Today we’re announcing support for malware detection and prevention directly from the Cloudflare edge, giving Gateway users an additional line of defense against security threats.
Cloudflare Gateway protects employees and data from threats on the Internet, and it does so without sacrificing performance for security. Instead of backhauling traffic to a central location, Gateway customers connect to one of Cloudflare’s data centers in 200 cities around the world where our network can apply content and security policies to protect their Internet-bound traffic.
Last year, Gateway expanded from a secure DNS filtering solution to a full Secure Web Gateway capable of protecting every user’s HTTP traffic as well. This enables admins to detect and block not only threats at the DNS layer, but malicious URLs and undesired file types as well. Moreover, admins now have the ability to create high-impact, company-wide policies that protect all users with one click, or they can create more granular rules based on user identity.
Earlier this month, we launched application policies in Cloudflare Gateway to make it easier for administrators to block specific web applications. With this feature, administrators can block those applications commonly used to distribute malware, such as public cloud file storage.
These features in Gateway enable a layered approach to security. With Gateway’s DNS filtering, customers are protected from threats that abuse the DNS protocol for the purposes of communicating with a C2 server, downloading an implant payload, or exfiltrating corporate data. DNS filtering applies to all applications generating DNS queries, and HTTP traffic inspection complements that by going deep on threats that users might encounter as they navigate the Internet.
Today, we are excited to announce another layer of defense with the addition of antivirus protection in Cloudflare Gateway. Now administrators can block malware and other malicious files from being downloaded onto corporate devices as they pass through Cloudflare’s edge for file inspection.
Stopping malware distribution
Protecting corporate infrastructure and devices from becoming infected with malware in the first place is one of the top priorities for IT admins. Malware can wreak a wide range of havoc: business operations may be crippled by ransomware, sensitive data may be exfiltrated by spyware, or local CPU resources may be siphoned for financial gain by cryptojacking malware.
In order to compromise a network, malicious actors commonly attempt to distribute malware through an email attachment or malicious link sent via email. More recently, in order to evade email security, threat actors are beginning to leverage other communication channels, such as SMS, voice, and support ticket software for malware distribution.
Defense in Depth
No single tool or approach provides perfect security, necessitating a layered defense against threats that make their way past these different tools. Not all threats are previously known to threat researchers, requiring admins to fall back on additional inspection tools once a user successfully connects to a site containing potentially malicious content.
Highly sophisticated threats may make their way into a user’s network and the primary task for security teams is to quickly determine the scope of the attack against their organization. In these worst case scenarios, where a user accesses a domain, website, or file that is deemed malicious, the last line of defense for a security team is achieving a clear understanding of the source of the attack against their organization and what resources were affected.
Announcing File Scanning
Today, with Cloudflare Gateway, you can augment your endpoint protection and prevent malicious files from being downloaded onto employee devices. Gateway will scan files inbound from the Internet as they pass through the Cloudflare edge at the nearest data center. Cloudflare manages this layer of defense for customers the same as it manages intelligence used for DNS and HTTP traffic filtering, freeing admins from purchasing additional antivirus licenses or worrying about keeping virus definitions up to date.
