Cloudflare has been gradually expanding its security service portfolio over the past few years. However, one key component that was missing is cloud security posture management (CSPM), a category of security tools designed to help organizations assess and understand the security status of their cloud applications and infrastructure. This gap is now being addressed with the launch of Cloudflare Security Posture Management.

Figure 1. Cloudflare Strengthens Security Portfolio with Network-Based Posture Management.

The new solution aims to assist security teams in discovering unknown assets, including cloud applications, API endpoints, and even AI-powered services. It also offers a unified dashboard that provides insights across known assets, enabling organizations to prioritize and address identified risks. Figure 1 shows Cloudflare Strengthens Security Portfolio with Network-Based Posture Management.

The new solution offers the following key capabilities:

• Real-time asset discovery and inventory across SaaS and web applications
• A unified dashboard for visibility across all technology assets
• Continuous asset-aware threat detection and risk assessment
• Protection for SaaS applications containing sensitive information
• API posture management with seven new risk scans
• Integration with email security posture management

Taking a network-first approach to posture management

Cloudflare’s security posture management solution stands apart from traditional tools, which typically rely on agents installed on endpoints or API connections to cloud environments. Instead, it leverages a network-based approach with two distinct discovery methods:

• Through reverse proxy services that protect public-facing cloud applications
• Via forward proxy capabilities through Cloudflare Zero Trust for employee traffic

As traffic flows through Cloudflare’s network—whether it’s incoming requests to an organization’s applications or outgoing employee traffic—the platform performs deep packet inspection after decryption. It automatically classifies discovered assets, such as API endpoints, login pages, checkout forms, and even AI-powered services, without the need for configuration by security teams.

Why the network has the upper hand in security posture management

Managing the security of SaaS-based applications can be especially challenging. While most SaaS vendors have already integrated various access and security controls, there’s still much that can be done at the network layer.

Tremante pointed out that, for instance, if an organization uses Microsoft 365, there are specific controls within the provided dashboard that are tailored to that particular environment. However, by focusing on the network layer, Cloudflare’s solution can offer a broader, more comprehensive view of security posture, extending beyond the limitations of individual SaaS application controls. This network-first approach allows for deeper insights and more proactive risk management across all cloud assets.

Getting ready for PCI DSS 4.0 compliance

Security posture management plays a crucial role in ensuring regulatory compliance. One significant concern for many organizations this month is ensuring they meet the requirements of version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS), which takes effect on March 31.

“As part of security posture management, we now discover all external-facing web assets loaded in web apps,” Michael explained. This capability is a key component in meeting PCI DSS 4.0 compliance standards.

Not quite a full CSPM, but that’s coming

It’s important to note that the Cloudflare Security Posture Management technology, at launch, is not a complete CSPM solution. It currently focuses on the discovery of assets already protected by Cloudflare’s network. However, the company has plans for expansion.

“This is step one, and we are definitely moving toward a full security posture management solution,” Tremante revealed. “We plan to start actively scanning assets that are not even onboarded onto the Cloudflare network.”

This expansion would position Cloudflare more directly in competition with traditional security posture management vendors, while maintaining its network-centric approach as a key differentiator.

Source: NETWORK WORLD

Cite this article:

Priyadharshini S (2025), "Cloudflare Enhances Security Offering with Network-Driven Posture Management",Anatechmaz ,pp.132