DDoS attacks are growing to a scale that traditional, centralized solutions can no longer handle. Cloudflare stands out thanks to its globally distributed infrastructure, which enables it to neutralize even hyper-volumetric attacks reaching tens of terabits per second before they ever reach a customer’s infrastructure. The platform proves critical in the following use cases:

• protecting e-commerce platforms and supply chains,
• mitigating record-breaking attacks,
• enabling secure remote work where traditional VPNs fail,
• controlling increasingly sophisticated AI-generated traffic,
• protecting public institutions from large-scale DDoS campaigns.

In the face of the growing number and scale of attacks, Cloudflare becomes not just a security tool, but an essential component for maintaining service continuity.

The scale of DDoS attacks and the real limitations of traditional solutions

In September 2025 alone, Cloudflare mitigated a record-breaking attack with a peak of 22.2 Tbps—the largest event of this kind in history.

“So why is Cloudflare able to stop attacks of this magnitude?”—this is one of the most common questions we hear during initial conversations with clients. Traditional DDoS protection typically relies on centralized traffic-scrubbing points, where all packets are redirected for analysis and filtering. The problem arises when attack volumes are measured in terabits per second. A single filtering location quickly becomes a bottleneck, and service availability is disrupted.

Cloudflare approaches this differently. Instead of centralized filtering, it uses a modern architecture and a global network of more than 330 points of presence (PoPs). Each PoP can accept and process the full scope of traffic, meaning attack traffic is automatically dispersed and neutralized as close to its source as possible. As a result, a single attack does not overwhelm one protection point but is distributed across the entire network.

From a security engineer’s perspective, this is the key difference: relying not on a single data center, but on globally distributed infrastructure.

This is precisely what has allowed Cloudflare to repeatedly rescue companies in critical moments, where every second of downtime translates into millions in losses. Below are five situations where Cloudflare proves indispensable.

1. DDoS attack and disruption of the order fulfillment chain (Zalando case)

Zalando is one of the largest e-commerce players in Europe, with over 46 million active customers, revenues measured in billions of euros, and infrastructure connecting fulfillment centers, brick-and-mortar stores, and headquarters in Berlin. Such a network must be continuously available—any outage means real losses: halted shipments, unavailable communication systems, and delayed customer service.

In early November 2020, just before the holiday season, the company faced a growing wave of DDoS attacks. Zalando needed a solution that would work proactively and without manual attack management.

The choice was Cloudflare Magic Transit—a service that protects not just applications, but the entire public IP address space of a customer at the edge of their network. Cloudflare announced Zalando’s IP ranges through its own routers.

The result? Cloudflare blocked an average of 200 attack attempts per week, while engineers no longer had to manually mitigate incidents. During peak periods such as Black Friday and the holidays, the system ran without disruption and logistics processes were never interrupted.

The full Cloudflare deployment case study for Zalando can be found here.

2. Hyper-volumetric attacks

One of the most striking cases in recent weeks involved an attack of unprecedented scale. For obvious reasons, the name of the targeted company was not disclosed, but the incident appeared in Cloudflare reports as a reference point for the entire cybersecurity industry.

Cloudflare automatically mitigated a hyper-volumetric attack that peaked at 22.2 Tbps and 10.6 billion packets per second (Bpps). For comparison, most DDoS protection providers operate at 15–20 Tbps of total capacity. If such a volume hit their scrubbing centers, the infrastructure would be immediately overwhelmed.

3. Remote work – when traditional VPN stops working

Not all availability and security challenges take the form of DDoS attacks. A few months ago, we worked with a client whose problem looked very different. Their sales team frequently traveled to China and accessed corporate infrastructure via VPN—a standard setup. The issue was that traditional VPN solutions were practically unusable there. Connections were blocked, dropped, or so slow that work became impossible.

Because Cloudflare operates its own infrastructure in China, we were able to deploy the Cloudflare WARP Client. In practice, this meant employees could securely log into systems, exchange data, and perform tasks in the field as if they were connected from the office in Poland.

This case clearly shows that Cloudflare is not just about DDoS protection, but also real support for global workforce mobility.

4. A new era of challenges: detecting and controlling AI-generated traffic

Until recently, the main challenge in protecting web applications was identifying and blocking automated traffic generated by traditional bots. Today, this situation is changing rapidly. Artificial intelligence is used not only in defense but also offensively—bots are becoming increasingly “intelligent” and can dynamically change behavior to bypass WAF protections.

Cloudflare is developing solutions that allow precise categorization and management of AI-generated traffic. One such solution is the AI Crawl Control module, which identifies popular AI engines visiting websites to train models or collect content. From a security team’s perspective, this is a major step forward—we can see directly in the dashboard which specific bot is attempting access, from which host, and to which resources.

5. DDoS attacks on the public sector (example of U.S. government agencies)

In spring 2023, numerous U.S. government agencies came under a wave of continuous DDoS attacks. One agency battled overload attempts for a month and a half, despite having protection provided by its ISP.

The problem was that attackers targeted DNS servers directly, generating massive numbers of queries for non-existent domains. The result was the unavailability of both public and internal applications. Citizen-facing services were unstable, remote employees had to return to offices due to overloaded VPN servers, and the helpdesk was flooded with tickets.

Cloudflare was deployed within just a few days. Configuration began on Friday, and by Sunday all traffic was flowing through the global network. At that moment, the attack volume dropped to zero—before it could even reach the ISP or the agency’s infrastructure.

The result? Critical applications regained performance, user tickets dropped to normal levels, and IT teams could return to priority projects.

This example shows that response time and the ability to quickly integrate with existing infrastructure are just as important as raw protection power. For public institutions, this is not only a matter of reputation, but a real impact on services available to millions of citizens.

The growing scale of DDoS

As shown by Cloudflare data and our experience at 4Prime, DDoS attacks are not only growing in scale but also becoming more frequent. According to Cloudflare’s official Q2 2025 report, the number of DDoS attacks was 44% higher year over year.

Moreover, there has been a sharp increase in hyper-volumetric incidents. Attacks exceeding 1 Tbps or 1 billion packets per second are appearing more and more often—illustrating the growing pressure on internet infrastructure.

For companies in Poland, this means global solutions must be included in security architecture. Thanks to its distributed infrastructure, Cloudflare is one of the few providers capable of guaranteeing service availability even in the face of record-breaking attacks. If you want to see how to effectively protect your organization against DDoS attacks, contact us.

This article was prepared by a 4Prime expert and then edited with the support of artificial intelligence tools.