Try our new research platform with insights from 80,000+ expert users
Director of Platform and Information Security at Brace Software
Real User
An all-in-one solution that protects against attacks of all sizes
Pros and Cons
  • "It will take the blow rather than our applications should an attack occur."
  • "The initial onboarding was causing us some confusion."

What is our primary use case?

I'm just using the bare minimum amount of DDoS Protection out of the tier we use. We're a pretty small company, so we haven't been the target of any major DDoS attacks yet. That's why so far the basic DDoS is all we need.

If your company uses Cloudflare, then everyone in your environment inherits DDoS protection.

There is no such thing as maintaining this solution — everything is baked into it. Unless of course, you want to pay for the enterprise tier. Then maybe you could gain access to extra DDoS Protection.

How has it helped my organization?

In the case of an attack, Cloudflare provides an extra layer of security in front of our application server. It will take the blow rather than our applications should an attack occur. That's the whole idea. They protect us with this extra cushion.

What is most valuable?

We mostly use Cloudflare WAF, and gets basic Cloudflaire DDoS, caching as extra bonus . We like the factor these features are all integrated into 1 console, simple to manage. They work flawlessly in the background, nearly invisible to us. 

What needs improvement?

The initial onboarding was causing us some confusion. Who's going to do what and what steps need to be taken? Once we got through it once, it became a no-brainer. At this point, I'm pretty happy with Cloudflare. Everything is straightforward once you've figured it out initially. It's just the very first day that can be a little confusing. 

I recently sent some feedback to the company. There are thousands of rules in their WAF product, and I just wish I could have better insight. Right now, it's very superficial. You turn a radio button on or off for their rules, but when there's troubleshooting going on, it's very hard to figure out what's causing the rules to get triggered. With each rule, there may be hundreds to thousands of rules underneath it that are enabling the blocking.

Luckily for me, so far it hasn't occurred enough that it has required me to dig deep to figure out why or how to bypass it, but I could see this occurring a lot in a complex environment. It only happened to us three times, and I was always able to figure out a way to get through it. 

Buyer's Guide
Cloudflare One
December 2024
Learn what your peers think about Cloudflare One. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,547 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Cloudflare DDoS for roughly six months.

What do I think about the stability of the solution?

It's been very stable. Before we brought our server on behind Cloudflare, there was a reported outage which made us extremely concerned. However, since we've been onboarded, we have not noticed any downtime with Cloudflare. 

What do I think about the scalability of the solution?

It's extremely scalable. That's the whole reason we use Cloudflare.

How are customer service and support?

Support has been good so far. Just the initial headache of onboarding. After onboarding, there was some tuning involved. We worked closely with support to get through that. Once we got the gist of it, we didn't really require support anymore. It's become very low maintenance.

Which solution did I use previously and why did I switch?

We are using AWS — that's our infrastructure. The only thing we compared on paper was the native AWS DDoS Protection. The reason we selected Cloudflare, is because it provides us with an extra security layer in front of our applications. It has all the security features built into one platform rather than managing different pieces. With AWS-native tools, I have to select AWS Web or AWS DDoS Protection. There are individual components I have to install and manage. With Cloudflare, because it's an all-in-one platform, everything is much easier. 

What's my experience with pricing, setup cost, and licensing?

At this point, considering the size of our company and the traffic we have seen, there is no need for us to pay extra for the enterprise tier. That's our current state. Things could change; we'll have to wait and see. As our company grows and as we become more successful, it may attract more attacks.

If you were to just use a native AWS tool, it may be a little bit cheaper. But considering the headache of spending more time to figure out how to install and manage the individual pieces, cost-wise, I think Cloudflare would be the cheaper option.  

What other advice do I have?

Before implementing this solution, consider the size of the individual company: their cost budget, their budget range, and their specific needs. What are they looking for? If you're looking for an all-in-one security tool with DDoS, WAF, and rate control, all in one package for a low price, Cloudflare seems to fit pretty well. It really depends on the individual company — what their application is based on.

