Cloudflare democratizes access to critical security tools for free, helping to the Internet safer

Company removes roadblocks for security teams by delivering tools, that are often expensive and out of reach, for free to any organisation.

Cloudflare, a leading connectivity cloud company, has announced that it is making several critical security tools free, including access to its comprehensive Zero Trust platform, Cloudflare One. By tapping into the power of these tools, security teams will now be able to efficiently gain visibility into and assess the overall health of their organisation, without the stress of expensive vendor renewals or diminishing security budgets.

Customers will be able to combat some of today’s highest profile threats – automatically, by default – including credential leaks, supply chain attacks and attacks on the technology that underpins the communication between today’s most used sites and apps: APIs.

One of the biggest barriers to securing an organisation is the cost of purchasing the tools necessary to defend against today’s sophisticated threat actors. The services required to adequately achieve this are traditionally only attainable by enterprises large enough to afford both the technology and the teams to manage it.

For most other organisations, negotiating the renewal of security vendors is difficult, increasingly expensive and one of the biggest headaches that CISOs face. In 2024, software inflation is expected to hit 12.3%, which points towards hefty increases in renewal rates. But these price increases are not indicative of any additional value added to the tools and services they provide. As the attack surface grows – with novel vulnerabilities discovered daily, alongside emerging threat actor groups, tactics and malware – security teams require access to effective protections that aren’t overpriced or lock them into relationships that are difficult and costly to get out of.

“For every dollar a customer spends, we should be giving them 10x the value in return. But most security vendors increase their pricing every year without adding any value,” said Matthew Prince, co-founder and CEO of Cloudflare. “By releasing these features for free, organisations won’t be forced to decide between saving money or safeguarding their most sensitive data and services. And with greater adoption of these features through our free plan, Cloudflare can make them more effective, ultimately making the Internet a safer place for everyone.”

Now, organisations of all sizes across any industry can protect themselves from today’s threats – backed by the power of Cloudflare’s global network – allowing them to:

• Gain visibility across environments: Complexity is the number one concern for any CISO. Keeping track of risks is more difficult than ever with rapid innovation that results in too many software tools and flaws in IT environments. Cloudflare HTTP, Security and DNS Analytics provide a centralised view of overarching traffic trends in a specific environment – e.g., insight on top stats across a variety of dimensions such as countries and analysis around DNS queries, a request from a user to a service, for troubleshooting issues, or detecting patterns and trends.
• Automatically detect suspicious login attempts: Almost half of all breaches involve stolen credentials that are reused across multiple websites. Cloudflare Leaked Credentials Checks helps detect suspicious login attempts, where a bad actor may try to use a leaked password from one site to access others, based on a database of over 15 billion compromised passwords and usernames and a partnership with Have I Been PWNED.
• Identify and stop API abuse: The world runs on APIs – our phones, smartwatches, banking systems and shopping sites all rely on APIs to communicate. However, security issues arise when bugs accidentally reveal sensitive information or developers publish APIs that security teams aren’t aware of. Cloudflare Schema Validation stops APIs from inadvertently exposing information that it shouldn’t.
• Ensure safety and privacy of websites from potential bad actors: The use of third party scripts – programs or pieces of code from third-party providers that enhance website performance – are ubiquitous across nearly all of today’s businesses. But if unmanaged or unsecured, they are a goldmine for threat actors to exfiltrate sensitive information. Cloudflare’s Page Shield Script Monitor logs all scripts and provides unmatched visibility that allows for fast and more informed decisions.
• Enforce a positive security model: A Zero Trust approach is not only essential, but the only way to achieve an effective approach to modern security. Cloudflare One’s products – including Magic Network Monitoring, SaaS Cloud Application Security, Data Loss Prevention and Digital Experience Monitoring to start – will now be bundled into a free offering to enable organisations to seamlessly begin their journey towards building a Zero Trust framework.

Cloudflare’s free security offerings are all generally available to Cloudflare customers at this time and enabled by default to customers on the Free plan.