Incapsula: Redefining Mass Market Security

(Ping! Zine Issue 57) – In today’s global market, simply maintaining an in-office presence or retail location is no longer satisfactory. Nowadays, you need a website. But just like any other aspect of your business, your website deserves constant attention as any serious disruption could have dramatic implications, whether they include dissatisfied customers, decreasing revenue, bad reviews or most importantly, long term loss of clientele.

Today, more and more small and medium sized businesses face the risk of online threats – DDoS attacks, SQL injections and data theft among other hostile tactics. This phenomena also projects on the hosting industry, which now has to deal with these new threats to their clients and their hosting infrastructure. Thankfully, security providers are taking notice and adapting themselves to meet these challenges – with a number of companies promising to keep your web presence fully secured.

“The needs of SMB websites have evolved and today they find themselves in need of a solution that will not only improve page load speed, compress CSS files and Cache their content, but also take their security up a notch,” explains Igal Zeifman, Product Evangelist at website security and performance provider Incapsula.

A subsidiary of global security leader Imperva, Incapsula believes that CDNs should look beyond proxy delivery and cache based acceleration. Incapsula CDN does just that, leveraging the platform’s delivery capabilities to provide high-end security solutions at an affordable, economy of scale prices.

“We help webmasters to deal with a wide range of security challenges, from simple spam and content theft attempts to more complex SQL injections, backdoor shells and even large-scale DDoS attacks,” Zeifman goes on to say.

And while security may seem like an obvious issue to include in a service, performance is also important: Slow websites lead to agitation, and your customer could find him or herself hitting that much feared “X” button, thus turning to your competitor for the services they need instead. It’s the combination of both security and performance that leads any web presence to the ultimate stability.

Zeifman explains, “We are here to solve all mission-crucial website delivery issues and by combining security and performance, we save our customers time, money and the need to rely on several service providers.” Incapsula highlights three integral areas that must be provided for to keep things finely tuned:

Keeping a website speedy is now required. Several studies show that page speed will affect purchase decisions .

To provide accelerated speeds, Incapsula maintains a full-fledged Global CDN. With the December 2012 launch of its latest data center in Sydney, Australia, Incapsula networks is now reliant on 15 proxy locations along with providing administrators caching, code and resource optimization features. On average, these features will speed up a website by 40% and allow it to consume 50% less bandwidth – perhaps even more, because Incapsula bot filtering will also help minimize the effects of bot related “parasitic drag”.

Interestingly enough, Incapsula’s more advanced acceleration features also include its unique Dynamic Caching algorithm. This algorithm employs behavior learning heuristics to optimize HTTP headers, maximizing all caching capabilities and even allowing the caching of dynamically generated objects, while assuring their freshness.

How does the CDN work? CDN simply stands for “Content Delivery Network.” We mentioned the use of proxies, but exactly what does that mean? Using a proxy allows Incapsula to leverage its global network, thus minimizing the “physical distance” between a website and its actual traffic – aka the visitors. Other means, meanwhile, include caching (both Standard and
Dyamic) along with optimization.

Application Security
APPS, APPS, APPS – Web admins are increasingly relying on a large number of web applications like WordPress or Joomla to manage, create and update their website. The popularity of these applications marks them as lucrative targets for most hackers, who always try to take advantage of various vulnerabilities found in these web apps along with their extensions and plugins.

Incapsula WAF (stands for ‘Web Application Firewall’) was built to safeguard the website again such threats. The WAF will filter incoming traffic and uses a set of customizable security rules to detect and block all malicious requests – including generic and application specific attacks. With it, Incapsula will protect the website against OWASP threats like SLQ injections, Cross Site Scripting, Illegal Resource Access, etc.

Just recently Incapsula also introduced a new capability to discover and quarantine Backdoor Shells. This new feature just hit Open Beta and is now available for free to all Incapsula clients. While in pre-beta stage and running in silent mode this feature helped Incapsula intercept and block a DDoS attack which targeted several leading U.S. banks including PNC, HSBC, and more.

Bot Protection & DDOS Mitigation
DDOS attacks are simply a mess. While implications of downtime are bad, having to go through the ordeal of getting a website back up and running is even worse. The best way to avoid such a dilemma is by protecting against it. Arguably, the best DDoS protection is achieved by a combination of strong network backbone for Volume (Layer 3-4) based attacks and smart visitor recognition methods, for Protocol and Application (Layer 7) attacks.

Incapsula’s Global network, with its Anycast load balancing capabilities and multiple servers & sinkholes in each data center, was specifically designed to absorb even the largest DDoS attacks without causing any downtime to clients.

At the same time, Incapsula’s bot identification mechanism offers accurate bot filtering to counter non-human DDoS agents. For this, Incapsula relies on cross verification practices, combining signature identification methods with JS and Cookie challenges and behavior monitoring. As with other threats, the bot data is aggregated trough the network and some of it also finds its way into – Incapsula’s free community sourced bot directory.

Compared to other anti-DDoS providers, Incapsula’s claim to fame seems to be in its ability to provide seamless DDoS protection, while keeping away from user repelling practices, which often include CAPTCHAs and delay screens.

“Incapsula proved to have a near zero false positive rate, and legitimate users had no trouble accessing Enjin websites during prolonged DDOS attacks,” says Maxim Blagov, Incapsula customer and CEO of Enjin – one of world largest gaming community with 3.5 million registered users and 200,000 hosted websites. This ability to minimize business interruptions, even under extreme pressure appears to be the philosophy behind Incapsula DDoS mitigation methodologies.

Controls and Monitoring: Incapsula dashboard allows in-depth customization of the default security rules, allowing you to whitelist and blacklist specific events, IP, countries, user-agents and even specific applications (like CURL) all with just the click of a button.

The Traffic screen shows you what Google Analytics won’t, specifically the number of bots which visited your website – good, bad or suspicious. The Performance tab will provide information about caching and proxy performance and the Events pages will have detailed information about security threats discovered and blocked by the system.

The controls are intuitive and easy to use with a nice mix of pre-rendered options and free text fields to cater to both average and more experienced users.

Why We Recommend Considering Incapsula
Incapsula provides top notch acceleration and yet security is where it truly shines. We liked the way the platform covers key areas such as web application security, DDoS mitigation and bot filtering and the user friendly control panel provides a nice extra touch.

Incapsula also succeeds in the area of affordability. The service starts out as free and the prices scale up in a way that makes sense; starting from $9 Personal plan with full SSL support and advanced acceleration features, and rising up to the Enterprise plan, which starts at $200 a month and offers premium support, anti-DDoS and other enterprise services.

Web hosters, web developers, designers and other service providers may also be interested in Incapsula Partnership Program and cPanel integration option.

If you want to give it a try, you can set up Incapsula in just 5 minutes and with zero downtime, through simple DNS changes or – if supported by your hosting provider – with the 1-Click cPanel plugin.