Take TikTok for example. TikTok has heavy traffic laws, so their security needs will be very different from my company's needs. We're low profile, we don't generate tons of traffic. So, it really depends on your environment, your budget, all of those things.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2216466 - PeerSpot reviewer
Senior Associate at a transportation company with 5,001-10,000 employees
Real User
Provides robust capabilities to protect our domain and website from potential threats and compromises and simplified configuration
Pros and Cons
  • "The capabilities of the software are strong enough for me to do what it's supposed to do. For me, we don't need to do a lot of configuration on our site. We just enable it and monitor it."
  • "The software has automated alerts, but the automated alerts are not available in the mobile app."

What is our primary use case?

We have to make sure that we are protected in our domain, our website from the public Internet because we don't want any compromise to our site.

With DDoS, we have to ensure that we are not hijacked. So that's why we want to eliminate the attacks on our infracturer. 

What is most valuable?

The capabilities of the software are strong enough for me to do what it's supposed to do. For me, we don't need to do a lot of configuration on our site. We just enable it and monitor it.

Cloudflare is good at consolidating the solution embedded into one single console, which makes it interesting for us to explore more on Cloudflare. Besides that, the CDN performance has also helped us improve the accessibility of the site to the public.

What needs improvement?

There is little room for improvement dashboard-wise. 

In future releases, I would like to see alerts. The software has automated alerts, but the automated alerts are not available in the mobile app.

Now, we have to be fast to get ready, not just from the end-user site, but we have to know first if possible.

For how long have I used the solution?

I have been using Cloudflare DDoS for almost three years. 

What do I think about the stability of the solution?

So far, we haven't received any complaints or issues from our application site. So far, we don't see any issues that are concerning. Because I am the one managing the infrastructure, the others are managed by my application team.

So, it has been a stable product for us. 

There are more than five end users in our company. So, we added a key percentage that manages the product and the system.

Which solution did I use previously and why did I switch?

When I stepped into the current company, the system was already onboarded.

We use Cloudflare WAF CDN and DDoS protection for our domain.

How was the initial setup?

The initial setup is easy and straightforward. For me, it's easy because we only need to point our DNS to Cloudflare, so we receive traffic from Cloudflare.

What other advice do I have?

I'm suggesting using Cloudflare based on our experience. This is in terms of compliance. So, it complies with the top tech standards. And configuration is easy for us. We don't need to stress it for customization or configure rules. We enable it, and it's done. We only monitor the logs and any issues. So I'm suggesting you use Cloudflare if you want to.

Overall, I would rate the solution an eight out of ten. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cloudflare One
December 2024
Learn what your peers think about Cloudflare One. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,547 professionals have used our research since 2012.
Sourabh Pardhi - PeerSpot reviewer
Senior Information Security Analyst at Everbridge
Real User
Top 5Leaderboard
An easy-to-deploy defense tool that provides a lot of good features and documentation
Pros and Cons
  • "The blocking feature is very good."
  • "The response time for support must be reduced."

What is our primary use case?

We use the solution as a web application firewall.

What is most valuable?

The blocking feature is very good. The traffic feature is also very good. The product has a lot of good features that we can use on-premises or on the cloud. I like the product very much. It is a very good defense tool.

What needs improvement?

The solution must improve support. The response time for support must be reduced.

For how long have I used the solution?

I have been using the solution for one and a half years.

What do I think about the stability of the solution?

The tool is pretty stable. I rate the stability a nine out of ten.

What do I think about the scalability of the solution?

I rate the tool’s scalability an eight out of ten. More than 40 people in my organization are using the tool.

How are customer service and support?

We get people to support us when we contact them. However, it takes them too long to respond. The first response is quick, but the follow-ups are slower.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was easy. The time taken for deployment depends on the devices we deploy, the logs we want, and the kind of product we are deploying.

What about the implementation team?

The deployment was done in-house.

What's my experience with pricing, setup cost, and licensing?

The solution is not that expensive. It is moderately priced.

What other advice do I have?

