CloudFlare offers a free plan with basic DDoS protection and promises to always provide a free service with at least the feature set that it has today. More advanced DDoS protection is available for the higher plans, which can be added as your needs grow.
Cloudflare was able to deflect 2 massive DDoS attacks. During the March 2013 attack on Spamhaus, they were able to absorb a peak 120Gbps attack that lasted 4 days, as well as a 400Gbps attack in February 2014.
Their track record shows their ability to protect against DDoS attacks in practice.
Https ("secure") comunications with sites using CloudFlare are intercepted at their servers, decrypted and recrypted with CloudFlare's certificates. This poses huge problem with what users perceive as safe communication - browsers fail to display notice about MitM taking place.
During large attacks, Cloudflare will block users with captcha screens to filter out malicious attacks. Albeit effective, they cause a considerable annoyance to legitimate users.
Cloudflare has a wide selection of app support that allows the user to install the app easily through Cloudflare instead of in their site. This creates ease of use, time saved and less degradation of performance.
Log access is an enterprise feature and priced at the "contact us" level. So when an error code is returned to the user that wasn't returned from your app, debugging this is impossible at the pro level. Unfortunately these logs aren't available to support personnel either so they have no way of tracking/validating issues.
If you want to cache all kinds of content (e.g. HTML, JSON), you need the "Cache Everything" setting, and this imposes a long "max-age" directive of 2 hours. It ignores your origin server's value.
CloudFront will allocate more hardware resources when needed automatically. It will take care of traffic spikes and accommodate product's growth without needing manual input from the user.
CloudFront integrates tightly with Amazon's storage, computing, database and networking services allowing you to use a tested and cohesively developed set of solutions.
The Kona Site Defender rules are all customizable, with continuous updates from Akamai. This means you can see how they are protecting your site under the hood, and adjust them to your needs.
Akami's services cost more than triple comparative packages from other security companies. At 13k a month for DDoS protection, there are many other choices out there that cost less for the same protection.
Because of Akamai's large CDN structure, it can take some time for security rules to propagate, making it harder to adjust security responses on the fly.
CDN77 is organized into a few tabs (dashboard, CDN, reports, support), which can quickly be accessed through buttons top dead center of the page. Setting it up is very easy as well, with just a few basic steps - create your storage, show CDN77 where your files are, then start using it.
Pricing starts at 49¢/GB, and will drop down to 29¢/GB if you receive lots of traffic. See Pay As You Go plan details here.
If you have lots of traffic, instead you can opt for monthly plans which offer up to 2PB for just under $15,000/month. Check out High Volume plans here.
CDN77 also offers a standalone Video Processing and Delivery solution called Streamflow. Video delivery competitors usually use a 3rd party CDN for global video delivery, while CDN77 has built it upon their own datacenter network. This is more reliable and allows for a flexible pricing.
Not suitable if you have an association with online advertising. A single email that may include your domain that appears on Spamcop will result in a threat to terminate your account and a requirement to disable the URL -- even if you are not responsible for the production or sending of the email.
Any config change is queued for several minutes before being applied, without any time estimate. Combined with caching and DNS delays, it can make debugging a bit more difficult.
Incapsula provides a dashboard that shows traffic data in real time, allowing you to respond to threats immediately as they happen, and see the results of your response as quickly as possible.
Incapsula's proprietary "Behemoth" machines handle 170 Gbps each, and process up to 100 million packets per second. As of March 10th 2015, they have a network of 13 data centers with these machines, allowing them to process more than 2 Tbps of bandwidth on top of their existing capabilities.
Incapsula chat support is always available. Chat can be much easier to use than phone support, as you can easily copy and paste technical data through text, and get instant feedback you don't get through email.
Incapsula has a bot recognition engine to achieve a low rate of false positives on layer 7 attacks. These attacks are notoriously hard to detect as they are designed to look like regular network traffic.
Their always on recognition solution automatically triggers layer 7 protection without user intervention, protecting you during downtimes like holidays, weekends, and late nights.
Potential enterprise customers will need to call Incapsula to find out the pricing for their enterprise plans as they are not listed on the site and appear to be priced on a case by case basis.
While there is a rules editor that offers a shortcut into rule definition, the learning curve to master how to utilize in full IncapRules is pretty steep.
Dexecure is the only automatic web performance solution that accelerates websites, for better business results. Dexecure automatically performs Front end optimizations and partners with Content Delivery Networks (CDN) to deliver the fastest loading site.