Cloudflare has introduced its latest cybersecurity innovation—the Cloudforce One Threat Events Platform. This powerful tool is designed to help security teams analyze and contextualize threat intelligence data, making it more actionable.
A Game-Changer in Threat Intelligence
The Cloudforce One Threat Events Platform enables security professionals to investigate indicators of compromise (IoCs), including IP addresses, ASNs, domains, URLs, and file hashes. By providing rich contextual information, it enhances security teams’ ability to detect and respond to cyber threats.
Leveraging Cloudflare’s massive global network, which processes an average of 71 million HTTP requests and 44 million DNS queries per second, the platform offers unparalleled visibility into real-time cyber threats.
Cloudflare highlighted in its announcement that the vast amount of threat activity observed across its network would overwhelm most security operation centers (SOCs). Instead of raw data, the platform delivers curated threat intelligence, streamlining the analysis process and improving threat response capabilities.
Cutting-Edge Technical Architecture
The Cloudforce One platform is built on Cloudflare’s Developer Platform, utilizing Cloudflare Workers with SQLite-backed Durable Objects for efficient data storage. This architecture enhances performance and scalability compared to traditional database solutions.
Additionally, the platform maps threat events to the MITRE ATT&CK framework and the cyber kill chain, helping security teams understand attack methodologies with standardized contextual information.
Key Features & Strategic Benefits
Cloudforce One customers can access threat events through the Cloudflare Dashboard’s Security Center or via an API. Key features include:
- Attacker Timelapse View: Provides a strategic analysis of cyber threat trends.
- Detailed Events Table: Enables security teams to conduct in-depth tactical investigations.
- IoC Filtering by Threat Actor: For instance, intelligence from the Black Basta ransomware group’s leaked communications allowed analysts to pinpoint verified IPs, domains, and file hashes linked to the group.
Industry Recognition & Future Enhancements
Cloudflare’s new platform has already gained recognition from top industry professionals. A Fortune 20 threat intelligence team ranked it as their #1 threat intelligence source, describing it as “very much a unicorn” among 110 other evaluated sources.
Looking ahead, Cloudflare plans to expand the platform with additional capabilities, including:
- Enhanced visualizations like attacker timelines and campaign overviews.
- Integration with SIEM platforms for seamless cross-system indicator sharing.
By providing deep contextual insights rather than isolated threat indicators, the Cloudforce One Threat Events Platform is a major step forward in operational threat intelligence, enabling security teams to respond faster and more effectively to emerging cyber threats.