The documentation is easy to follow. The documentation is really helpful for first-time users. Overall, I rate the product a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1295343 - PeerSpot reviewer
Partenaire, CEO at a tech services company with 1-10 employees
Real User
Simple to use, but the price could be improved
Pros and Cons
  • "Cloudflare is simple to use."
  • "Our customers no longer use Cloudflare because its service is subpar."

What is most valuable?

Cloudflare is simple to use.

What needs improvement?

Cloudflare is similar to a toolbox. It's simple to handle the box, but it's a different story when it comes to handling the tools. The same is true for Amazon. That is true for all companies. The majority of them have it. They will sell you a toolbox, but you must know how to use it.

Cloudflare isn't all bad. We have customers who are getting rid of Imperva because they can't find anyone who knows anything about it. Our customers no longer use Cloudflare because its service is subpar.

There's another company, Sucuri, that has excellent customer support, but you don't buy it because you don't want to talk to customer support. Customer support is not something you want to purchase. You're supposed to buy something without requiring customer support, which is the main point.

The same goes for Fortinet. While I am not familiar with the machine, it can cost a lot of money sometimes, $300,000 for a medium-sized business. Furthermore, you will require a full-time employee in your office who is knowledgeable. Dependent on the skill level today's resources can range from 80 to 150.

What's my experience with pricing, setup cost, and licensing?

You don't want to pay. The price tag is no longer $200,000, but rather $300,000 to $400,000. It's twice.

What other advice do I have?

The industry is changing right now. There is artificial intelligence. You have blockchain, and Quantum is on the way. It's there and on its way. So there is a significant shift in that area, of cyber security.

And, on top of that, there is a global shortage of 3.5 million security experts or professionals.

You are not an expert in your first year. People believe they are experts because they have a certification or something similar. Experts do not behave in this manner. Expert in dealing with a crisis. To become an expert, you must go through many crises. However, people are now claiming to be experts simply because they can scan something.

I would rate Cloudflare DDoS a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Stefan Rusu - PeerSpot reviewer
Senior DevOps Engineer at a tech vendor with 11-50 employees
Real User
Top 5Leaderboard
Helps to secure applications from public but needs improvement in documentation
Pros and Cons
  • "Cloudflare Zero Trust Platform removes the risk of exposing the applications to the public."
  • "Cloudflare Zero Trust Platform needs to improve its documentation. It took time to do the implementation."

What is our primary use case?

We use the product to access applications that are restricted to employees only. 

How has it helped my organization?

Cloudflare Zero Trust Platform removes the risk of exposing the applications to the public. 

What needs improvement?

Cloudflare Zero Trust Platform needs to improve its documentation. It took time to do the implementation. 

For how long have I used the solution?

I have been using the product since January. 

What do I think about the stability of the solution?

I rate the solution's stability a ten out of ten. 

What do I think about the scalability of the solution?

I rate the product's scalability a ten out of ten. 

How was the initial setup?

Cloudflare Zero Trust Platform's deployment can be complex if the documentation doesn't cover the use cases. 

What's my experience with pricing, setup cost, and licensing?

Cloudflare Zero Trust Platform's pricing is good. 

What other advice do I have?

I rate the product a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
AndréAndrade - PeerSpot reviewer
Senior Cyber Security Consultant at ATOS
Vendor
Top 5
User-friendly solution with an easy initial setup process
Pros and Cons
  • "It is a stable solution."
  • "Our subscription plan for the solution has a limitation of bot signatures."

What is our primary use case?

We use the solution to protect some of the services. It helps us protect our applications and infrastructure.

What is most valuable?

The solution is user-friendly in terms of graphical interface and is easy to deploy.

What needs improvement?

Our subscription plan for the solution has a limitation of bot signatures.

What do I think about the stability of the solution?

It is a stable solution.

How was the initial setup?

It is an in-built tool in our Cloudflare infrastructure, and we use it as a DNS service. Thus, we don't necessarily have to configure it. We add it as a service, and it works great for us.

What other advice do I have?

