Internet infrastructure giant Cloudflare has announced a series of integrations to help users of various platforms connect and analyse key insights from across their networks.
The firm has teamed up with Microsoft Azure Sentinel, Splunk, Datadog and Sumo Logic to allow users to funnel security data from Cloudflare into their analytics service of choice without the cost or complexity of building expensive custom integrations.
It claims these collaborations would help solve organisational security and performance challenges in just a few clicks, and help security teams make critical decisions on how to prevent, detect and mitigate threats in the context of the insights they receive from the overall technology stack.
“CISOs want their security teams to focus on security, not building clunky and costly integrations just to get insights from all of the different applications and tools in their infrastructure,” said Matthew Prince, co-founder and CEO of Cloudflare.
“We saw an opportunity to make that process faster, easier, and cheaper, working with other top analytics platforms to bring added value to our customers.
“Now we can give security teams the tools they need to have visibility and added security across the entire stack, even the parts beyond Cloudflare,” added Prince.
As an example, today, a customer that catches a SQL injection attack would receive an alert so that they can block additional traffic originating from the attacker’s IP address directly in Cloudflare’s Web Application Firewall – in the future, with integration into an analytics platform, they can also see all past activity from said IP address across all applications and infrastructure, not just Cloudflare.
The integrations also allow Cloudflare customers to get insights from new datasets including firewall events and network error logging; to take logs anywhere with newly added support for any storage solution with an industry standard S3-compatible application programming interface (API); and to better visualise data in a completely rebuilt user interface (UI) that is supposedly much more intuitive than before.
National Oilwell Varco (NOV), a Texas-based supplier of equipment and technology used in the oil and gas sector, is one customer preparing to integrate its data into Splunk.
CISO John McLeod said: “Splunk helps us monitor our network and applications by alerting us to various anomalies and high-fidelity incidents…One of the most valuable sources of data is Cloudflare. It provides visibility into network and application attacks. With this integration, it will be easier to get Cloudflare Logs into Splunk, saving my team time and money.”
Splunk’s vice-president of product management, Jane Wong, said: “Organisations are in a state of digital transformation on a journey to the cloud.
“Most of our customers deploy services in multiple clouds and have legacy systems on premise. Splunk provides visibility across all of this, and more importantly, with SOAR [security orchestration, automation and response] we can automate remediation. We are excited about the Cloudflare partnership, and adding their data into Splunk drives the outcomes customers need to modernise their security operations,” she said.
Sarah Fender, Microsoft partner group programme manager for Azure Sentinel, added: “Securing enterprise IT environments can be challenging – from devices, to users, to apps, to datacentres on-premise or in the cloud.
“In today’s environment of increasingly sophisticated cyber attacks, our mutual customers rely on Microsoft Azure Sentinel for a comprehensive view of their enterprise. Azure Sentinel enables SecOps teams to collect data at cloud scale and empowers them with AI and ML to find the real threats in those signals, reducing alert fatigue by as much as 90%.
“By integrating directly with Cloudflare Logs we are making it easier and faster for customers to get complete visibility across their entire stack,” she said.