Cloudflare on Tuesday announced the launch of Cloudforce One Threat Events Feed, a service designed to provide security teams with real-time threat intelligence based on the attacks observed by the company.
Built using the Cloudflare Workers AI platform, the new service is powered by the tens of millions of HTTP requests and DNS queries that Cloudflare processes every second.
The goal is to provide indicators of compromise (IoCs) and context to help security teams quickly spot issues and respond to threats.
For the time being, the Threat Events Feed covers DDoS attacks and sophisticated operations tracked by Cloudflare’s Cloudforce One Intelligence team, but in the future the service will also cover events blocked by the company’s WAF, zero trust gateway, and email security products.
The new service provides an attacker timelapse view showing information that can be personalized for the customer’s specific environment, region or industry.
According to Cloudflare, analysts can use it to “self-serve and explore incidents through customizable filters, enabling them to identify patterns and respond effectively.”
The company added, “By providing access to real-time threat data, we empower organizations to make informed decisions about their security strategies.”
The threat intelligence feed’s capabilities have been demonstrated by Cloudflare by showing how it can analyze the IPs, domains, and file hashes contained in the recently leaked BlackBasta ransomware chats.
The Threat Events Feed is available through the Cloudflare dashboard or through a dedicated API. In the future, the company plans on adding more visualisations and analytics, and making it possible to integrate the feed with third-party SIEM platforms.
Related: Cloudflare Introduces AI Security Solutions
Related: Cloudflare Tunnels Abused for Malware Delivery
Related: Cloudflare Expands Zero Trust Capabilities with Acquisition of BastionZero
About The Author
Original post here
