Cloudflare has recently launched a significant enhancement to its threat intelligence capabilities with the introduction of the Cloudforce One threat events platform.
This platform is designed to provide security practitioners and decision-makers with actionable insights into threat activity, leveraging the vast amount of traffic data processed by Cloudflare’s network.
On average, Cloudflare handles 71 million HTTP requests and 44 million DNS queries per second, offering a comprehensive view of real-time threats.
Enhancing Threat Intelligence with Contextual Data
The new platform addresses a critical challenge in the threat intelligence industry: the lack of contextual information in indicator feeds.
These feeds typically include indicators of compromise (IOCs) such as IP addresses, ASNs, domains, URLs, and hashes but often lack the context needed to understand why an indicator was flagged.
Cloudflare’s threat events platform fills this gap by providing detailed summaries of threat activity, including context that helps users take action.
Each event is linked to the MITRE ATT&CK framework and cyber kill chain stages, offering a structured approach to understanding threat operations.
The platform is built using Cloudflare Workers and leverages SQLite-backed Durable Objects for storing and managing threat events.
This architecture allows for dynamic customization of datasets and scalability to handle surges in threat activity.
Users can access these events through the Cloudflare Dashboard or via the Cloudforce One threat events API, both of which offer customizable filters to drill down into specific threat details.
Real-World Applications
To demonstrate the power of this platform, Cloudflare has integrated threat intelligence related to the Black Basta criminal enterprise.
Analysts can filter events by threat actor, gaining insights into domains, hosts, and file samples used by such groups.
This capability empowers organizations to make informed decisions about their security strategies and respond effectively to emerging threats.
According to the Report, Cloudflare plans to expand the platform with additional visualizations and analytics, enhancing the ability to integrate with existing SIEM platforms and share indicators across systems.
This will further empower organizations to better understand and report on threat activity, ultimately strengthening their cybersecurity posture.
With its unique approach to threat intelligence, Cloudflare’s Cloudforce One platform is poised to become a leading tool in the fight against cyber threats.
