Prevent Customer Data Breach

Protect applications from attacks resulting in sensitive customer data compromise

A data compromise can result in the leak of sensitive customer information, such as credit cards, passwords, and other personally identifiable information (PII), from an application's data store. Attackers often use several attack vectors when attempting to compromise customer data, such as DNS spoofing, snooping of data in transit, brute force login attempts, or malicious payload exploits.

The global cost of a data breach on average, per lost or stolen record, is $141 in 2017, and the average total cost of a data breach in the US is $3.62 million. With heightened scrutiny by governments and media, companies are facing severe repercussions from even the smallest data compromise. Business impacts include lost customers and revenues, degraded trust, damaged brand, or regulatory penalties.

Websites and applications require the resilience and intelligence of a scalable network to combat the most sophisticated and newest attacks. Protecting against threats should not degrade performance caused by security induced latencies, and security services must be easy to configure to eliminate misconfigurations, which introduce new vulnerabilities.

Shared Network Intelligence

With every new Internet property, Cloudflare’s network becomes smarter. Cloudflare’s IP reputation database identifies and blocks new and evolving threats across all 8,000,000 properties on the network.

Layered Security Defense

Reduce the risk of data compromise through a layered security defense against multiple attack vectors using DNSSEC, SSL/TLS encryption, web application firewall (WAF), and rate limiting.

No Performance Tradeoffs

Eliminate security related performance trade-offs by integrating with Cloudflare’s included Performance Services, including CDN, smart routing, website optimizations, and the latest web standards.

Common Data Breach Types and Prevention

DNS spoofing diagram

DNS Spoofing

A compromised DNS record, or “poisoned cache”, can return a malicious answer from the DNS server, sending an unsuspecting visitor to an attacker's website. This enables attackers to steal user credentials and take ownership of legitimate accounts.

Cloudflare Solution

DNSSEC verifies DNS records using cryptographic signatures. By checking the signature associated with a record, DNS resolvers can verify that the requested information comes from its authoritative name server and not a man-in-the-middle attacker.

Snooping Data diagram

Snooping of Data In-Transit

Attackers can intercept or “snoop” on unencrypted customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers.

Cloudflare Solution

Fast SSL / TLS encryption at the edge of Cloudflare’s network, automated certificate management, and support for the latest security standards enable the secure transmission of sensitive customer data without fear of exposure.

Brute Force Login Attempts diagram

Brute Force Login Attempts

Attackers can wage “dictionary attacks” by automating logins with dumped credentials to brute force their way through a login-protected page.

Cloudflare Solution

Cloudflare offers granular control through Rate Limiting to detect and block hard-to-detect attacks at the network edge, defined by custom rules that set request thresholds, timeout periods, and response codes.

Malicious Payload Exploits diagram

Malicious Payload Exploits

Attackers can exploit application vulnerabilities though malicious payloads. The most common forms include SQL injections, cross-site scripting, and remote file inclusions. Each of these can expose sensitive data by running malicious code on applications.

Cloudflare Solution

Automatically filter out illegitimate traffic targeting the application layer through web application firewall (WAF) rulesets, including GET and POST-based HTTP requests. Enable pre-built rulesets such as OWASP Top 10 and Cloudflare application-specific. Build rulesets to specify types of traffic to block, challenge, or let through.

“As an insurance broker we have to prove that we take adequate precautions to prevent unauthorized access to our data. By allowing Cloudflare as the single user of our private cloud, we’ve eliminated entire classes of threat vectors and made our security that much simpler to prove.”
MARTIN BAILEY
CTO, President, & Co-Founder
mitigate DDoS attacks diagram

Mitigate DDoS Attacks

Protect Internet applications and APIs from malicious traffic targeting network and application layers, to maintain availability and performance, while containing operating costs.

Block Malicious Bot Abuse diagram

Block Malicious Bot Abuse

Block abusive bots from damaging Internet properties through content scraping, fraudulent checkout, and account takeover.

