Data Breach Prevention

Protect applications from attacks resulting in sensitive customer data compromise

A data compromise can result in the leak of sensitive customer information, such as credit cards, passwords, and other personally identifiable information (PII), from an application's data store. Attackers often use several attack vectors when attempting to compromise customer data, such as DNS spoofing, snooping of data in transit, brute force login attempts, or malicious payload exploits.

The global cost of a data breach on average, per lost or stolen record, is $141 in 2017, and the average total cost of a data breach in the US is $3.62 million. With heightened scrutiny by governments and media, companies are facing severe repercussions from even the smallest data compromise. Business impacts include lost customers and revenues, degraded trust, damaged brand, or regulatory penalties.

Websites and applications require the resilience and intelligence of a scalable network to combat the most sophisticated and newest attacks. Protecting against threats should not degrade performance caused by security induced latencies, and security services must be easy to configure to eliminate misconfigurations, which introduce new vulnerabilities.

View in Dashboard

Looking for enterprise-grade solutions? Contact Sales

cloudflare security illustration

With every new Internet property added to it, Cloudflare’s network becomes smarter. Cloudflare’s IP reputation database identifies and blocks new and evolving threats across the approximately 25 million Internet properties on its network.

Reduce the risk of data compromise through a layered defense against multiple attack vectors using DNSSEC, SSL/TLS encryption, web application firewall (WAF), and rate limiting.

Eliminate security and performance trade-offs by integrating with Cloudflare’s included Performance Services, including CDN, Argo Smart Routing, website optimizations, and the latest web standards.

Common Data Breach Types and Prevention

DNS spoofing diagram

DNS Spoofing

A compromised DNS record, or “poisoned cache”, can return a malicious answer from the DNS server, sending an unsuspecting visitor to an attacker's website. This enables attackers to steal user credentials and take ownership of legitimate accounts.

Cloudflare Solution

DNSSEC verifies DNS records using cryptographic signatures. By checking the signature associated with a record, DNS resolvers can verify that the requested information comes from its authoritative name server and not a on-path attacker.

DNS spoofing diagram

Snooping of Data In-Transit

Attackers can intercept or “snoop” on unencrypted customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers.

Cloudflare Solution

Fast SSL / TLS encryption at the edge of Cloudflare’s network, automated certificate management, and support for the latest security standards enable the secure transmission of sensitive customer data without fear of exposure.

DNS spoofing diagram

Brute Force Login Attempts

Attackers can wage “dictionary attacks” by automating logins with dumped credentials to brute force their way through a login-protected page.

Cloudflare Solution

Cloudflare offers granular control through Rate Limiting to detect and block hard-to-detect attacks at the network edge, defined by custom rules that set request thresholds, timeout periods, and response codes.

DNS spoofing diagram

Malicious Payload Exploits

Attackers can exploit application vulnerabilities though malicious payloads. The most common forms include SQL injections, cross-site scripting, and remote file inclusions. Each of these can expose sensitive data by running malicious code on applications.

Cloudflare Solution

Automatically filter out illegitimate traffic targeting the application layer through web application firewall (WAF) rulesets, including GET and POST-based HTTP requests. Enable pre-built rulesets such as OWASP Top 10 and Cloudflare application-specific. Build rulesets to specify types of traffic to block, challenge, or let through.

"As an insurance broker we have to prove that we take adequate precautions to prevent unauthorized access to our data. By allowing Cloudflare as the single user of our private cloud, we’ve eliminated entire classes of threat vectors and made our security that much simpler to prove."
CTO, President, & Co-Founder

Get started today

Sign up

Mitigate DDoS Attacks

block malicious bot abuse diagram

Protect Internet properties from malicious traffic targeting network and application layers, to maintain availability and performance, while containing operating costs.

Block Malicious Bot Abuse

block malicious bot abuse diagram

Block abusive bots from damaging Internet properties through content scraping, fraudulent checkout, and account takeover.

Trusted by approximately 25 million Internet properties

trustedby crunchbase black
trustedby ao com black
trustedby zendesk black
logo sofi gray 32px wrapper
trustedby log me in black
trustedby digital ocean black
trustedby okcupid black
trustedby montecito black
trustedby discord black
trustedby library of congress black
trustedby udacity black
trustedby marketo black