๐Ÿ›ก๏ธStalecollected in 3h

Cloudflare achieves 10x increase in global scanning capacity

Cloudflare achieves 10x increase in global scanning capacity
PostLinkedIn
๐Ÿ›ก๏ธRead original on Cloudflare Blog

๐Ÿ’กLearn how to scale high-frequency data processing by 10x through software optimization instead of expensive hardware.

โšก 30-Second TL;DR

What Changed

Achieved 10x throughput increase without additional hardware

Why It Matters

This demonstrates how architectural refinement can significantly improve large-scale data processing efficiency. It provides a blueprint for developers handling high-frequency security or telemetry data streams.

What To Do Next

Review your high-throughput data pipelines for Kafka consumer bottlenecks and Postgres query execution plans to identify similar optimization opportunities.

Who should care:Developers & AI Engineers

Key Points

  • โ€ขAchieved 10x throughput increase without additional hardware
  • โ€ขSystem now processes over 120 scans per second
  • โ€ขOptimizations focused on Kafka consumers, Postgres queries, and API performance

๐Ÿง  Deep Insight

Web-grounded analysis with 12 cited sources.

๐Ÿ”‘ Enhanced Key Takeaways

  • โ€ขThe 10x capacity increase enabled Cloudflare to activate automatic security scanning for all free accounts and significantly boost scanning frequency across all plans, now offering daily scans for Enterprise, every three days for Pro/Business, and weekly for Free accounts.
  • โ€ขCloudflare's Security Insights system generates over 10 million actionable insights daily, identifying potential security risks and misconfigurations across various Cloudflare environment aspects, including account settings, DNS record configurations, SSL/TLS certificates, Cloudflare Access, and Web Application Firewall (WAF) configurations.
  • โ€ขThe performance boost was achieved through a deep engineering approach, prioritizing software and architectural improvements like parallel processing for Kafka consumers, optimized Postgres queries, and enhanced API performance, rather than relying on additional hardware resources.
  • โ€ขSecurity Insights scans extend beyond proxied traffic to include non-proxied (DNS-only) hostnames, ensuring a broader detection of potential risks even for assets not fully routed through Cloudflare's application security features.

๐Ÿ› ๏ธ Technical Deep Dive

  • Kafka Optimizations: Cloudflare implemented batch consumption, where specialized Go microservices (checkers) process multiple Kafka messages concurrently using separate goroutines to handle high throughput and absorb production spikes without accumulating consumer lag. Their Kafka infrastructure runs on self-managed bare metal across 14 distinct clusters and utilizes an internal Go-based message bus client library that enforces a one-to-one mapping between Protobuf message types and Kafka topics.
  • Postgres Optimizations: Performance improvements involved optimizing Postgres queries within Cloudflare's distributed PostgreSQL clusters, which leverage PgBouncer for efficient connection pooling and HAProxy for load balancing across multiple database instances. Cloudflare also employs strategies such as dynamic connection pool sizing and gateway query queuing to manage performance in multi-tenant environments and prevent resource starvation.
  • API Performance Optimizations: Enhancements included addressing latency issues, particularly between active-active API instances and a primary database, by optimizing database queries from remote API instances. Cloudflare also utilizes technologies like Ricochet for API Gateway to reduce latency through intelligent caching of API requests, even for previously uncacheable items such as GraphQL POST requests.

๐Ÿ”ฎ Future ImplicationsAI analysis grounded in cited sources

Cloudflare will provide more proactive and timely security posture management for all its customers.
The 10x increase in scanning capacity allows for significantly more frequent security scans across all service tiers and enables automatic scanning for all free accounts, leading to faster detection of misconfigurations and vulnerabilities.
Cloudflare will introduce advanced security features and capabilities built upon the enhanced Security Insights platform.
The improved stability and scalability of the Security Insights system provide a robust foundation, giving Cloudflare the confidence to develop and deploy new features that were previously technically constrained.

โณ Timeline

2009-07
Cloudflare founded
2010-09
Cloudflare publicly launched
2014
Cloudflare began using Apache Kafka in production
2017
Cloudflare Workers platform launched
2020-10
Cloudflare One (SASE platform) debuted
2022-09
API Endpoint Management and metrics became generally available for API Shield customers
2026-06
Cloudflare announced 10x increase in Security Insights scanning capacity and revamped Security Overview dashboard

๐Ÿ“Ž Sources (12)

Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.

  1. cloudflare.com
  2. cloudflare.com
  3. cloudflare.com
  4. cloudflare.com
  5. infoq.com
  6. cloudflare.com
  7. cloudflare.com
  8. bytebytego.com
  9. factorhouse.io
  10. infoq.com
  11. cloudflare.com
  12. cloudflare.com
๐Ÿ“ฐ

Weekly AI Recap

Read this week's curated digest of top AI events โ†’

๐Ÿ‘‰Related Updates

AI-curated news aggregator. All content rights belong to original publishers.
Original source: Cloudflare Blog โ†—