Share your experience using CacheFly

Since I'm managing security tools and focusing on email security, Cloudflare mainly helps me take care of DNS records that are related to email security, such as SPF, DMARC, and DKIM. That's the main scope of my interest there. I'm monitoring those records, checking if somebody has altered them, and gathering evidence if needed to warn them not to do that anymore.

Cloudflare is a great product with many useful features. A colleague of mine is leveraging the API to get all the records periodically. We're gathering them to review if everything is set up properly without the need for manual review. I appreciate the additional details about the statistics since the DKIM enablement process requires visibility over whether the DKIM keys are being used and if there were any queries against them. The statistics part lets me briefly validate if the DKIM record is in use because over time, the records stop being used and aren't cleaned up because nobody requested that.

The reporting and auditing tools are important in the use cases I mentioned earlier. There are many features I do not configure but know exist, such as web access firewall to set up accesses to certain DNS records. We were also using the Workers part of Cloudflare to share data from Cloudflare to an external app called Salt, which helped us understand where our API endpoints are in our estate. Based on that, we got information about endpoint locations and unusual API queries.

It simplifies management because you can create domain groups and associate them to countries, allowing them to manage them independently. It helps me understand which country might be responsible for specific domains. It's a great product because it's scalable, has great coverage, and is mature with good defenses against DDoS attacks.

I'm not directly configuring the WAF in Cloudflare because another team manages that, but I see they are adding more features to it, which is making us more secure.

Regarding DNS services in Cloudflare, I believe they are good, but I would consider doing some testing from external places to measure response time and compare performance.

I'm not sure if we are using the load balancing capabilities in Cloudflare on a larger scale. We are using the proxy capability, which I forgot to mention earlier. Most of our DNS records that are presented to the internet are proxied whenever possible, providing another layer of defense from our perspective.

It's challenging to comment on specific features I would want to see included in the next Cloudflare releases because I haven't investigated many existing features. I think many capabilities are already there. A feature I would appreciate is some kind of protection for modifying different types of entries. For example, protection against creating duplicated DMARC entries would be beneficial, along with setting permissions to restrict modification of DMARC or SPF records.

From a management perspective, this would be valuable because while DNS teams add records, in larger enterprises I've noticed that requests going through the ticketing system get implemented as requested, even when users don't always know how to do it properly. They submit unjustified and improper requests that get implemented because someone followed the ticket instructions. Eventually, things go sideways and require fixes when it would have been easier to prevent the issue initially.

I haven't investigated the analytics and insights into user interaction or security vulnerabilities in Cloudflare much further beyond the basic statistics regarding DNS record requests. I'm using the basic API to see if the record was used or not, when it was recently used, and what the usage was over the last week or month period. This helps me understand if the record is still being used or if we can remove it.

Cloudflare is the only solution I've worked with here for DNS and DDoS protection. I do not recall any other tools that we have for these purposes.

Pricing, setup cost, and licensing cost for Cloudflare are totally not in my scope so I do not know the costs. I only know that there are two tiers of WAF, and we are using the basic, cheaper one rather than the more advanced version. There is some differentiation where some features are available on a general basis, but others require additional licensing.

I would advise users looking into implementing Cloudflare in their environment to understand the features before implementing it so they can use all of its potential. On a scale of 1-10, I rate Cloudflare a 9 out of 10.

Usually, I work with web DDoS Protection on the website.

DDoS protection of web requests on the website is the most common use case.

Companies that are working through the site, selling through the site, and so forth.

The most valuable feature of Imperva DDoS is to make our website available for our customers' requests 24 hours a day. This feature may be the most interesting for the financial sector, for banks.

Over the seven years, the most valuable features of Imperva DDoS that I have found are related to DDoS attacks, which are a group of attacks, and not all of them can be resolved on the endpoint level before the website. Using the web firewall before the website is a common use case to protect against malicious requests to the website.

