The cloud provider issued an April 2026 security bulletin outlining targeted international rollouts for its security suite, including Anti‑DDoS, Cloud Firewall (agentic NDR and AI traffic analysis), WAF ATO features for overseas accounts, and new VPC firewall availability in the US (Silicon Valley). The updates, dated between Apr. 15 and Apr. 30, 2026, are intended to expand detection, response and network isolation options for global customers. For builders and security teams, the changes add new operational controls and faster incident containment in specified regions.
Anti‑DDoS and agentic NDR saw initial operational enhancements on Apr. 15 and Apr. 20. On Apr. 15, Anti‑DDoS Origin 2.0 (Subscription) gained support for Anti‑DDoS EIP assets and faster IP asset migration between Origin 2.0 instances. On Apr. 20, agentic NDR introduced detection capabilities oriented to advanced persistent threats (APT), large‑scale events and sensitive data protection, using security events, alerts and the ATT&CK matrix for both real‑time detection and post‑incident forensics.
Further agentic NDR technical features announced on Apr. 20 focus on sensitive data risk identification and enhanced tracing. Sensitive data identification now covers login behavior analysis, sensitive data inspection, high‑risk service monitoring and database behavior analysis. Tracing analysis was upgraded with full packet capture, scenario‑based retention policies and custom filtering for raw traffic retention to support detailed forensic workflows. Integration and containment improvements followed on Apr. 30, when agentic NDR received native Cloud Firewall integration to automatically issue ACLs that block attacker IPs identified in alerts. That automated blocking capability is currently available in Malaysia (Kuala Lumpur), China (Hong Kong) and Singapore, enabling quicker mitigation of detected threats within those regions.
Cloud Firewall received AI‑powered traffic analysis and several detection/response enhancements on Apr. 20. The AI analysis provides multi‑dimensional monitoring of active outbound connections to AI services — visualizing connections to external services and mapping related assets. Detection and response optimizations added TLS inspection, an Intrusion Prevention System (IPS), vulnerability protection, compromise awareness, data leak detection and protection configuration management to strengthen proactive defenses.
Network and perimeter coverage was extended on Apr. 27 with VPC firewalls becoming available in US (Silicon Valley). In that region, traffic between peered VPCs can be redirected to Cloud Firewall for access control and isolation; the capability also supports traffic between VPCs interconnected via Cloud Enterprise Network (CEN) Basic or Enterprise Edition. Separately, on Apr. 20 WAF released ATO features by merging Webpage Tamper‑proofing and Core File Monitoring, and by adding configuration file operation types and username whitelisting to better address overseas account security needs.
Operationally, the combined updates let subscription instances include EIP assets and migrate IPs between Origin 2.0 instances; provide NDR full packet capture and ACL‑based blocking to accelerate containment where available; enable AI traffic monitoring of outbound AI service connections; and permit VPC firewall redirection to isolate traffic across peered and CEN‑connected VPCs. The bulletin directs readers to Official Documentation for exact region availability and configuration details.
Sources
Replies (0)
No replies in this topic yet.
