Cloudflare Reviews

Since I'm managing security tools and focusing on email security, Cloudflare mainly helps me take care of DNS records that are related to email security, such as SPF, DMARC, and DKIM. That's the main scope of my interest there. I'm monitoring those records, checking if somebody has altered them, and gathering evidence if needed to warn them not to do that anymore.

Cloudflare is a great product with many useful features. A colleague of mine is leveraging the API to get all the records periodically. We're gathering them to review if everything is set up properly without the need for manual review. I appreciate the additional details about the statistics since the DKIM enablement process requires visibility over whether the DKIM keys are being used and if there were any queries against them. The statistics part lets me briefly validate if the DKIM record is in use because over time, the records stop being used and aren't cleaned up because nobody requested that.

The reporting and auditing tools are important in the use cases I mentioned earlier. There are many features I do not configure but know exist, such as web access firewall to set up accesses to certain DNS records. We were also using the Workers part of Cloudflare to share data from Cloudflare to an external app called Salt, which helped us understand where our API endpoints are in our estate. Based on that, we got information about endpoint locations and unusual API queries.

It simplifies management because you can create domain groups and associate them to countries, allowing them to manage them independently. It helps me understand which country might be responsible for specific domains. It's a great product because it's scalable, has great coverage, and is mature with good defenses against DDoS attacks.

I'm not directly configuring the WAF in Cloudflare because another team manages that, but I see they are adding more features to it, which is making us more secure.

Regarding DNS services in Cloudflare, I believe they are good, but I would consider doing some testing from external places to measure response time and compare performance.

I'm not sure if we are using the load balancing capabilities in Cloudflare on a larger scale. We are using the proxy capability, which I forgot to mention earlier. Most of our DNS records that are presented to the internet are proxied whenever possible, providing another layer of defense from our perspective.

I only implement the DNS for customers, mainly focusing on the government in Mexico and online platforms in fintech. My customers tell me the DNS is very fast.

It is a fast and secure DNS. It is very easy to deploy, and my customers are happy with this tool. Additionally, the CDN performance in Mexico is excellent, providing fast service and tools. It offers reliability during high-traffic periods, ensuring no impact on the environment. It helps my clients avoid using on-premise boxes, simplifying operations as they only use the prices on Cloudflare.

In Cloudflare, we utilize their DNS and DDoS protection services. All incoming traffic to our server passes through the Cloudflare network. However, we face challenges when it comes to handling legitimate DDoS attacks. These attacks are well-crafted and mimic genuine requests to our publicly facing web pages. Despite Cloudflare's scoring mechanism, there are concerns about the effectiveness in blocking such attacks, as the traffic still reaches our infrastructure directly. Cloudflare recently introduced a new solution for Captcha, but enabling it poses challenges. Some customers are unhappy with Captcha, and modern AI-based DDoS tools can even bypass Captcha, further complicating the situation.

For the free and Pro plans, they could use a simple bot to provide information to users. This would improve support, especially for less advanced users who utilize the free components.

I use Cloudflare for legacy websites that I need to protect because they're very vulnerable or to secure a client's critical websites. We will implement it after a review or if the website has gotten a poor grade on one of those online checks to see if the security meets the minimum requirements. 

Usually, after I show them their website is vulnerable, I get them to sign up immediately. For me, it's more of a delta suspender as a security measure. I find that many web developers do a poor job of updating their websites and keeping all the security modules.

Cloudflare has a server, and you point your DNS there. From there, you either enable the passthrough or use their full proxy. When you use their full proxy, you get all the features. If you're only doing the DNS, it's just a basic DNS server. Most people don't use it just for DNS; they use it for proxying their websites. You can proxy other services as well, but I've only used it for web applications on different ports.

Many websites require an SSL certificate because they sell stuff and want SSL. Cloudflare comes with an SSL certificate built in. It's automatic. You sign yourself up for Cloudflare, and an SSL certificate automatically protects your website. If you have a connection between your website and your host, the server, Cloudflare, and the host, you don't necessarily need a certificate, okay?

In my company, Cloudflare's PoC phase is going on, and so it is not an active contract we have had with them, but just basic experience is what I have with DDoS protection. I basically use Cloudflare for DDoS protection. My company recently tested the tool for its DDoS protection capabilities.

In terms of the tool's advantages, I would say that it can be highly automated and is very quick when it comes to propagation. The tool is user-friendly. The product's reporting capabilities are great. We need to do a bit of customization in the tool, but most of it is automated. The tool has a lot of artificial intelligence and machine learning. The solution has been able to compare it to the market, and I think the product has taken great strides in automating quite a bit of things, and they use a lot of AI.

We subscribed to Cloudflare for cloud-based services, and we are planning to explore its additional features as it aligns with our organizational needs.

The features of Cloudflare were found to be more beneficial and led to the decision to utilize it over other options. However, I am not completely aware of all the specific features, but Cloudflare was chosen for its feature advantage.