US Department of Treasury, Pacific Northwest National Laboratory, and Cloudflare Partner to Share Early Warning Threat Intelligence for Financial Institutions

San Francisco, CA, May 9, 2024 - Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today announced a partnership with the United States Department of Treasury and Pacific Northwest National Laboratory (PNNL) under the Department of Energy to improve the cyber resilience of the financial services industry by sharing an advanced threat intelligence feed through Cloudflare. With this new offering, financial services institutions that are using Cloudflare Gateway now have privileged access to Custom Indicator Feeds that share threat indicators and enable direct action to be taken, to better defend against ransomware, phishing, and other threats.

"The bank heists we watch in movies have modernized. With an increase in consumer banking done online post-pandemic, and the current geopolitical situation, cyberattacks on financial institutions have an outsized impact on how our country functions," said Matthew Prince, co-founder and CEO, Cloudflare. "Our Custom Indicator Feed will take threat intelligence that was previously exclusively the government's, and make it easily available to and actionable for the private sector for the first time. This is the beginning of another chapter of Cloudflare working closely with the federal government to strengthen the security of our critical institutions."

Banks and financial services companies are critical institutions that keep the country and the economy functioning, and where companies and individuals hold their savings - and therefore, are a prime target for cyberattacks. Cloudflare observed 41 billion HTTP DDoS attack requests targeting the Banking, Financial Services, and Insurance (BFSI) industry in Q1 2024, a 57% year-over-year growth compared to Q1 2023. Sharing threat intel data across organizations thus far has been a manual process, with exchanges happening over email or industry Slack channels; there is then no streamlined way for organizations to take action on the intel received.

Tailored Threat Intelligence for Financial Institutions

This partnership with the Department of Treasury and PNNL will provide U.S. financial services institutions with privileged access to advanced threat intelligence, available through Cloudflare. The feed collects advanced insights from the Treasury and federal government's exclusive sources, enriched by Cloudflare's own threat intelligence, gained from unique visibility across Internet traffic. Financial institutions are able to integrate approved threat intelligence feeds directly into their Cloudflare dashboard and implement automated DNS filtering policies using Cloudflare Gateway, ensuring their employees are protected from malicious links and phishing attempts targeting financial services organizations.

Cloudflare's network spans more than 320 cities, its widely used public DNS resolver, 1.1.1.1, is used around the world, and Cloudflare is used by nearly 20% of all websites - and so, Cloudflare routinely sees security threats and attacks by actors earlier than competitors. Cloudflare is the CISA chosen vendor for Protective DNS and federal agencies such as Treasury are leveraging Cloudflare to help protect its infrastructure.

"Treasury sees Cloudflare and PNNL as critical partners in our strategy to develop a more modern proactive defense posture," said Todd Conklin, Treasury Chief AI Officer and Deputy Assistant Secretary Cybersecurity and Critical Infrastructure Protection. "Ensuring that critical cyber threat data is automated and being directly offered to firms will bolster the collective defenses of the financial sector, and will especially offer critical support to our smallest financial institutions."

Public-Private Partnerships to Secure the Internet

This partnership is part of the White House's National Cybersecurity Strategy, announced in 2023, that aims to defend critical infrastructure and dismantle threat actors in close cooperation with the private sector. Cloudflare has also signed onto the Cybersecurity and Infrastructure Security Agency (CISA) Secure By Design pledge, to catalyze collective action around secure by design principles, including multi-factor authentication, reducing entire classes of vulnerabilities, and more.

Onboarding U.S. Financial Institutions

This offering is available at no cost to any financial institution recognized by the Department of Treasury and that currently uses Cloudflare Gateway. Through this partnership, the feed will be available as a new security content category to use within Cloudflare's Gateway DNS filtering policies. In accordance with Cloudflare's values around privacy, threat intel is a one-way feed from Treasury to customers, and financial institutions' data is not shared in any way outside of Cloudflare as part of this program. Customers will have access to threat signals, including IP addresses and domain names, along with DNS filtering via Gateway to ensure employees are protected from bad links or phishing attempts. For U.S. financial institutions that are not currently Cloudflare customers, contact Cloudflare at cloudflare.com/financial-services.

To learn more, please check out the resources below:

• Cloudflare Blog: The White House's National Cybersecurity Strategy asks the private sector to step up to fight cyber attacks. Cloudflare is ready
• Cloudflare for Financial Services
• Cloudflare for Public Sector

About Cloudflare

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare's connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world's largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations - from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

Learn more about Cloudflare's connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at https://radar.cloudflare.com.

Follow us: Blog | X | LinkedIn | Facebook | Instagram

Forward-Looking Statements This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as "may," "will," "should," "expect," "explore," "plan," "anticipate," "could," "intend," "target," "project," "contemplate," "believe," "estimate," "predict," "potential," or "continue," or the negative of these words, or other similar terms or expressions that concern Cloudflare's expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Cloudflare's products and technology, the benefits to Cloudflare's customers from using Cloudflare's products and technology, Cloudflare's partnership with the United States Department of the Treasury and PNNL and the potential resulting benefits to Cloudflare customers, the potential opportunity for Cloudflare to attract additional customers and to expand sales to existing customers through Cloudflare's partnership with the United States Department of the Treasury and PNNL, Cloudflare's technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare's CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare's filings with the Securities and Exchange Commission (SEC), including Cloudflare's Quarterly Report on Form 10-Q filed on May 2, 2024, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare's forward-looking statements, and you should not place undue reliance on Cloudflare's forward-looking statements.

© 2024 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.