Professional Documents
Culture Documents
Cloudflare Zero Trust Product Brief
Cloudflare Zero Trust Product Brief
VPN replacement
simplify and secure
connecting any user
Internet Apps to any resource
Secure Internet
access gateway
Internet protection
keep your data safe
from threats over any
SaaS Browser port and protocol
security isolation
Self-Hosted Apps SaaS security
Any User
Cloud email Data loss
visibility and control of
security prevention* applications including email
Security modernization
All edge services on improved productivity,
one network with simpler operations,
one control plane SaaS Apps reduced attack surface
*Join our DLP waitlist
Business benefits
Reduce excessive trust Eliminate complexity Restore visibility
Protect apps with identity and Reduce reliance on legacy point Comprehensive logs for DNS, HTTP,
context-based Zero Trust rules. products and apply standard security SSH, network, and Shadow IT activity.
Block ransomware, phishing and other controls to all traffic — regardless of Monitor user activity across all apps.
online threats. Isolate endpoints from how that connection starts or where in Send logs to multiple of your preferred
risks by executing untrusted web code the network stack it lives. cloud storage and analytics tools.
far away from devices.
How it works
Clientless
Verify every login and request
deployment
for web-, SSH- or
User WHAT HOW
Resource VNC-based
self-hosted apps
Verify accessible via a
wireguard identity Cloudflare
tunnel (multi-SSO) Firewall protected Tunnel Self-hosted apps browser.
private routing
Client
on device Deploy with
Verify
device Internal IPs and Cloudflare’s
posture DDoS protected
reverse proxy hostnames device client
to connect to
Check internal IPs,
Clientless contextual hostnames and
HTTPS In-browser Identity
factors SaaS apps
terminal proxy non-web apps.
How it works
Block ransomware sites and domains Filter known and ‘new’ / ‘newly seen’ Implement data loss prevention (DLP)
based on our global network phishing domains. Isolate browsing to with file type controls that can stop
intelligence. Isolate browsing on risky stop harmful payloads from executing users from uploading files to sites.
sites to bolster protection. locally. Stop submission of sensitive
Deploy Zero Trust browsing to control
information on suspicious phishing
Combine SWG filtering and RBI with and protect the data that lives within
sites via RBI’s keyboard input controls.
default-deny, ZTNA to mitigate the risk web-based apps. Control user actions
of ransomware infection spreading Plus, coming soon, admins will be able within the browser – like download,
laterally and escalating privileges to activate email filtering with a single upload, copy-paste, keyboard input,
across your network. click – powered by Area 1. and printing functionalities.
Streamline SaaS security for more visibility and control, with less overhead
Challenge: SaaS app proliferation Cloud Access Security Broker (CASB)
Modern workforces rely on SaaS applications now more Cloudflare's CASB service gives comprehensive visibility
than ever. But SaaS apps are each configured differently, and control over SaaS apps, so you can easily prevent data
require different security considerations, and operate leaks and compliance violations.
outside the safeguards of the traditional perimeter.
Block insider threats, risky data sharing, and bad actors.
As organizations adopt dozens and even hundreds of SaaS Log every HTTP request to reveal unsanctioned SaaS
apps, it comes increasingly challenging to maintain applications. Scan SaaS apps to detect misconfigurations
consistent security, visibility, and performance. and suspicious activity.
How it works
via proxy via API
User SaaS App
As an inline CASB
place ZTNA, SWG,
and RBI controls in
front of your SaaS
apps at no
additional cost.
With API
integration,
scan SaaS apps for
vulnerabilities to
protect data at rest.
Apply tenant and data Mitigate and control Identify new threats
protection controls Shadow IT and misconfigurations
Apply tenant control through HTTP Minimize the risks introduced by Connect to popular SaaS apps (Google
gateway policies to prevent users from unapproved SaaS applications. Workspace, Microsoft 365, etc.) via API
accessing and storing data in the and scan for risks.
Cloudflare aggregates and
wrong versions of popular SaaS apps,
automatically categorizes all HTTP Empower your IT and security teams
either inadvertently or maliciously.
requests in our activity log by with visibility into permissions,
Control user actions (e.g. copy/paste, application type. Administrators can misconfigurations, improper access,
downloads, printing, etc.) within then set the status and track the usage and control issues that could leave
web-based SaaS applications to of both approved and unapproved their data and employees at risk.
minimize the risk of data loss. apps across your organization.
Email makes everyone an insider, even people Through never trusting a sender, all user traffic including email is
outside your organization like your vendors, verified, filtered, inspected, and isolated from Internet threats. Area 1
partners, and customers. helps customers to stop advanced threats, adopt a proactive security
posture, and reduce phishing incident response times by 90%.
Bottom line: There is too much implicit trust in
email, and attackers exploit this by spoofing Email security will be integrated across our Zero Trust services, in
common business workflows (e.g. password reset, powerful combination with RBI, CASB, and more. For example, are you
file-sharing notifications) or trusted entities (e.g. skeptical about a link in an email, but don’t want to block it outright?
CEO, a vendor / partner sending invoices). Render it in an isolated browser and block text input just in case.
How it works: Zero Trust for all internal & external network, web & email traffic