I'm aware that they exist but don't have any knowledge or experience with CloudFlare. if you're considering using them, I would ask them for a list (under NDA) of what large enterprises use them, what their POPs are - global is good - and for any analytical product they have relating to DDoS that they have mitigated and investigated. Also a procedure guide on how you would engage them in event of a DDoS. You should really be asking a lot of questions before signing anything with anyone, and once you select one - TEST IT!!! A lot of orgs do not test their mitigation processes. The total time to mitigation if you're not already swung to a provider, should be down to 30 mins to an hour, this is reasonable for detection to full mitigation in large companies. Without running through an exercise, companies will find that mitigation takes 1-4 hours. It's also highly recommended that you have incident handlers who are able to make big decisions. -Pierre On 01/02/2013 10:48 AM, James Thomas wrote:
Hi Pierre,
Thank you for your interesting note.
On 01/02/2013 09:57, Pierre Lamy wrote:
The 3 major scrubbing vendors:
Prolexic Verisign Akamai IIRC, CloudFlare claims to the same capcity of DDOS mitigation as Prolexic (500gb) and also has a free option with fewer scrubbing features. Do you have experience with it, or is there some other reason to have excluded it from your list? I apologize for my noobish question.
Cheers,
James