Cloudflare recently announced that the threat operations and research team Cloudforce One began conducting briefings and is now generally available. Available as an add-on subscription, Cloudforce One includes threat data and briefings, security tools, and the ability to make requests for information (RFIs) to the team.
The new security team comprises analysts covering five different areas: malware analysis, threat analysis, active mitigation and countermeasures, intelligence analysis, and intelligence sharing. Enterprise customers can subscribe to receive one-on-one live briefings, submit periodic inquiries for follow-up, and obtain early access to threat research.
Patrick R. Donahue, VP product at Cloudflare, and Blake Darché, lead of threat intelligence at Cloudflare, write:
Included with a Cloudforce One subscription is the ability to make RFIs to these experts. RFIs can be on any security topic of interest, and will be analyzed and responded to in a timely manner. For example, the Cloudforce One Malware Analysis team can accept uploads of possible malware and provide a technical analysis of the submitted resource. Each plan level comes with a fixed number of RFIs, and additional requests can be added.
As part of the announcement, new capabilities are now available within the Cloudflare Security Center, including access to historical threat data via API and threat pivoting features. Matthew Prince, co-founder and CEO of Cloudflare, tweets:
The Twilio hacker? Cloudforce One tracked him down and had pictures of him (and his mom) hours after the hack. Want that ability yourself: reach out!
Dane Knecht, senior vice president for emerging technology and incubation at Cloudflare, focuses on the results from the acquisition of the cybersecurity company Area1 earlier this year:
Cloudflare doesn't make many acquisitions but when we do, a common thread is a deep belief in the technology and team. Area1 has already helped improve threat intelligence in all products, build out Cloudforce One, integrate with previous RBI acquisitions and just getting started.
Source: https://blog.cloudflare.com/cloudforce-one-is-now-ga/
Among the security tools included in the subscription, the Threat Investigation Portal, for querying current and historical threat data, Brand Protection, to register keywords or assets, and Sinkholes, to monitor hosts infected with malware.
Without providing concrete numbers, Donahue and Darché explain the pricing model:
Subscriptions come in two packages, and are priced based on number of employees: "Premier" includes our full history of threat data, bundled RFIs, and an API quota designed to support integrations with SIEMs. "Core" level includes reduced history and quotas. Both packages include access to all available security tools, including a threat investigation portal and sinkholes-as-a-service.
A form is available to request access to the service.