Trusted By

Over 8,000,000 Internet Applications and APIs

Cloudflare Features

Cloudflare's Performance and Security Services work in conjunction to reduce latency of web sites, mobile applications, and APIs end-to-end, while protecting against DDoS attack, abusive bots, and data breach.

Performance

Cloudflare Performance Services improve conversions, reduce churn, and improve visitor experiences by accelerating web and mobile performance, while keeping applications available.

  • Content Delivery Network (CDN)

    With 151 data centers across 58 countries, Cloudflare’s Anycast CDN caches static content at the edge, reducing latency by delivering assets as close as geographically possible to visitors.
  • Website Optimizations

    Cloudflare includes a suite of web optimizations to improve the performance of Internet assets. Optimizations include the latest web standards, such as HTTP/2 and TLS 1.3, as well as proprietary enhancements for images and mobile device visitors.
  • DNS

    Cloudflare is the fastest managed DNS provider in the world, routing over 38% of all global DNS traffic. Cloudflare has multiple ways to achieve maximum performance for online assets.
  • Load Balancing

    Cloudflare Load Balancing provides load balancing, geo-steering, monitoring and failover for single, hybrid-cloud, and multi-cloud environments, enhancing performance and availability.
  • Argo Smart Routing

    Argo Smart Routing improves Internet asset performance on average of 35% by routing visitors through the least congested and most reliable paths on Cloudflare's private network.
  • Railgun

    Railgun compresses previously uncacheable web objects up to 99.6% by leveraging techniques similar to those used in the compression of high-quality video. This results in an average 200% additional performance increase.
  • Stream

    Cloudflare Stream makes streaming video easy by handling data storage, media encoding, content embedding and playing, regional delivery, and analytics.
  • Workers

    Cloudflare Workers let developers run JavaScript Service Workers in Cloudflare's 151 data centers around the world.
  • Mobile SDK

    Cloudflare’s Mobile SDK provides visibility into application performance and load times across any global carrier network.
  • Stream Delivery

    Cloudflare’s Stream Delivery offers caching and delivery of video content through our 151 data centers around the globe.

Security

Cloudflare Security Services reduce the risk of lost customers, declining revenues, and degraded brand by protecting against DDoS attacks, abusive bots, and data breach.

  • Anycast Network

    With 151 data centers across 58 countries and 15 Tbps of capacity, Cloudflare’s Anycast network absorbs distributed attack traffic by dispersing it geographically, while keeping Internet properties available and performant.
  • DNSSEC

    DNSSEC is the Internet’s non-spoofable caller ID. It guarantees a web application’s traffic is safely routed to the correct servers so that a site’s visitors are not intercepted by a hidden “man-in-the-middle” attacker.
  • Web Application Firewall (WAF)

    Cloudflare’s enterprise-grade web application firewall (WAF) detects and block common application layer vulnerabilities at the network edge, utilising the OWASP Top 10, application-specific and custom rulesets.
  • Rate Limiting

    Rate Limiting protects critical resources by providing fine-grained control to block or qualify visitors with suspicious request rates.
  • SSL / TLS

    Transport Security Layer (TLS) encryption enables HTTPS connections between visitors and origin server(s), preventing man-in-the-middle attacks, packet sniffing, the display of web browser trust warnings, and more.
  • Secure Registrar

    Cloudflare is an ICANN accredited registrar, protecting organizations from domain hijacking with high-touch, online and offline verification for any changes to a registrar account.
  • Orbit

    Cloudflare Orbit solves security-related issues for Internet of Things devices at the network level.
  • Argo Tunnel

    Cloudflare creates an encrypted tunnel between its nearest data center and an application’s origin server without opening a public inbound port.
  • Workers

    Cloudflare Workers let developers run JavaScript Service Workers in Cloudflare's 151 data centers around the world.
  • Access

    Secure, authenticate, and monitor user access to any domain, application, or path on Cloudflare.
  • Spectrum

    Spectrum protects TCP applications and ports from volumetric DDoS attacks and data theft by proxying non-web traffic through Cloudflare’s Anycast network.