Advanced Security and Compliance

The Advanced Security and Compliance add-on for Sitefinity Cloud enhances the overall security posture of Sitefinity Cloud customers. It includes additional features that enable users to have access to non-sampled HTTP logs imported from Cloudflare (containing detailed information per HTTP request). It also includes up to 5 years log retention period for HTTP and Application logs. Optionally, log push to third-party systems can be configured. 
Another powerful feature is Cloudflare bot management - designed to detect, mitigate, and manage malicious bot traffic in real time, while allowing legitimate automated traffic to function normally. It helps protect websites and web applications from various threats posed by bots.
The benefits of using these advanced features are described below.

All HTTP requests for the application are imported into the Log Analytics workspace for the Sitefinity Cloud project, where they are made available for querying, containing a detailed and comprehensive record of website traffic. This ensures that auditing, compliance, and data retention requirements can be met, providing transparency and accountability for all HTTP traffic. Additionally, custom SIEM rules are created in Azure Sentinel to automatically analyze Cloudflare HTTP logs. These rules help detect anomalies, flag potential security threats, and trigger alerts for suspicious activity, providing an additional layer of proactive security monitoring and incident response.

The standard log retention in Sitefinity Cloud allows logs to be stored for 90 days and accessed directly via the Log Analytics workspace. This option is ideal for real-time monitoring and analysis but is not suitable for compliance needs for long-term retention. 
With the Advanced Security and Compliance add-on, the log retention is extended to up to 5 years. Immediate access to logs is not provided beyond 90 days, because they are archived. Sitefinity Cloud customers must request access to archived logs through Progress Support, and once processed, the logs are made available for querying in a Log Analytics workspace table.

The log push option allows you to automatically forward all logs stored in the Log Analytics workspace for you Sitefinity Cloud project to third-party log storage providers. This feature enables seamless log delivery, empowering customers to centralize their log management within their preferred infrastructure for long-term storage, advanced analysis, or integration with existing tools.

NOTE: This is a custom solution that requires additional preparation and configuration. Allow time for assessment to ensure seamless integration with the chosen third-party log storage provider. This includes evaluating the customer’s specific requirements, verifying compatibility with supported providers, and configuring the log delivery. Sitefinity Cloud engineering team will collaborate with customers during this process to ensure proper setup and optimal performance. 

This powerful feature helps protect your web applications from automated threats, ensuring better security and reliability and having a positive influence on performance. It detects, mitigates, and manages bot traffic in real time. By leveraging machine learning, behavioral analysis, and threat intelligence, it can effectively differentiate between legitimate users and harmful automated traffic. Bot management also amplifies DDoS protection by reducing the risk of overwhelming traffic from bot-driven attacks, and detects headless browsers and other malicious fingerprints.
Custom rules can be configured based on bot score to automatically block or rate limit harmful bots.