Cloudflare, the internet security and performance services company, announced a new service called “Spectrum.” The service gets its name from the fact that Cloudflare aims to offer DDoS protection for the whole “spectrum” of ports and protocols for its enterprise customers.
What Spectrum Protects
As we’ve seen recently, attackers are starting to break record after record in DDoS attacks every year, which means companies have never been more vulnerable. As one of the companies that offer DDoS protection, Cloudflare aims to protect not just web servers from DDoS attacks, but also any PC, virtual machine, or container that may be connected to the internet from a company’s premises.
Cloudflare has already deployed Spectrum to Hypixel, which runs the largest Minecraft server. Thanks to Spectrum, Hypixel was able to defend against a terabit per second DDoS attack from the Mirai botnet (the botnet that uses the open source Mirai software to control infected IoT devices).
Bruce Blair, the CTO at Hypixel, told Cloudflare:
Hypixel was one of the first subjects of the Mirai botnet DDoS attacks and frequently receives large attacks. Before Spectrum, we had to rely on unstable services & techniques that increased latency, worsening user's experience. Now, we're able to be continually protected without added latency, which makes it the best option for any latency & uptime sensitive service such as online gaming.
Another early customer of Spectrum is the Montecito Bank. The team there was looking for a solution to protect their email and SSH services so that if there was a DDoS attack, those services could continue to function.
Other Security Features
Beyond protection against DDoS attacks, Spectrum can also encrypt connections that previously didn’t use encryption due to their use of legacy protocols.
Cloudflare also offers its Spectrum customers the ability to integrate their networks with the Cloudflare IP Firewall and then allow or block connections at will.
Cloudflare said that for now the Spectrum service is enterprise-only because it needs to assign an IPv4 address to each protected service, which could get expensive very soon, considering we’re running out of IPv4 addresses. The company is considering either asking consumers to pay for IPv4 addresses or offer IPv6-only addresses to non-enterprise customers.