The solution is excellent. It helped us a lot with DDoS issues. I rate it a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Anders Johansson - PeerSpot reviewer
Senior Specialist at Tieto Estonia
Real User
Provides good DDoS protection, and has excellent support
Pros and Cons
  • "Cloudflare, in my opinion, was easy to implement."
  • "The pricing is an area that can be improved. Pricing, as far as I recall, was the source of our problems."

What is our primary use case?

I am not a reseller, but an implementer. We help our customers utilize this solution.

Cloudflare Access is primarily used in government homage for DDoS protection.

What is most valuable?

We decided to use Cloudflare Access to solve a problem with DDoS protection.

It covered the things that we needed at the time.

What needs improvement?

The pricing is an area that can be improved. Pricing, as far as I recall, was the source of our problems.

For how long have I used the solution?

I have been working with Cloudflare Access for the last 12 months. I am working with a company that has many customers in different areas, and we have absolutely used Cloudflare for some of them.

I became familiar with Cloudflare Access four years ago.

What do I think about the stability of the solution?

Cloudflare Access is a stable solution.

What do I think about the scalability of the solution?

Cloudflare Access is scalable.

How are customer service and support?

I especially remember that we got great support.

I would absolutely rate the support a five out of five, they helped us a lot.

How would you rate customer service and support?

Positive

How was the initial setup?

It's been a while, but I don't recall any problems with setting it up.

At the time, it was me and two other technicians to manage this solution.

What's my experience with pricing, setup cost, and licensing?

The prices are slightly expensive.

Which other solutions did I evaluate?

I evaluate many things to educate myself in the work that I am doing.

What other advice do I have?

We have used others as well, but I think that they are pretty comparable to other solutions that are available. Cloudflare, in my opinion, was easy to implement.

It was very good, I would rate Cloudflare Access an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer2032722 - PeerSpot reviewer
Security implmentation engineer at a security firm with 51-200 employees
Real User
Top 5
A powerful and easy-to-deploy solution that provides multiple features to mitigate risks
Pros and Cons
  • "The solution has different options that can be used to differentiate DDoS attacks."
  • "The onboarding process can be improved a little bit."

What is our primary use case?

We use the product to mitigate the security risk of dynamic DDoS attacks. In these attacks, millions of requests come from millions of different IPs to get our server down. If we do not have a security solution to mitigate this risk, the service for other users will be down. The server will be down due to the huge consumption of resources.

What is most valuable?

The solution has different options that can be used to differentiate DDoS attacks. Cloudflare has a user agent, which can be used to define rules. If I do not want MacBook users to access the system, I can use the user agent to drop the traffic for MacBook users. It is very valuable. It helps me mitigate risks.

The product gives us many tools to mitigate risks. It is one of the most powerful solutions on the cloud. The documentation is good.

What needs improvement?

The onboarding process can be improved a little bit.

For how long have I used the solution?

I have been using the solution for nine months.

What do I think about the stability of the solution?

I did not face any stability issues in the past nine months.

How are customer service and support?

I recently contacted support to get more information about certain attacks. I wanted to get a full report about an incident, and they sent me all the details I needed.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is not complex at all. It is too simple.

What about the implementation team?

We just have to integrate the node IP address of AWS and change the public IP as a DNS record. Then, Cloudflare will send all the data after mitigating any risk to AWS. The deployment takes five to seven business days. We need one or two engineers for the security part of the deployment. For testing and services, we need a team.

What other advice do I have?

It is a cloud solution. We have integrated it with Amazon AWS. Sometimes we can't mitigate the DDoS attacks using AWS WAF. It doesn’t detect the attacks. AWS WAF does not have some options to differentiate the type of attacks.

I use the tool only as a DDoS solution. I just use the DDoS service to protect myself. There's no scalability for this option. Documents already exist for all the cloud solutions. I wouldn’t prefer an automated solution for integration because apps are built based on customers’ requirements. The requirements differ, so the default profile for automation can't fit all the customers. Overall, I rate the product a nine and a half or ten out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Buyer's Guide
Download our free Cloudflare One Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Cloudflare One Report and get advice and tips from experienced pros sharing their opinions.