Cloudflare offers a variety of security features alongside its CDN services, always including DDoS protection and a range of pricing tiers, including a free option. All four pricing options include unmetered mitigation of DDoS attacks; the business version guarantees 24/7/365 uptime and the enterprise version does the same, plus offers an enterprise-grade mitigation of DDoS, sustained speeds via dedicated IP ranges and the services of an emergency support engineer.
Unmetered mitigation is possible because Cloudflare’s network capacity is 15x greater than in its words “the largest DDoS attack ever recorded”. At 15 Tbps of capacity, it can handle the largest volumetric attacks, including those which go after DNS infrastructure, such as the Mirai attack on Dyn in 2016, at that time the largest of its kind in history. Its Global Anycast network has 116+ data centers distributed worldwide.
Cloudflare’s network is continuously becoming “smarter” because of the shared intelligence it gathers from its customers. Its IP reputation database detects and blocks new and evolving threats across the entire Cloudflare network of 7 million properties.
It detects volumetric attacks at the edge, and protects origin infrastructure. Cloudflare identifies anomalous traffic, fingerprinting HTTP requests to prevent known and emerging botnets from entering websites via automatic mitigation rules. Rate limiting allows for a more granular level of control to block harder-to-identify application-layer attacks.
Cloudflare takes a layered security approach to DDoS, allowing it to combine multiple security offerings in one service. It allows legitimate traffic through while filtering and blocking good traffic, meaning that Internet applications stay online and APIs continue to be available and performant.
Other offerings across the tiers include a baseline firewall, DNS and caching. They also include optimized performance services, including website optimizations and smart routing. Security induced latencies can be avoided by integrating the two components together via Cloudflare.
Its headquarters are in San Francisco, and it has offices in three other American cities and three international offices. Its customers number up to 6 million worldwide and include Uber, OKCupid and the Donald Trump election campaign in 2016. They also include SpamHaus, which suffered a DDoS attack that exceeded 300 Gbit/s, which Cloudflare was able to mitigate. The company has encountered various controversies around freedom of speech and the domains it has hosted. It entered into the political conversation in August 2017 when it withdrew access to its services from white supremacist web site The Daily Stormer following the fatal car attack at the Charlottesville rally several days earlier.