Cloudflare is hoping to help companies manage threats to their data, apps, and clouds from a single platform with the release of its Security Posture Management platform.
The new solution provides a single view for all of their technology investments so that they can understand potential threats and respond quickly.
According to the company, the average organization uses over a thousand applications, and though these tools can be beneficial to the business, they also add complexity for IT and therefore introduce risks.
“Every security team knows that you can’t secure what you don’t know is there,” said Matthew Prince, co-founder and CEO at Cloudflare. “We want to give our customers an edge by making it as simple as possible to identify critical applications and data, and stop threats quickly–with the least amount of effort. Cloudflare’s Security Posture Management helps customers safeguard their applications, acting as one of the most essential pieces to making sure their business–and the Internet–stays secure.”
Cloudflare Security Posture Management actively scans for potential misconfigurations or risks, such as externally shared files, unknown or anonymous user access, or databases with exposed credentials.
Scan results are grouped by severity, type of risk, and corresponding Cloudflare solution, and some risks will include a one-click resolution, such as setting the minimum TLS version to 1.2.
It also encourages prevention-based policies to help organizations maintain secure configuration and compliance standards to help reduce alert fatigue.
All Cloudflare customers will also now get access to Security Overview, which is a landing page that is customized for each domain that prioritizes security suggestions across all web applications.
The company is also adding seven new risk scans through its API Posture Management tool: authentication posture, sensitive data, underprotected APIs, BOLA attacks, and anomaly scanning for API performance across errors, latency, and response size.
“This new capability of API Shield helps reduce risk by identifying security issues and fixing them early, before APIs are attacked. Because APIs are typically made up of many different backend services, security teams need to pinpoint which backend service is vulnerable so that development teams may remediate the identified issues,” the company wrote in its blog post.
