Cloudflare has launched a revamped Security Overview dashboard that transforms raw security data into prioritized, actionable insights. The centerpiece is Security Action Items, which surfaces vulnerabilities ranked by criticality (Critical, Moderate, Low) and links directly into Security Analytics with pre-applied filters to eliminate context-switching. A Detection Tools module shows the live status of the entire Cloudflare security stack, flagging configuration gaps like tools left in 'Log Only' mode. Under the hood, the system generates over 10 million insights daily using specialized microservice 'checkers' that run on two modes: scheduled deep-inspection scans and real-time event handlers that flag misconfigurations instantly. A key feature is Contextual Insights for DNS, which identifies dangling A/AAAA/CNAME records by probing destinations in real-time, correlates them with 7-day DNS query volume from ClickHouse clusters, identifies the infrastructure owner via ASN/geolocation data, and surfaces TTL lag time. The engine scans 100+ million DNS records weekly and found over 1 million dangling records recently, with 95% of dangling CNAMEs pointing to Microsoft Azure services, flagging high subdomain takeover risk.
Table of contents
From noise to action: rethinking the security overviewHow we built our new security overview dashboardLooking forwardSort: