Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Web Security Start-Up CloudFlare Lands $20 Million Funding Round

You may remember CloudFlare as the Web security start-up with a notable, if notorious, fan. At the height of its infamy, the hacker group that called itself LulzSec — best known for its persistent harassment of Sony and the Arizona state police – couldn’t stop praising CloudFlare for helping protect its Web site, which had come under numerous attacks by rival hacker gangs trying to knock it off the Web.

As product endorsements go, it wasn’t one that CloudFlare CEO Matthew Prince would have sought. Nevertheless, it showed in a very public way that the company was onto something potentially big.

Now we get an idea of how big it might be. CloudFlare has been running so far on a relatively small Series A investment of $2 million from Venrock and Pelion Venture Partners. Today it announced that it has landed a beefy $20 million Series B round, led by New Enterprise Associates, with Venrock and Pelion also participating. Scott Sandell, a general partner at NEA, will join CloudFlare’s board of directors.

NEA has backed companies as varied as Atheros, the wireless chip company now owned by Qualcomm; Fusion-io, the chip-based server storage concern; and Groupon.

So what does CloudFlare do? Webmasters can — for free — point their domain name servers to CloudFlare’s, rather than those operated by their Web hosting provider. The result of that simple change adds the site to CloudFlare’s distributed network, which protects against common attacks by hackers and spammers and makes a site resistant to distributed denial-of-service attacks that typically overwhelm servers and knock sites offline.

CloudFlare evolved out of Project Honey Pot, a nonprofit project that aimed to fight spam by creating a distributed system to find and track spammers and the bots they use to harvest email addresses. Launched in 2004, it was basically a hobby for Prince and the other founders — until the day in 2007 that the Department of Homeland Security called to say it saw real value in the data the project had collected on how fraud is conducted online.

And like Project Honey Pot before it, CloudFlare gets better as more people use it. Hosted in 12 Equinix data centers around the world, it has the computing muscle to keep its customers’ sites online when a server crashes or a hacker with a botnet attacks. Pretty much anyone who operates a Web site can have it up and running in minutes. On top of its free service, CloudFlare offers a Pro account for $20 a month. A more powerful offering aimed at enterprises is coming in the fall, Prince says.

But there’s more to it than just security. It turns out, through an unexpected benefit of programming, that CloudFlare also has a tendency to make sites load faster than they do from their main servers. The initial worry was that adding a layer between the user and the site’s hosting servers would slow things down. Some obsessive attention to the code, intended to prevent that slow-down, had an interesting effect: Sites started loading 30 to 40 percent faster. From these two benefits comes the mantra you’ll hear Prince repeat often: “We help the Internet run faster and safer.”

Did I say CloudFlare is onto something? Prince reckons that about 200 million users visit CloudFlare-protected sites every month. He declined to say exactly how many sites are using CloudFlare, but characterized it as in the tens of thousands. He did say the service is adding roughly 1,000 new customers a day, from small personal sites to huge companies.

So what’s the plan for all that money? To build out CloudFlare’s team and create new services, some aimed at large enterprises, says Prince, who notes that a business-class service is coming soon. “We’ll be adding a lot of new features that our business customers have been asking for,” he says. After that comes the enterprise-class offering.

Beyond that lie some interesting services aimed at making the Web business easier. Case in point: SSL, or Secure Socket Layer, the Web’s primary security technology. “Right now it’s way too hard for Web masters to deploy SSL on their sites, and there are too few sites using it,” Prince says. “We think we can do something important to address that.” Another thing that’s too hard: The looming transition from IPv4 to IPv6. “The solutions that are being provided right now are too complicated, and we can do something about that,” Prince says.

One recent addition was the official election results site for the nation of Turkey, which held its general election on June 12. On the night before the election, its site administrator joined CloudFlare. “The next day we saw a lot of traffic from Turkey,” Prince says. Traffic from 75 million Turkish citizens all hitting “refresh” every few minutes would have brought nearly any Web site down, and at first it looked like a massive new distributed denial-of-service attack coming out of Turkey. “We quickly figured out what it was,” Prince says, “and suddenly we were really proud that we were able to keep that site online while the whole nation was coming through the service.”


Latest Video

View all videos »

Search »

There was a worry before I started this that I was going to burn every bridge I had. But I realize now that there are some bridges that are worth burning.

— Valleywag editor Sam Biddle