Internet infrastructure giant Cloudflare has announced a series of integrations to help users of various platforms connect and analyze critical insights from across their networks. The firm has teamed up with Microsoft Azure Sentinel, Splunk, Datadog, and Sumo Logic to allow users to funnel security data from Cloudflare into their analytics service of choice without the cost or complexity of building expensive custom integrations.
It claims these collaborations would help solve organizational security and performance challenges in just a few clicks and help security teams make critical decisions on preventing, detecting, and mitigating threats in the context of the insights they receive from the overall technology stack.
“CISOs want their security teams to focus on security, not building clunky and costly integrations just to get insights from all of the different applications and tools in their infrastructure,” said Matthew Prince, co-founder and CEO of Cloudflare.
“We saw an opportunity to make that process faster, easier, and cheaper, working with other top analytics platforms to bring added value to our customers.
“Now we can give security teams the tools they need to have visibility and added security across the entire stack, even the parts beyond Cloudflare,” added Prince.
For example, today, a customer that catches a SQL injection attack would receive an alert to block additional traffic originating from the attacker’s IP address directly in Cloudflare’s Web Application Firewall. In the future, with integration into an analytics platform, they can also see all past activity from said IP address across all applications and infrastructure, not just Cloudflare.
The integrations also allow Cloudflare customers to get insights from new datasets, including firewall events and network error logging; to take logs anywhere with newly added support for any storage solution with an industry-standard S3-compatible application programming interface (API), and to better visualize data in a completely rebuilt user interface (UI) that is supposedly much more intuitive than before.
National Oilwell Varco (NOV), a Texas-based supplier of equipment and technology used in the oil and gas sector, is one customer preparing to integrate its data into Splunk.
One of the most valuable sources of data is Cloudflare. CISO John McLeod said: “Splunk helps us monitor our network and applications by alerting us to anomalies and high-fidelity incidents… It provides visibility into network and application attacks. With this integration, getting Cloudflare Logs into Splunk will be easier, saving my team time and money.”
Splunk’s vice president of product management, Jane Wong, said: “Organisations are in a state of digital transformation on a journey to the cloud. “Most of our customers deploy services in multiple clouds and have legacy systems on-premise. Splunk provides visibility across all of this, and more importantly, with SOAR [security orchestration, automation, and response], we can automate remediation. We are excited about the Cloudflare partnership, and adding their data into Splunk drives the outcomes customers need to modernize their security operations,” she said.
Sarah Fender, Microsoft partner group program manager for Azure Sentinel, added: “Securing enterprise IT environments can be challenging – from devices to users, to apps, to datacentres on-premise or in the cloud.
“In today’s environment of increasingly sophisticated cyberattacks, our mutual customers rely on Microsoft Azure Sentinel for a comprehensive view of their enterprise. Azure Sentinel enables SecOps teams to collect data at a cloud scale and empowers them with AI and ML to find the real threats in those signals, reducing alert fatigue by as much as 90%. “By integrating directly with Cloudflare Logs, we are making it easier and faster for customers to get complete visibility across their entire stack,” she said.
