According to Forrester, "Cloudflare protects against DDoS from the edge, and fast," and that "customer references view Cloudflare’s edge network as a compelling way to protect and deliver applications."
Cloudflare centralized and decentralized mitigation systems work in concert to identify and mitigate most DDoS attacks in under 10 seconds (3 seconds on average). Preconfigured static rules are deployed in less than 1 second.
With a simple change to your DNS settings, you can onboard your website to Cloudflare within minutes. Cloudflare’s globally distributed anycast network routes visitor requests to the nearest Cloudflare data center.
When Cloudflare’s edge data centers receive a request, they scan it to see if the visitor appears to be a threat, using criteria such as HTTP headers, user agent, query string, path, host, HTTP method, HTTP version, TLS cipher version, and request rate. We also look at HTTP response metrics such as error codes returned by customers’ origin servers.
Our global and local DoS mitigation systems work in concert to protect new and existing threats of any size or kind against your website.
Any resources that are already cached are served from Cloudflare’s data centers directly. Other client request traffic is sent to your origin server over Cloudflare’s high-performance network.
Cloudflare’s DDoS protection is designed to integrate and operate seamlessly with other security and performance products including Web Application Firewall, Bot Management, Load Balancer, CDN, and more.
Cloudflare’s built-in analytics give you deeper insights into your traffic patterns, threats observed (and blocked), and much more right from the dashboard or via the Cloudflare GraphQL API. Cloudflare logs can also be integrated with third-party SIEMs.