Cloudflare DDoS Reviews

I'm just using the bare minimum amount of DDoS Protection out of the tier we use. We're a pretty small company, so we haven't been the target of any major DDoS attacks yet. That's why so far the basic DDoS is all we need.

If your company uses Cloudflare, then everyone in your environment inherits DDoS protection.

There is no such thing as maintaining this solution — everything is baked into it. Unless of course, you want to pay for the enterprise tier. Then maybe you could gain access to extra DDoS Protection.

In the case of an attack, Cloudflare provides an extra layer of security in front of our application server. It will take the blow rather than our applications should an attack occur. That's the whole idea. They protect us with this extra cushion.

We mostly use Cloudflare WAF, and gets basic Cloudflaire DDoS, caching as extra bonus . We like the factor these features are all integrated into 1 console, simple to manage. They work flawlessly in the background, nearly invisible to us. 

The initial onboarding was causing us some confusion. Who's going to do what and what steps need to be taken? Once we got through it once, it became a no-brainer. At this point, I'm pretty happy with Cloudflare. Everything is straightforward once you've figured it out initially. It's just the very first day that can be a little confusing. 

I recently sent some feedback to the company. There are thousands of rules in their WAF product, and I just wish I could have better insight. Right now, it's very superficial. You turn a radio button on or off for their rules, but when there's troubleshooting going on, it's very hard to figure out what's causing the rules to get triggered. With each rule, there may be hundreds to thousands of rules underneath it that are enabling the blocking.

Luckily for me, so far it hasn't occurred enough that it has required me to dig deep to figure out why or how to bypass it, but I could see this occurring a lot in a complex environment. It only happened to us three times, and I was always able to figure out a way to get through it. 

I have been using Cloudflare DDoS for roughly six months.

It's been very stable. Before we brought our server on behind Cloudflare, there was a reported outage which made us extremely concerned. However, since we've been onboarded, we have not noticed any downtime with Cloudflare. 

It's extremely scalable. That's the whole reason we use Cloudflare.

Support has been good so far. Just the initial headache of onboarding. After onboarding, there was some tuning involved. We worked closely with support to get through that. Once we got the gist of it, we didn't really require support anymore. It's become very low maintenance.

We are using AWS — that's our infrastructure. The only thing we compared on paper was the native AWS DDoS Protection. The reason we selected Cloudflare, is because it provides us with an extra security layer in front of our applications. It has all the security features built into one platform rather than managing different pieces. With AWS-native tools, I have to select AWS Web or AWS DDoS Protection. There are individual components I have to install and manage. With Cloudflare, because it's an all-in-one platform, everything is much easier. 

At this point, considering the size of our company and the traffic we have seen, there is no need for us to pay extra for the enterprise tier. That's our current state. Things could change; we'll have to wait and see. As our company grows and as we become more successful, it may attract more attacks.

If you were to just use a native AWS tool, it may be a little bit cheaper. But considering the headache of spending more time to figure out how to install and manage the individual pieces, cost-wise, I think Cloudflare would be the cheaper option.  

Before implementing this solution, consider the size of the individual company: their cost budget, their budget range, and their specific needs. What are they looking for? If you're looking for an all-in-one security tool with DDoS, WAF, and rate control, all in one package for a low price, Cloudflare seems to fit pretty well. It really depends on the individual company — what their application is based on.

Take TikTok for example. TikTok has heavy traffic laws, so their security needs will be very different from my company's needs. We're low profile, we don't generate tons of traffic. So, it really depends on your environment, your budget, all of those things.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

Cloudflare is simple to use.

Cloudflare is similar to a toolbox. It's simple to handle the box, but it's a different story when it comes to handling the tools. The same is true for Amazon. That is true for all companies. The majority of them have it. They will sell you a toolbox, but you must know how to use it.

Cloudflare isn't all bad. We have customers who are getting rid of Imperva because they can't find anyone who knows anything about it. Our customers no longer use Cloudflare because its service is subpar.

There's another company, Sucuri, that has excellent customer support, but you don't buy it because you don't want to talk to customer support. Customer support is not something you want to purchase. You're supposed to buy something without requiring customer support, which is the main point.

The same goes for Fortinet. While I am not familiar with the machine, it can cost a lot of money sometimes, $300,000 for a medium-sized business. Furthermore, you will require a full-time employee in your office who is knowledgeable. Dependent on the skill level today's resources can range from 80 to 150.

You don't want to pay. The price tag is no longer $200,000, but rather $300,000 to $400,000. It's twice.

The industry is changing right now. There is artificial intelligence. You have blockchain, and Quantum is on the way. It's there and on its way. So there is a significant shift in that area, of cyber security.

And, on top of that, there is a global shortage of 3.5 million security experts or professionals.

You are not an expert in your first year. People believe they are experts because they have a certification or something similar. Experts do not behave in this manner. Expert in dealing with a crisis. To become an expert, you must go through many crises. However, people are now claiming to be experts simply because they can scan something.

I would rate Cloudflare DDoS a seven out of ten.

We use the product for DNS security and DDoS. 

Cloudflare DDoS is better than its competitors for its security, deployment, and scalability. 

The tool should provide on-premise versions. Currently, all versions are cloud-based. 

I have been using the solution for six months. 

Cloudflare is a customer-oriented company and offers solid support. 

Positive

The tool's deployment is complex. I rate it a three out of ten. 

I rate the tool an eight out of ten. 

Cloudflare DDoS mitigates DDoS attacks.

Cloudflare DDoS mitigates DDoS attacks mostly by distributing the attacks through their network, which means many of their PoPs will hit your servers. When you have a huge DDoS attack, Cloudflare DDoS will stop the attack after some time. Until then, it will just register the DDoS attack through their network because they have a huge network, and then all those PoPs will hit your servers.

Cloudflare DDoS has poor technical support.

I have been using Cloudflare DDoS for five years.

More than 10,000 users are using Cloudflare DDoS in our company.

I previously used F5.

The solution's pricing lacks transparency. You never know what you're paying for, and even their team sometimes cannot give you a correct answer on how they calculate something.

Overall, I rate Cloudflare DDoS a seven out of ten.