Home Chef

Home Chef deploys Cloudflare Bot Management to stop attacks by credential-stuffing bots

Founded in 2013, Home Chef is a meal-kit delivery service that simplifies meal planning and makes it possible for anyone to cook nutritious, delicious meals. Home Chef currently serves about 220,000 customers across the U.S. every week. In 2020, the company delivered 10 million meals and expanded its delivery territory to include 97% of the US population.

Challenge: Mitigate frequent attacks from highly sophisticated credential-stuffing bots

Cloudflare has been a part of Home Chef’s tech stack for several years. Home Chef began with the Cloudflare Pro Plan, which includes Cloudflare’s base security and performance solutions, as well as image and mobile optimization, page rules, and cache analytics.

“From the beginning, Home Chef has relied heavily on Cloudflare to provide a base layer of security for our customers,” explains Dave Giunta, VP of Engineering. “We didn’t have to pay much attention to security, because Cloudflare handled it all.”

However, around the beginning of the COVID-19 pandemic in 2020, Home Chef experienced a significant and sudden spike in credential-stuffing bots. This increase coincided with two events: the pandemic had caused Home Chef’s business to double nearly overnight, and the company had been affected by a massive onslaught of bot traffic which degraded site performance.

Up until that point, Home Chef had fended off bad bots through firewall rules and block/allow lists, but as the frequency and sophistication of bot attacks grew, they realized they needed an even more advanced bot management tool.

"This was a different level of bot attack than we’d seen previously, more automated and smarter, utilizing jumping IP addresses and other methods to avoid detection,” Giunta recalls. With a small team responsible for identifying and mitigating each attack, he estimated that collectively, all incidents cost the company $50,000 in lost productivity.

Cloudflare Bot Management blocks 250,000 threats weekly

Home Chef needed a solution that could level up their security without degrading site performance or requiring their internal team to expend additional time and resources. After discussing the situation with Cloudflare, the company decided to upgrade to an Enterprise Plan, while also adding Cloudflare Bot Management.

"We were very happy with the Pro Plan for a long time, so there was no question we’d turn to any vendor other than Cloudflare to solve our problem with bad bots," Giunta says.

Each week, Cloudflare Bot Management prevents approximately 250,000 malicious bots from reaching Home Chef’s website. After implementing Bot Management and several other infrastructure changes, Home Chef’s page load speeds improved by about 10%, even though traffic to the site nearly doubled.

“I’ve worked in Software Engineering for 15 years. I’ve never seen page load times improve as site traffic increased, but Cloudflare Bot Management helped make that happen,” Giunta says. “Bot Management’s machine learning algorithm learns very quickly, and it catches smart bots that get through our firewall rules.”

With Bot Management blocking malicious bots, Giunta’s team can now concentrate on supporting end users and working on internal projects that drive the business. “Before deploying Bot Management, responding to security incidents involving bad bots took up a lot of my team’s focus,” Giunta says.

Additionally, Home Chef utilizes Cloudflare Logs, a feature for Enterprise customers that enables them to integrate Cloudflare’s security and performance data with other analytics providers. This allowed for better visibility into their data and events they did not have before.

“Connecting Cloudflare with our application logs allows us to determine correlations between our application activity and our Cloudflare activity,” Giunta explains. “Among other things, we can see how the Bot Management Bot Scores fit into the rest of our security environment.”

Home Chef plans to expand its partnership with Cloudflare

Moving forward, Home Chef is examining using Cloudflare Workers, which is Cloudflare’s serverless computing platform, to extend the capabilities of Cloudflare Bot Management as well as engage in advanced image processing.

“As bot traffic grows in frequency and complexity, we’re looking at a few options,” Giunta says. “We’d like to expose the Bot Score to the rest of our application stack and possibly serve specialized pages to bot traffic. We’d also like to examine more advanced image processing functions that are only possible through running custom code with Workers.”

Giunta’s only regret is that Home Chef didn’t expand its partnership with Cloudflare sooner. “We should have upgraded to the Enterprise plan sooner due to our company’s growth. The fact that the Pro Plan worked for us for so long is a testament to the quality of Cloudflare’s solutions,” Giunta says. “Similar to how Home Chef makes cooking easy, Cloudflare makes security easy. We’ve never had to hire dedicated security staff, because our IT team could easily configure and manage Cloudflare’s solutions.”

Giunta raves about his experience with Home Chef’s Cloudflare representatives. “While some other vendors push me to buy products Home Chef doesn’t need, just to meet their sales quota, Cloudflare always introduces me to solutions that would benefit Home Chef,” he says. “Our Cloudflare account team is fantastic. I’m accustomed to dealing with aggressive salespeople. I’ve never felt that way with Cloudflare.”

Home Chef
相关案例研究
相关产品
主要成果
  • Cloudflare Bot Management stops approximately 250,000 malicious bots from reaching Home Chef’s website each week

  • Page load times decreased even as traffic to Home Chef’s website nearly doubled.

  • Cloudflare Bot Management saved Home Chef approximately $50,000 last year in productivity loss avoidance by blocking so many automated attacks without interrupting the dev team.

I’ve worked in Software Engineering for 15 years. I’ve never seen page load times improve as site traffic increased, but Cloudflare Bot Management helped make that happen.

Dave Giunta
VP of Engineering

Similar to how Home Chef makes cooking easy, Cloudflare makes security easy. We’ve never had to hire dedicated application security staff, because our IT team could easily configure and manage Cloudflare’s solutions.

Dave Giunta
VP of Engineering