CloudFlare Supplies Security At Network's Edge - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Software as a Service
09:05 AM
Connect Directly

CloudFlare Supplies Security At Network's Edge

CloudFlare is a startup that has invested in security-as-a-service, and distributes it with a low latency to the edge of the network. Microsoft, Google, and others have taken notice.

How Contextual Awareness Is Redefining Business Intelligence
How Contextual Awareness Is Redefining Business Intelligence
(Click image for larger view and slideshow.)

CloudFlare is a new kind of security-as-a-service company that promises not only to offer a comprehensive level of attack-pattern recognition, but also to deliver that ability from 70 locations around the world.

In other words, it is not only a cloud service but a service at a scale that's able to reach a global customer base with little latency.

Becoming one that is both isn't necessarily easy.

CloudFlare has had not only to invest in its protection system and its ability to automatically identify, capture the pattern of, and counter an attack, but also to disperse that knowledge quickly over a network that looks something like an Akamai or Amazon CloudFront content-delivery network. Both of those are extensive CDNs with servers strategically placed close to large populations of users.

"We're equivalent to CloudFront, Amazon's Edge product, but we're built to have more flexibility," said Matthew Prince, cofounder and CEO of CloudFlare in San Francisco.

Prince was literally moving between 665 Third Street and 101 Townsend Street, CloudFlare's new home, when InformationWeek caught up with him in the South of Market section of the city, not far from where the Giants baseball team plays at AT&T Stadium.

CloudFlare's building is still a work in progress -- a former warehouse converted to offices a long time ago but still needing a lot of modernization and some finishing touches. The move was delayed by the need to get the building rezoned for offices.

(Image: kirstypargeter/iStockphoto)

(Image: kirstypargeter/iStockphoto)

CloudFlare connects its data centers with high-speed protocols that take advantage of both the Internet and private lines. To make the service work, the company has established its own DNS network so that a customer's network traffic can be automatically rerouted through the CloudFlare inspection process, and then returned to its final destination without adding significant time to the process.

"When we started, we wanted to be sure we didn't add latency. Everyone had told us, 'You will slow things down,' and they wouldn't be interested," Prince recalled.

As a result, CloudFlare can spot a distributed denial of service attack on a customer website and stop it as the first messages arrive. It can check on whether SSL certificates are up to date and weed out invalid ones.

When the Heartbleed vulnerability in the DNS naming system was revealed to the public on April 7, 2014, CloudFlare had already learned of it and updated its Domain Name System so that its servers were protected from it. That also meant that the two million websites and Web properties that used CloudFlare's service were also protected.

"The scale of what we're doing is hard to comprehend. Ten million requests a second flow through our network. Two billion individuals are passing through on a monthly basis," Prince said.

The scale exposes CloudFlare to the latest malware and attack activity on the Internet and allows it to constantly update its attack database. "The system as a whole functions something like a neighborhood watch. If Goldman Sachs is attacked, we learn about the attacker. When the same attack is launched against '', we have already seen it and can stop it," he said.

The service "acts as an immune system" for a large and complex organism. An attack on one part becomes the knowledge of all parts, which can then be used in their defense, he added.

[Want to learn more about Amazon's CloudFront CDN service? See Amazon CloudFront CDN: Goodbye 404 Messages.]

Prince thinks CloudFlare, with its customer-facing DNS system, attack-pattern recognition, and network of data centers, is well positioned to offer additional services on top of its security service, such as load balancing or even content delivery. It started with five data centers in Chicago, San Jose, Ashburn, Va., Amsterdam, and Tokyo. Now it has ten locations in the US and Canada, seventeen across China, and three in India, among other places.

CloudFlare has 240 employees. It has been profitable for the past 18 months and has raised a total of $180 million in venture capital funding. Microsoft, Google, Baidu, and Qualcomm are among its investors.

CloudFlare has a closer relationship with Google Cloud Platform and Microsoft Azure than with AWS. In the former two cases, customers don't have to pay the cloud provider if their data comes out of the cloud, passes through the CloudFlare inspection, and is then returned. Normally there are egress fees.

Gartner predicts security-as-a-service will grow to a $4.1 billion market by 2017.

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/9/2015 | 8:41:56 PM
Cloudflare, the criminal's choice
Cloudflare is also pretty well known for shielding criminals, booters, and even ISIS.   

I've tried to work with them over a copyright infringement site they were shielding and got nowhere.

 "CloudFlare, a content delivery network that provides free "Universal SSL" to its customers, is a hotspot for deceptive certificates, accounting for 40% of SSL certificates used by phishing attacks with deceptive domain names during August 2015."


(from Netcraft)


The booter services are proliferating thanks mainly to free services offered by CloudFlare, a content distribution network that offers gratis DDoS protection for virtually all of the booter services currently online. That includes the Lizardstresser, the attack service launched by the same Lizard Squad (a.k.a. Loser Squad) criminals whose assaults knocked the Microsoft Xbox and Sony Playstation networks offline on Christmas Day 2014.

The sad truth is that most booter services probably would not be able to remain in business without CloudFlare's free service....

 (from KrebsOnSecurity)
Charlie Babcock
Charlie Babcock,
User Rank: Author
11/9/2015 | 6:54:34 PM
CloudFlare illustrates a new type of online business
In one sense, CloudFlare is just another content distribution system. In another, it's a highly specialized CDN that can selectively and flexibly branch out into additional services of its own choosing, now that it has a CDN-like network. This is a slightly different cloud business from what's gone before. 
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll