Cloudflare CEO Announces Unmetered DDoS Attack Mitigation. Cloudflare turns seven this week and it wants to give your network a present. Should your website come under Distributed Denial of Service (DDoS) attack, it will never charge you additional fees, or (and this is important) kick you off the network.
Cloudflare CEO Matthew Prince has pledged unmetered DDoS mitigation, regardless of the size of the attack and no matter what level of service you have from the free tier all the way up to the enterprise level.
As Prince explained, this is a pretty radical move by the company, but he feels like it’s the right way to go and will actually help grow his business. That’s because the new policy is removing a big fear companies feel in an age when DDoS attacks are becoming increasingly common occurrences and it costs a lot of money to defend against them. “A lot of folks in this space, as you get larger and larger attacks, have traditionally charged you more. This is practical because they cost more [in time and resources] to defend against,” Prince explained.
Here’s how Cloudflare CEO Matthew Prince explained it:
Today, on the first day of our Birthday Week celebration, we make it official for all our customers: Cloudflare will no longer terminate customers, regardless of the size of the DDoS attacks they receive, regardless of the plan level they use. And, unlike the prevailing practice in the industry, we will never jack up your bill after the attack. Doing so, frankly, is perverse.
We call this Unmetered Mitigation. It stems from a basic idea: you shouldn’t have to pay more to be protected from bullies who try and silence you online. Regardless of what Cloudflare plan you use — Free, Pro, Business, or Enterprise — we will never tell you to go away or that you need to pay us more because of the size of an attack.
Typically when you have a DDoS attack, no matter which service you have been using, the vendor charges based on the network bandwidth you are using at the peak of the attack. “The trouble is that these attacks are sending 100s of gigabits of attacks per second, and the bill could be hundreds of thousands of dollars on bandwidth charges alone,” Prince said.
The end result is customers often got kicked off the services before the bill got so big, and the network resources became so great. Prince says kicking people off his service “felt gross.” That’s partly because he was giving up on a customer but also because he was giving into the attackers and he didn’t see a big difference between the attackers trying to extort money and companies like his presenting the victim with a huge bill after the attack was over.
Several years ago on the company’s birthday, they made a decision to offer free encryption, a move that was highly unusual at the time. “When we turned on encryption by default and for free, people thought we were crazy, and we couldn’t pull it off. Four years later, it’s pretty much an industry standard,” he said.
Prince’s hope is that that his company’s shift to unmetered mitigation will have a similar impact. “If you fast-forward four years from now, it could just be something that DDoS providers don’t charge more for. It will make the internet better,” he said.