Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Cloud Security

Cloudflare Announces Unmetered DDoS Mitigation, Geo Key Manager

Web performance and security solutions provider Cloudflare announced this week that all customers will benefit from unmetered mitigation against distributed denial-of-service (DDoS) attacks, and they will be able to choose where they want their private SSL keys stored.

Web performance and security solutions provider Cloudflare announced this week that all customers will benefit from unmetered mitigation against distributed denial-of-service (DDoS) attacks, and they will be able to choose where they want their private SSL keys stored.

DDoS protection providers typically ask their customers to pay more and even terminate them if they are hit by a massive attack that may cause disruptions to other customers’ services.

Cloudflare, which claims to have the ability to handle more than 15 terabits per second of DDoS traffic, believes it can now protect a website against attacks of any size while ensuring that other customers are not impacted in any way.CloudFlare

That is why the company has decided that it will not terminate customers or jack up their bill regardless of the size of the attack or the plan they use. Customers that use a paid plan will, of course, have more benefits, but when it comes to volumetric DDoS mitigation, even users of the Free plan will benefit from unlimited and unmetered protection.

“Back in 2014, during Cloudflare’s birthday week, we announced that we were making encryption free for all our customers. We did it because it was the right thing to do and we’d finally developed the technical systems we needed to do it at scale. At the time, people said we were crazy. I’m proud of the fact that, three years later, the rest of the industry has followed our lead and encryption by default has become the standard,” Matthew Prince, CEO of Cloudflare, wrote in a blog post.

“I’m hopeful the same will happen with DDoS mitigation. If the rest of the industry moves away from the practice of surge pricing and builds DDoS mitigation in by default then it would largely end DDoS attacks for good. We took a step down that path today and hope, like with encryption, the rest of the industry will follow,” Prince added.

Private key restriction with Geo Key Manager

Cloudflare announced on Tuesday that customers will be able to specify where to store their private SSL keys via a new service called Geo Key Manager.

Advertisement. Scroll to continue reading.

The company has data centers in more than 55 countries and some of its customers might not be comfortable knowing that the keys to their kingdom are stored on servers physically located in a certain country.

“Even if local governments are to be trusted, organizations may have strong geopolitical-based opinions on security or mandates to adhere to certain regulatory frameworks. That, or they simply may understand there are only so many data centers in the world that can meet our most stringent physical security requirements and controls; as Cloudflare’s network grows, it’s inevitable that we will exhaust these facilities, and thus customers need control over where their keys are held,” explained Cloudflare’s Patrick R. Donahue.

With Geo Key Manager, Cloudflare customers can choose to store their custom certificates only in U.S. data centers, only in E.U. data centers, or only in data centers with the highest security. The downside is that some initial requests will take tens of milliseconds longer to complete compared to allowing the keys to be stored in any Cloudflare data center, an option that provides the best performance.

Cloudflare has pointed out that all its data centers are highly protected against both digital and physical threats, but top tier centers have extra physical security measures, including non-stop security officers, pre-scheduled biometric access, private cages that can be accessed only after passing through 5 checkpoints, and comprehensive interior and exterior security controls and monitoring.

In the near future, Cloudflare Enterprise users may be provided even finer control over where their private keys are stored.

Related: Cloudflare Launches New App Store for Websites, $100 Million Development Fund

Related: CloudFlare Launches Security-Focused Domain Registrar

Related: Cloudflare Launches Service to Protect IoT Devices

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...