Cloudflare sets new standard in cyberattack response & resilience

Recent weeks have seen a jump in cyberattacks targeting major technology companies, with attention focusing particularly on a new string of incidents involving the Salesforce app ecosystem.

Security firms such as Zscaler and Palo Alto Networks, long regarded as stalwarts in enterprise defence, have revealed breaches linked to potentially sensitive data exposed via their support tickets. Cloudflare has joined these ranks following a supply chain incident involving its integrations with Salesloft and Drift.

Cory Michal, SaaS security expert and Chief Security Officer at AppOmni, described the Zscaler and Palo Alto Networks breaches as particularly worrying. "These are particularly concerning because they raise the stakes well beyond typical SaaS compromises, especially where support tickets are involved, since they may contain sensitive materials such as API keys, credentials, and archive files.

"For security companies, which often have privileged access and visibility into client environments, exposure of this data could create opportunities for downstream breaches, supply chain attacks, and erosion of trust in the very vendors responsible for defending enterprises," Michal said.

Cloudflare, too, has been candid about its recent experience. The company's open communication following the Salesloft/Drift exposure, and its subsequent commitment to bolster toolchain security standards, has been held up as a benchmark. Michal commented: "Cloudflare's disclosure of the Salesloft/Drift incident stands out as an excellent example of transparency and accountability in cybersecurity reporting. Their blog not only provides clear technical detail but also openly accepts responsibility for the risks posed by third-party integrations.

"By committing to strengthen their SaaS environments and toolchain security going forward, Cloudflare demonstrated both maturity and leadership in incident response, setting a high bar for how organisations should communicate, remediate, and reinforce trust in the aftermath of supply-chain compromises."

These incidents coincide with a wider rise in sophisticated cyber threats, particularly volumetric attacks. Cloudflare has recently reported its mitigation of a record-breaking 11.5 terabits per second (Tbps) UDP flood – an attack of remarkable size, though one which lasted just 35 seconds. While the magnitude is eye-catching, experts advise that the narrative should move beyond raw figures.

William Manzione, Product Manager at RETN, offered a perspective on the true impact of such incidents. "An 11.5 terabit flood sounds dramatic, but its short 35-second duration shows why size alone is the wrong metric. The attacks that demand real attention are those that combine volume with persistence or complexity – multi-vector campaigns that quietly congest links, trigger reroutes, and degrade real user experience."

Manzione argued that the effectiveness of a DDoS defence strategy should be measured not in bits per second blocked, but in the continuity of service. "In 2025, the only meaningful way to measure DDoS defence is by user experience, not by counting dropped packets. The real questions are simple: did web pages stay up, did APIs respond, did businesses keep running? True resilience means customers never even realise an attack happened – and achieving that requires end-to-end planning, combining capacity with intelligence, not just raw bandwidth."

RETN has significantly increased its own infrastructure to meet this evolving threat landscape. "At RETN, we've expanded our scrubbing network by more than 5000%, because multi-terabit floods are simply part of today's background noise. The industry obsession with record-breaking numbers is misplaced – what matters is whether customers stay online. Our measure of success is when businesses don't even notice an attack occurred," Manzione said.

This approach aligns with a broader industry sentiment that resilience in the face of cyber threats requires not only robust technical defences but also clear, honest communication when incidents occur. The response from Cloudflare, blending technical detail with an acceptance of responsibility, has been praised by security professionals as a model for restoring trust and reinforcing security posture after a breach. As supply chain and infrastructure threats become more varied and complex, both transparency and user-impact-focused mitigation are emerging as key pillars of cyber defence strategy.