Cloudflare DDoS Protection: Overview and Analysis

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See our complete list of top DDoS vendors.

Company Description

Cloudflare’s network deals with more than 10 trillion requests per month, which is nearly 10 percent of all Internet requests for more than 2.5 billion people worldwide. Its approach is to protect and accelerate Internet applications online without adding hardware, installing software or changing a line of code. Headquartered in San Francisco, Calif., Cloudflare has offices in Austin, Texas; Champaign, Ill.; Washington, D.C.; London; and Singapore. The seven-year-old company is privately held.

Product Description

Cloudflare has an always on, cloud-based distributed denial of service (DDoS) protection system. Instead of using dedicated anti-DDoS hardware, every single machine in its global network takes part in DDoS mitigation. With over 15 Tbps of capacity, it can scale up to handle the biggest DDoS attacks.

“As attackers have realized that the old volumetric L3/L4 attacks are being dealt with effectively, they’ve moved up the stack and are going after applications at the HTTP/HTTPS level directly (L7),” said John Graham-Cumming, CTO of Cloudflare. “This has led to the need to build new filtering systems.”

Markets and Use Cases

The company serves most verticals.


The largest attack Cloudflare has seen was 600 Gbps, but it can handle 15 Tbps. Cloudflare mitigates a DDoS attack every three minutes. It sees an L3/L4 DDoS attack every six minutes, and an L7 DDoS attack every eight minutes. (An attack every six minutes is over 80,000 attacks in a year; every eight minutes is over 60,000 per year.)


Cloudflare’s DDoS solution is built around a system called Gatebot that automatically recognizes and mitigates DDoS attacks (both L3/L4 and L7). Its machine learning platform learns the behavior of IP addresses and bots, and it automatically filters bad traffic.




No agents used


Free tier $0/month; Pro $20/month; Business $200/month. Enterprise pricing on request.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis