The digital assaults known as distributed denial of service attacks occur constantly, whether you notice them or not. Corporations, internet infrastructure companies, and other large targets like universities and government agencies experience them frequently, or in some cases constantly.
The only reason more of the internet doesn’t exist in a constant state of DDoS-caused collapse? Third-party companies that offer protection services.
The offerings go a long way toward safeguarding customers, but they have shortcomings. They typically cost more as the size of an attack increases, and providers can even drop their defense services altogether if an attack is too overwhelming.
On Monday, though, Cloudflare, one of the largest of those DDoS defenders, removed the proportional charges and caps from its protection offerings. Its new “Unmetered Mitigation” program means Cloudflare customers who pay the company for its other service will no longer be at risk of higher charges during a DDoS incident, and customers who use Cloudflare’s free products will have unlimited DDoS protection included as well.
“We’ve grown our network to a scale that we felt comfortable that we were far enough out in front of the big DDoS attacks to take any hit the internet threw at us,” says Matthew Prince, the CEO of Cloudflare. “Having seen attacks from every corner of the globe and having mitigated them, we’re comfortable that we can do that for anyone. That’s the inevitable direction the internet should go.”
The move fits into a long-term vision of where DDoS defense can go. If everyone, not just Cloudflare customers, had unlimited DDoS protection for free, the attack wouldn’t be as fruitful for hackers, and could ultimately become obsolete. Cloudflare deserves praise for making its protections so widely available at no extra cost. But stopping DDoS altogether will take more than just this step.