Cloudflare Inc.’s mission is to help build a better internet. Cloudflare protects and accelerates web applications without the need for additional hardware, installing software, or changing lines of code. The web properties with Cloudflare technology have all their website traffic routed through a global smart network that learns from the requests it receives. As a result, there is a significant improvement in performance and a decrease in attacks. Cloudflare made Entrepreneur magazine’s list of companies with the best corporate culture in 2018, and Fast Company listed it as one of the world’s most innovative companies in 2019. Cloudflare has its headquarters in San Francisco, California, and has offices in the Americas, Europe, Asia, and Australia.
Cloudflare is a leader in security, performance, and reliability whose mission is to help create a better internet. It has three pillars of service, application services, protection against DDoS attacks, WAF, CDN, SSL, authoritative DNS, bot management, and load balancer. It is executed from Cloudflare’s Edge Network without the need for additional application hardware or software. Cloudflare One: these are services aligned to SASE (Zero Trust) such as Cloudflare Access, Gateway, Remote Browser Isolation, and access to the applications on the cloud, SaaS, or corporate. Entire networks can be protected by using our automatic mitigation and publishing networks with BGP to deliver clean traffic using a tunnel or direct connection.
The primary industries are financial by regulatory requirements highlighting FinTech, Health, Service, and eCommerce.
- Web Application Firewall (WAF). To protect against application-based attacks (Layer 7). Cloudflare’s WAF is a high-performance solution distributed throughout our global network with 200+ PoPs, including 22 in China. Our WAF is written in a fast and powerful programming language called LUA, with extremely high-speed processing capabilities of 0.3 ms. It includes ModSecurity/OWASP rules created by Cloudflare and personalized by clients. These rules spread throughout our global network in less than 30 seconds.
- DDoS attacks. Protection against volumetric, Layer 3, 4, and 7. The advanced protection against DDoS from Cloudflare is provisioned as an Edge service and will match the sophistication and scope of the distributed threats for denial of service and can be utilized for all types and sizes of attacks, including those with UDP and ICMP protocols, as well as SYN/ACK, DNS Amplification and layer 7 attacks. All the traffic of attacks that would previously impact your server are automatically routed to Cloudflare’s Anycast Global Network. Once the traffic is diverted, we can leverage Cloudflare’s global capacity of 42 Tbps to absorb attack flood flows in our Edge Network. The most powerful known volumetric attack was 1.3 Tbps.
- In addition to static content caching, Cloudflare allows customers to write Page Rules to cache HTML content for specific pages (URI’s) directly in the administrative control panel.
- Our CDN is unique because it is built horizontally with a massively scalable architecture where every node can run DNS requests, security verifications, and performance transformations. In addition, Cloudflare utilizes Anycast to guarantee users will be routed to the nearest data center and around any glitch. The combination of this architecture and network combined produce reliable and high-performance services.
- Content Delivery Network (CDN). Cloudflare provides a global CDN with differentiated optimization capabilities: by caching static resources, accelerating dynamic content with Argo Smart Routing and its site in case of spikes or drops, with our Always Online functionality. If your server is offline for any reason, Cloudflare will provide a limited copy stored on your website and keep it online for your visitors.
- Rate Limiting. Cloudflare’s Rate Limiting blocks malicious traffic. It protects against denial-of-service attacks, brute force login attempts, and other types of abusive conduct directed at the application layer. The 42 Tbps Anycast global network from Cloudflare is 30+ times greater than the most significant DDoS attack ever registered. Being an Anycast network allows all Cloudflare network resources to collaborate in mitigating the attack.
- Argo Smart Routing. This product utilizes telemetry data from Cloudflare based on the protection of 26 million properties to provide real-time detection of network congestion and provides a faster and available traffic route through the most reliable networks, generating a reduction in the latency of requests.
- The solution also applies behavioral analysis to detect anomalies in the specific traffic of the site, rating each request as to how different it is from the baseline.
- Because not all bots are bad, this solution prevents false positives by maintaining and automatically updating the “good” bots log, such as those that belong to the search engines.
- Cloudflare Bot Management. This product applies automated mechanisms based on bot analytics. Cloudflare uses “Machine Learning” on the protected sites’ traffic with which a log is created of each request due to the probability that it was made by a bot. All your network assets will be safeguarded, whether on-premises or in public or private clouds.
- Magic Transit. Magic Transit from Cloudflare protects entire IP sub-networks from DDoS attacks and simultaneously accelerates network traffic. It utilized Cloudflare’s global network to mitigate attacks employing two fundamental networking protocols, BGP and GRE, for routing and encapsulation.
- Cloudflare Access. Zero Trust security for application access. Having control in the Cloudflare cloud protects the edge without taking communication to a central site with legacy VPN topology.
- It is achieved by using navigation policies from Cloudflare’s recursive DNS, personalized by site and managed by the client. Users will use the DNS from the closest node to the Cloudflare network, and the WARP user can force the controls.
- Cloudflare Gateway. Zero trust security for internet browsing. Cloudflare’s secure web gateway keeps your data safe from malware, ransomware, phishing, command & control, Shadow IT (non-authorized corporate systems), and other internet risks over all ports and protocols. Registers all user interactions with a high level of detail.
- Cloudflare Network Interconnect. The client can directly interconnect with Cloudflare. This feature can be found in the most important interconnection centers and in Mexico it is possible at the KIO Data Centers.