I have utilized Imperva's Intelligent Traffic Filtering feature. This feature helps me understand how the attack is progressing and what is happening inside the requests to our website. It allows me to granularly grant or deny access to certain parts of our website. This helps when we know our customers and the types of requests that can be sent from them, enabling us to block some malicious requests.

Imperva DDoS has User Behavior Analytics and Threat Intelligence on its board, and this helps us to be protected proactively. Imperva DDoS connects to its database of threats, storing whole information about attacks all over the world in one simple engine. Everyone can use this feature, which can connect to this engine and get information about what is going on at the world level. That is the way to be protected at the company's level.

The integration capabilities of Imperva DDoS are very easy and simple. We can run it in 2 hours.

I would like to see improvements in the pooling of threats and attacks, possibly to enlarge the scale of indicators of compromise. For example, the initiation of an attack on the endpoint level could be combined into a big denial of service. Maybe Imperva DDoS could use endpoints to get information about the attacks before they commence from the endpoint level or establish cooperation with endpoint vendors to share this information.

I have been working with Imperva DDoS for about 7 years.

The stability of Imperva DDoS is very good, as it seems they have a lot of servers around the world.

The scalability of Imperva DDoS is very easy to manage. 99% of customers are using the cloud version of Imperva DDoS protection, so they just purchase the new license and scale as needed.

A popular use case for scalability challenges is when customers want to move from on-premise infrastructure to the cloud, having a transmission period where they use both a copy of infrastructure in the cloud and the current infrastructure in the on-premise offices. This means they need to use double capabilities to protect both connections to the cloud and to the on-premise part of the whole infrastructure. During this period, customers can buy a subscription with double the scale of the needed throughput of protection.

I have interacted with the technical support of Imperva DDoS, and it is very easy. They are very professional, and communication goes through the technical support site. It's quite easy to register a support case and track the solution of your support ticket.

I would rate the technical support of Imperva DDoS as ten.

Before Imperva DDoS, I used a different solution that was Unix-based and not commercial versions of products.

I switched from the previous solution to Imperva DDoS because we started to integrate the products, and we saw that the capabilities were much greater than what we used to have. We also had a technical engineer on board who can manage these solutions easily and has a deep understanding of what is happening with our websites during attacks.

The initial setup and deployment of Imperva DDoS was quite easy. Customers just needed to provide the public IP address or the public name of their site, and we gave this information to Imperva DDoS to protect those sites. After the system is working, our technical engineer usually connects to configure some threat protection, role-based access control capabilities, reporting, and other minor configurations.

I work as an integrator.

I have calculated return on investment with Imperva DDoS, particularly in the financial sector with bank accounts, where the calculation is straightforward. Banks usually calculate their loss when they are not working. They know how much money they are losing while the system is down, so by increasing the possibility of not having a down website or web application, return on investment can be calculated easily.

The pricing, setup costs, and licensing of Imperva DDoS are reasonable for the amount of technical capabilities provided.

I would rate the pricing of Imperva DDoS as five, where one is very cheap and ten is very expensive.

I evaluated other options and vendors before choosing Imperva DDoS. We considered Akamai, but it was too expensive for us.

I don't remember the last version of Imperva DDoS I am currently working with.

When customers change their DDoS protection to Imperva DDoS or integrate Imperva DDoS as a new single DDoS protection product, they achieve full satisfaction with international standards like PCI DSS and GDPR. This is a seamless integration with international standards.

I don't see any improvements needed for Imperva DDoS, because it is a very niche product with niche capabilities. It's not a technical thing, because it is continuously approved. Some features appear, but it's more about small improvements. The attacks Imperva DDoS is constructed to protect against are very well-known, and the solution is effective in protecting against them. The system can protect against even zero-day attacks.

We get Imperva DDoS free as part of an MSSP approach, but for our customers, the average deal size for one year could be around 10,000 dollars.

On a scale from one to ten, I rate Imperva DDoS a nine.