Cloudflare Introduces User Risk Scoring to Enhance Zero Trust Network Access

Cloudflare has announced the integration of User Risk Scoring into its Cloudflare One platform, enabling organizations to make more informed decisions about user access. This feature continuously calculates a risk score for each user based on their behavior, such as login attempts, device health, and data movement. Administrators can define which behaviors are considered high-risk and adjust access policies accordingly.

Key Technical Details:

• Cloudflare's risk engine evaluates telemetry from across the SASE platform, including logs from Cloudflare Access and Gateway, as well as third-party signals from partners like CrowdStrike and SentinelOne.
• The calculation logic is deterministic, with three steps:
  1. Selection: Administrators choose which risk behaviors to enable.
  2. Aggregation: The engine identifies all risk events associated with a user.
  3. Scoring: A user's risk score is determined by the highest risk level of any enabled behavior.
• Administrators can manually reset a user's score if an incident is cleared.
• Adaptive Access policies can be created to automatically adjust access based on a user's risk score.

Practical Implications for Developers:

• Developers can now create more granular access policies based on user behavior, reducing the risk of security breaches.
• The feature provides a more dynamic and adaptive approach to access control, ensuring that access is automatically adjusted based on changing user risk scores.
• The integration with third-party signals and Cloudflare's risk engine provides a more comprehensive view of user risk, enabling more informed decision-making.