Global CDN (content delivery network) provider Cloudflare has announced new integrations with Microsoft Azure Sentinel, Splunk, Datadog, and Sumo Logic. This would make it simpler for organizations to connect and analyze important information across their infrastructure. Without the expense or complexity of creating bespoke interfaces, organizations can now feed security information from Cloudflare right into their choice analytics platform for “easy” analysis in the context of their whole technological stack.
CISOs rely on data insights to make important choices about how to help avoid, identify, and mitigate risks in today’s security environment. Many organizations want to view their security data in the context of insights they’re getting from other apps in their entire technology stack to get the most out of it, according to Cloudflare.
Traditionally, security teams had to create and manage costly, time-consuming, and unstable connections with their analytics tools to do this, says Cloudflare. With these integrations, security teams can now extend Cloudflare Logs’ insights throughout their whole stack.
“CISOs want their security teams to focus on security, not building clunky and costly integrations just to get insights from all of the different applications and tools in their infrastructure,” said Matthew Prince, co-founder and CEO of Cloudflare. “We saw an opportunity to make that process faster, easier, and cheaper, working with other top analytics platforms to bring added value to our customers. Now, we can give security teams the tools they need to have visibility and added security across the entire stack, even the parts beyond Cloudflare.”
Example: SQL Injection Attack
With a few clicks, Cloudflare’s security logs can now be imported straight into Azure Sentinel, Datadog, Splunk, and Sumo Logic. As a consequence, security teams may see Cloudflare’s findings in the context of their larger infrastructure. For example, a client who detects a SQL injection attack today receives an alert and may use Cloudflare’s Web Application Firewall to restrict subsequent traffic from the attacker’s IP address. They could also observe all previous activity from that IP address across all apps and infrastructure, not just Cloudflare, if they connected to an analytics platform.
With these integrations, Cloudflare is also arming customers with the ability to:
- Get insights from new datasets – Cloudflare is giving customers the opportunity to discover security threats and performance opportunities throughout their whole network by expanding Cloudflare Logs to include additional datasets such as Firewall Events and Network Error Logging.
- Take logs anywhere with support for any storage destination – Cloudflare has long supported AWS, Azure, and Google Cloud as storage destinations, and now it’s expanding to include any storage destination that uses the industry standard S3-compatible API. Backblaze, DigitalOcean, and others are among them.
- Easily visualize data in a new user interface (UI) – Cloudflare fully rebuilt the Logs UI from the ground up, with so many additional data types and destinations. The new design makes set-up more straightforward, allowing clients to get up and running fast and simply while also simplifying the user experience.
“Organizations are in a state of digital transformation on a journey to the cloud,” said Jane Wong, Vice President, Product Management, Security at Splunk. “Most of our customers deploy services in multiple clouds and have legacy systems on premise. Splunk provides visibility across all of this, and more importantly, with SOAR we can automate remediation. We are excited about the Cloudflare partnership, and adding their data into Splunk drives the outcomes customers need to modernize their security operations.”
“Securing enterprise IT environments can be challenging – from devices, to users, to apps, to data centers on-premises or in the cloud,” said Sarah Fender, Partner Group Program Manager, Azure Sentinel at Microsoft. “In today’s environment of increasingly sophisticated cyber-attacks, our mutual customers rely on Microsoft Azure Sentinel for a comprehensive view of their enterprise. Azure Sentinel enables SecOps teams to collect data at cloud scale and empowers them with AI and ML to find the real threats in those signals, reducing alert fatigue by as much as 90%. By integrating directly with Cloudflare Logs we are making it easier and faster for customers to get complete visibility across their entire stack.”
“As a long time Cloudflare partner we’ve worked together to help joint customers analyze events and trends from their websites and applications to provide end-to-end visibility to improve digital experiences,” said John Coyle, Vice President of Business Development for Sumo Logic. “We’re excited to expand our partnership as part of the Cloudflare Analytics Ecosystem to provide comprehensive real-time insights for both observability and the security of mission-critical applications and services with our Cloud SIEM solution.”
“Knowing that applications perform as well in the real world as they do in the datacenter is critical to ensuring great digital experiences,” said Michael Gerstenhaber, Sr. Director of Product, Datadog. “Combining Cloudflare Logs with Datadog telemetry about application performance in a single pane of glass ensures teams will have a holistic view of their application delivery.”