined with zeroteam.dev's expertise, can help organizations protect against these threats and maintain the security of their critical applications.

Why These Weaknesses Matter?

The Ivanti Connect Secure vulnerabilities were a serious concern for organizations using those systems. Malicious actors could exploit CVE-2023-46805 and CVE-2024-21887 to gain unauthorized access, potentially leading to data breaches or system disruptions. Ivanti's products are widely used by major companies across industries such as aerospace, technology, hospitality, and IT, meaning these vulnerabilities likely impacted numerous organizations worldwide.

Cloudflare's AI Solution

Cloudflare leveraged AI to provide proactive protection against these vulnerabilities. Their Web Application Firewall (WAF) includes an AI component called WAF Attack Score, which can detect and block attacks before the vulnerabilities are publicly disclosed. When the Ivanti issues were announced, Cloudflare's AI had already identified those request as potentially malicious,  customers levering this Attack Score could be safe even before the news broke.

The Importance of Fine-Tuning the WAF

While Cloudflare's AI security is impressive, zeroteam.dev recognizes the importance of tailoring WAF settings to each client's unique requirements. Our team is used to optimize Cloudflare's security features to best suit individual client needs. In today's landscape, zero-day vulnerabilities pose a significant threat, allowing attackers to exploit systems and steal data before patches are available.

This is where AI-powered Web Application Firewalls (WAFs) can make a substantial difference. Cloudflare's AI WAF, with its Attack Score feature, excels at defending against these emerging threats. It analyzes incoming requests and assigns a score based on their likelihood of being malicious, enabling it to block attacks that traditional defenses might overlook.

However, maximizing the effectiveness of AI WAFs requires more than simply enabling the feature. It necessitates a deep understanding of each client's specific needs and risk profile. That's where zeroteam.dev's expertise comes into play. We collaborate closely with clients to identify their most critical applications and system components. We then ensure the AI WAF is configured optimally to protect those assets. We fine-tune the Attack Score settings to strike the right balance between security and usability, minimizing false positives while still catching threats.Additionally, we implement custom rules to enhance the AI WAF's capabilities. We consider each client's unique architecture and potential vulnerabilities. By combining AI with our tailored rules, we create multiple layers of defense against both known and unknown threats.

A Success Story

zeroteam.dev recently assisted a client facing a challenging situation.

An attacker was targeting their database with resource-intensive SQLi (SQL Injection) queries, causing performance degradation and impacting the availability of the client's services.Upon notification, our team immediately took action. We first utilized Cloudflare's Rate Limiting feature to mitigate the impact and contain the attack.

By setting limits on the number of requests the attacker could make, we provided immediate relief to the system.However, zeroteam.dev understood that Rate Limiting alone would not fully resolve the issue. We conducted an in-depth analysis of the client's logs and security events using Cloudflare's data.

Through careful investigation, we identified the specific database queries responsible for the performance issues.Armed with this knowledge, zeroteam.dev developed a robust defense strategy. We fine-tuned Cloudflare's AI WAF by adjusting the Attack Score settings specifically for the targeted system components.

This allowed the WAF to accurately identify and block potential SQLi attempts without generating excessive false positives.To further strengthen the client's defenses, zeroteam.dev's experts created custom WAF rules tailored to this specific type of SQLi attack. By combining Cloudflare's AI threat detection with our intimate understanding of the client's system, these custom rules added an additional layer of filtering to weed out malicious queries. zeroteam.dev also recognized the importance of tracking and isolating the attacker's actions. Leveraging Cloudflare's session identifier capabilities, we pinpointed the exact sessions responsible for the malicious activity.

This granular identification allowed zeroteam.dev to surgically block the attacker's IP addresses and user agents without disrupting legitimate traffic.Throughout the incident, zeroteam.dev maintained close communication with the client, providing regular updates and insights into the remediation process. The client expressed deep appreciation for zeroteam.dev's swift response, technical expertise, and clear communication, which enabled them to restore their services to full functionality quickly.

This success story demonstrates the power of combining Cloudflare's AI security capabilities with zeroteam.dev's expertise in delivering tailored, effective protection. By leveraging Rate Limiting, AI-powered WAF scores, custom rules, and session identification, zeroteam.dev successfully mitigated the SQLi attack, ensuring the client's database remained secure and their services remained available. The incident also underscores the importance of proactive cybersecurity measures and having a trusted partner like zeroteam.dev to navigate complex threat scenarios. With their deep understanding of Cloudflare's ecosystem and their commitment to staying at the forefront of security best practices, zeroteam.dev empowers businesses to defend against evolving threats and maintain the integrity of their critical applications.

Conclusion

As the threat landscape continues to evolve, zeroteam.dev remains dedicated to helping organizations maximize the potential of Cloudflare's AI-powered security solutions.

‍zeroteam.dev enables businesses to focus on their core objectives with confidence, knowing their digital assets are protected by the best in the industry.

But our work doesn't stop there. Regular security event reviews and continuous monitoring are crucial to staying ahead of emerging threats. Our team actively analyzes WAF logs, identifies new attack patterns, and adjusts configurations accordingly. This ongoing optimization process ensures that our clients' applications remain protected even as the threat landscape shifts.In essence, while AI WAFs are a game-changer in combating zero-day vulnerabilities, they are most effective when properly configured and managed. zeroteam.dev is committed to delivering customized, expert-driven security solutions that empower our clients to fully leverage Cloudflare's AI-powered defenses, safeguarding their critical applications from both present and future threats.

As an agency specializing in Cloudflare services, zeroteam.dev understands the vital role proactive cybersecurity measures play in today's digital landscape. A recent example of this is Cloudflare's response to the Ivanti Connect Secure vulnerabilities, CVE-2023-46805 and CVE-2024-21887.

To explore our services further, start here.