Cloudflare's AI Moves Security from Reactive to Proactive
Alps Wang
Mar 5, 2026 · 1 views
Adaptive Access: The AI-Powered Shield
Cloudflare's introduction of User Risk Scores into their SASE platform represents a significant advancement in proactive security, moving beyond static authentication to dynamic, behavior-based access control. The ability to integrate internal telemetry from Cloudflare Access and Gateway with third-party signals from partners like CrowdStrike and SentinelOne creates a comprehensive view of user risk. This is particularly impactful as it allows organizations to define granular policies that adapt access in real-time based on a continuously calculated risk score, rather than relying on manual intervention after a potential breach. The deterministic calculation logic, coupled with the ability to reset scores after investigation, provides a structured yet flexible approach to managing user risk within a Zero Trust framework. This feature directly addresses the 'Whac-A-Mole' problem described, empowering security teams to prevent incidents before they escalate.
However, the effectiveness of this system hinges on the quality and comprehensiveness of the telemetry ingested. Organizations with fragmented security tooling or those not fully leveraging Cloudflare's ecosystem might find the internal signal generation limited. While third-party integrations are a strong point, the reliance on partner data introduces potential dependencies and integration complexities. Furthermore, the article mentions the 'highest risk level' determining the score, which could potentially lead to overly restrictive policies if a single high-risk event overshadows a long period of low-risk behavior. The future roadmap, hinting at in-session step-up MFA, is promising but its implementation and performance will be crucial. The success of this feature will also depend on the clarity of its risk scoring methodology to administrators and the ease with which they can configure and tune policies without introducing unintended access disruptions.
Key Points
- Cloudflare One now integrates User Risk Scores directly into Zero Trust Network Access (ZTNA) policies.
- User risk is calculated dynamically based on behaviors like impossible travel, failed logins, and DLP triggers, leveraging both internal Cloudflare telemetry and third-party signals.
- Adaptive Access policies can automatically adjust user access in real-time based on their risk score, moving from a static login check to continuous assessment.
- The system allows for manual reset of risk scores after investigation and integrates with identity providers like Okta via the Shared Signals Framework.
📖 Source: Stop reacting to breaches and start preventing them with User Risk Scoring
Related Articles
Comments (0)
No comments yet. Be the first to comment!