A compromised DNS record, or “poisoned cache”, can return a malicious answer from the DNS server, sending an unsuspecting visitor to an attacker's website. This enables attackers to steal user credentials and take ownership of legitimate accounts.
Attackers can intercept or “snoop” on unencrypted customer sessions to steal sensitive customer data, including credentials such as passwords or credit-cards numbers.
Fast SSL / TLS encryption at the edge of Cloudflare’s network, automated certificate management, and support for the latest security standards enable the secure transmission of sensitive customer data without fear of exposure.
Attackers can wage “dictionary attacks” by automating logins with dumped credentials to brute force their way through a login-protected page.
Cloudflare offers granular control through Rate Limiting to detect and block hard-to-detect attacks at the network edge, defined by custom rules that set request thresholds, timeout periods, and response codes.
Attackers can exploit application vulnerabilities though malicious payloads. The most common forms include SQL injections, cross-site scripting, and remote file inclusions. Each of these can expose sensitive data by running malicious code on applications.
Automatically filter out illegitimate traffic targeting the application layer through web application firewall (WAF) rulesets, including GET and POST-based HTTP requests. Enable pre-built rulesets such as OWASP Top 10 and Cloudflare application-specific. Build rulesets to specify types of traffic to block, challenge, or let through.
Protect Internet properties from malicious traffic targeting network and application layers, to maintain availability and performance, while containing operating costs.
Block abusive bots from damaging Internet properties through content scraping, fraudulent checkout, and account takeover.
Data Breach Prevention