Incapsula Review and Installation Process

Incapsula is a cloud-based application delivery service that enables online businesses of all sizes to enjoy enterprise-grade website security, performance and availability. Incapsula includes a best-of-breed web application firewall, comprehensive DDoS protection, a global content delivery network, and an application level load balancer, which are available as standalone services or as an integrated solution. Incapsula is activated by a simple DNS change – no hardware of software installations, code changes or complex integrations are needed.

This article describes the current scale of the DDoS problem, understand DDos with some background, list Incapsula DDoS protection and Website Security, the Incapsula pricing levels and how to install Incapsula.

Sixfold increase in sustained attacks and nearly double the short attacks in Q1 2018 compared to Q4 2017

A recent Kaspersky Lab study, found “a significant increase in both the total number and duration of DDoS attacks in Q1 2018 compared to Q4 2017.”

The share of Linux botnets fell from 71 percent last year to 66 percent in Q1 2018. But the growth of specific botnet classes, such as Darkai, prompted a return to multiday DDoS attacks. The Kaspersky report noted that one attack lasted 297 hours — more than 12 days — which is the longest attack since 2015.

While these multiday events aren’t common, the report revealed a sixfold increase in sustained attacks, or those lasting longer than 50 hours. At the same time, short-term attacks are on the rise, up to 91.47 percent of all attacks from 85.5 percent last year.

A survey by Corero Network Security found that organizations spend up to $50,000 dealing with a single DDoS attack.

DDoS Protection

Automated Mitigation of the Largest and Smartest DDoS Attacks

Background on distributed denial-of-service

A distributed denial-of-service (DDoS) is a type of computer attack that uses a number of hosts to overwhelm a server, causing a website to experience a complete system crash.

In Feb 2018, 1.35 terabits per second of traffic hit the developer platform GitHub all at once. It was the most powerful distributed denial of service attack recorded to date—and it used an increasingly popular DDoS method called memcache reflection. This does not require botnets.

GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off.

Formal botnet attacks were used in other large DDoS efforts, like against Dyn and the French telecom OVH. Memcached DDoS attacks don’t require a malware-driven botnet. Attackers simply spoof the IP address of their victim and send small queries to multiple memcached servers—about 10 per second per server—that are designed to elicit a much larger response. The memcached systems then return 50 times the data of the requests back to the victim.

There are about 100,000 memcached servers, mostly owned by businesses and other institutions, currently sitting exposed online with no authentication protection.

Background on UDP, SYN and GET flood DDos Attacks

“UDP flood” is a type of Denial of Service (DoS) attack overwhelms random ports on the targeted host with IP packets containing UDP datagrams.

A UDP flood attack is a denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a sessionless/connectionless computer networking protocol.
Using UDP for denial-of-service attacks is not as straightforward as with the Transmission Control Protocol (TCP). However, a UDP flood attack can be initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the distant host will:
Check for the application listening at that port;
See that no application listens at that port;
Reply with an ICMP Destination Unreachable packet.

HTTP flood is a type of Distributed Denial of Service (DDoS) attack in which the attacker exploits seemingly-legitimate HTTP GET or POST requests to attack a web server or application.

HTTP flood attacks are volumetric attacks, often using a botnet “zombie army”—a group of Internet-connected computers, each of which has been maliciously taken over, usually with the assistance of malware like Trojan Horses.

A sophisticated Layer 7 attack, HTTP floods do not use malformed packets, spoofing or reflection techniques, and require less bandwidth than other attacks to bring down the targeted site or server.

Synchronized (SYN) attacks remain the most popular vector, accounting for 57.3 percent of the total volume of incidents. In addition, over 95 percent of all DDoS attack reports came from the top 10 countries, out of 79 total.

Incapsula offers Comprehensive Protection Against Any Type of DDoS Attack

Using a high-capacity network of globally distributed servers, Incapsula protects your website against all types of DDoS threats, including network level attacks (such as SYN or UDP floods) and application level attacks (such as GET floods) that attempt to overwhelm server resources. The service detects and mitigates advanced attacks that exploit application, web server and DNS server vulnerabilities, hit-and-run attacks and large botnet threats.

Transparent Mitigation

Incapsula offers transparent mitigation with less than 0.01% false positives, and without degrading the normal user experience in any way. This lets you enjoy true DDoS protection, even from lengthy attacks, without disrupting business performance.

Automatic Detection and Immediate Triggering

Incapsula’s visitor identification technology differentiates legitimate website visitors (humans, search engines, etc.) from automated or malicious clients. Incapsula distinguishes between humans and bot traffic, between “good” and “bad” bots, and identifies AJAX and APIs.

Advanced Mitigation of Layer Attacks

Our visitor identification technology differentiates legitimate website visitors (humans, search engines, etc.) from automated or malicious clients. Incapsula distinguishes between humans and bot traffic, between “good” and “bad” bots, and identifies AJAX and APIs.

Name Server Protection

Incapsula protects against DNS targeted attacks by redirecting all DNS queries for your domains to the Incapsula cloud for inspection and cleansing, so only “safe” queries reach your origin DNS server. In addition, this feature blocks attempts to use your DNS server as a platform for DNS amplification attacks against other servers.

BGP Routing-based Infrastructure Protection

To protect critical infrastructure (e.g., web, email, FTP servers) across an entire subnet of IP addresses, Incapsula offers on-demand DDoS protection based on BGP routing. When under attack, traffic is re-routed through Incapsula scrubbing centers using BGP announcements. Following inspection, legitimate traffic is securely forwarded to the enterprise network via GRE tunneling.

World-Class Support by DDoS and Security Experts
Our experienced team of Network Operations Center (NOC) engineers perform continuous monitoring and DDoS mitigation. This service includes proactive security event management and response, continuous real-time monitoring, policy tuning, summary attack reports, and 24×7 technical support

Website Security
Enterprise-Grade Security from the Cloud
Strong web application security experience, enhanced by advanced analytics, allows Incapsula to provide best-of-breed security to the world’s most security-conscious businesses. Our website security solution redefines and extends the WAF beyond traditional concepts. An advanced client classification engine analyzes all incoming traffic to your site, preventing access to malicious and unwanted visitors.

FREE INCAPSULA PLAN, $59 per site per month pro plans, $299 per site per month business plan and custom enterprise offerings

FREE PLAN
For websites in need of a performance boost, bad bot protection and other basic security features.
Global CDN
Content optimization
Static content caching
Bot protection & management
Traffic access control
Website traffic monitoring
IPv6 support
Self-service help center & community support

Incapsula is a cloud-based application delivery service that enables online businesses of all sizes to enjoy enterprise-grade website security, performance and availability. Incapsula includes a best-of-breed web application firewall, comprehensive DDoS protection, a global content delivery network, and an application level load balancer, which are available as standalone services or as an integrated solution. Incapsula is activated by a simple DNS change – no hardware of software installations, code changes or complex integrations are needed.

Incapsula is owned by Imperva. Imperva® (NASDAQ:IMPV) is a leading provider of cyber security solutions that protect business-critical data and applications. The company’s SecureSphere, CounterBreach, and Incapsula product lines enable organizations to discover assets and risks, protect information wherever it lives – in the cloud and on-premises – and comply with regulations. The Imperva Defense Center, a research team comprised of some of the world’s leading experts in data and application security, continually enhances Imperva products with up-to-the-minute threat intelligence, and publishes reports that provide insight and guidance on the latest threats and how to mitigate them

What is the Incapsula setup process? 4 easy steps

Once you select your plan from our Pricing & Sign Up page, you’ll be asked to open an account. If you choose either a paid Pro or Business plan, your free trial begins with the submission of your credit card information.

As you create your account, submit the domain URL of the website you want to add to Incapsula’s service. We’ll then provide you with simple instructions how to change your DNS records. Once you complete this step, your website traffic is gradually routed through our server network until, after 48 hours, all of your traffic is routed through Incapsula.

STEP 1
CHOOSE YOUR PLAN AND SIGN UP

Select your plan from our Pricing & Signup page.. You’ll be directed to the sign up page, where you submit your details and create an account.

STEP 2
SUBMIT YOUR DOMAIN URL

Once you create an account, you’ll be asked to submit your website’s URL.

OPTIONAL
ACTIVATE SSL

Incapsula automatically identifies when websites that support SSL traffic (HTTPS) are added to the service. Once detected, Incapsula will lead you through a simple process for activating SSL support.

STEP 4
YOU ARE GOOD TO GO!

Once you complete the DNS changes, we will start to route traffic to your website through Incapsula’s network. It may take several hours until all your traffic routes through Incapsula but during this time you will not lose a single visit.

Incapsula is guaranteed to mitigate any DDoS attack in under 10 seconds, regardless of its size and without getting in the way of legitimate traffic. Multiple DDoS protection options have been designed to meet your exact needs.

Forrester 2017 DDos mitigation report

A web application firewall (WAF) is an online security solution that filters out bad HTTP traffic between a client and web application. … Web application firewalls, on the other hand, provide an effective solution for detecting the threats by examining incoming HTTP requests before they even reach the server