Imperva Incapsula Review
We have gone through paid evaluations of several DDoS mitigation services, but all of them failed to block DDOS attacks


Our company has recently reached 3.5 million registered users and 200,000 hosted websites. Daily DDoS attacks on our platform resulted in unnecessary and prolonged downtime for the thousands of sites on our network. These attacks included network level (layer 3 & 4) attacks ranging from 2Gbps to 10Gbps with various attack vectors such as UDP attacks but most commonly SYN floods which exploit the TCP three-way handshake to consume the server’s connection resources. The more challenging attacks were the diverse application level (Layer 7) attacks. These attacks seem as if they are originating from legitimate sources, try to mimic human behavior and consume the backend computing resources of the website.

We were seeing daily DDOS attacks, sometimes multiple DDOS attacks in parallel on various client websites. Since our company is a global hosted community platform and social network, everyone was affected at the same time. We needed to make sure that no attack on any one website could bring other websites down. We have gone through paid evaluations of several DDoS Mitigation services, but all of them failed to block DDOS attacks automatically without serious side effects, as blocking legitimate visitors

Once we decided to evaluate Incapsula's Cloud-Based DoS protection, Incapsula's team quickly helped us to setup a few of our websites on the service.

Once we joined Incapsula, they immediately identified that our network was under various types of attacks at almost any given time, both network and application level attacks.

While the network based attacks were absorbed by Incapsula’s backbone, the application layer attacks were very diverse. Incapsula relied very heavily on their bot detection and progressive DDoS challenge technology, to block 100% of attackers transparently, without incurring any noticeable effect to almost all of the real users.

Maintaining the best possible customer experience was a key consideration for us. It was very apparent why other DDoS protection services that involve delays, CAPCHAs and other side effect on visitors' would not work for us. Also, a DDoS solution that isn't fully automated, would keep our team constantly busy to enable/disable the protection service.

Incapsula’s ability to allow human and legitimate bot traffic to access the website with no interruption, while filtering network and application level DDoS traffic, allowed us to put our DDoS problems behind and focus on what we do best, which is building a great platform for the online gamers community.

Incapsula is now a critical component of our security infrastructure. All traffic to our network and hosted websites passes through Incapsula for screening. Malicious traffic and DDOS attacks are blocked automatically.

We take advantage of Incapsula's DDoS Protection key benefits, to secure our online properties:

  • Protection against Network and Application Level Attacks- Through a worldwide network of multi-gigabit scrubbing centers and unique bot (automation) detection technology, Incapsula provides complete protection for both network (Layer 3 & 4) and application level (Layer 7) DDoS attacks.
  • 24x7 Managed Security Service- Incapsula’s DDoS security team monitors attacks and is available on-demand before, during or after attacks to ensure that our sites are up and running and performing.
  • vZero Business Disruption- Incapsula’s CDN and bot detection technology ensure that even under attack, our website traffic is accelerated and legitimate visitors are not delayed or denied access to our sites.

Our network was finally clear from the endless onslaught of crippling UDP & SYN flood attacks that we had been experiencing. Using Incapsula's dashboard, we were able to see exactly when each attack was happening, and continue delivering service to millions of users during the attack. We also saw a sharp drop in unwanted bot activity, which resulted in a 20% drop in load on our servers. A key feature we were looking for is a very low false positive rate during mitigation. Incapsula proved to have a near zero false positive rate, and legitimate users had no trouble accessing our websites during prolonged DDOS attacks.

Disclosure: IT Central Station has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.
4 visitors found this review helpful

Free Trial

Request quote & free trial

11 Comments

kapilmalik1983ConsultantTOP REVIEWER

Does Incapsula implementation require dedicated hardware/software? Is there any limit of websites per device can manage or is it based on license?

17 November 13
it_user1020VendorPOPULARLEADERBOARD

I work for a higher-education institution, and we just recently deployed our Oracle Peoplesoft Campus solution system. Though not as big as your organization, we have our fair share of these types of attacks every now and then. We have a Cisco ASA firewall, and we see DDoS and other types of attacks (UDP and SYN flood) occurring on a daily basis. Reading through the review, I brings to mind some questions:

1. How would this product work with your existing security systems like firewalls and intrusion protection systems?
2. Would you recommend this product for a higher-education institution with a limited budget?

21 November 13
it_user6216Vendor

Hi
I`m a Product Evangelist for Incapsula.
@kapilmalik1983 No it does not. To activate Incapsula for your websites/web applications you just need to reconfigure your DNS settings. (seamless - downtime free - 5-minute process )

No, there is no limit to the number of websites we can manage. The service is provided via a monthly subscription model.

25 November 13
it_user6216Vendor

Hi Francis

To answer your questions

1. We provide our customers with enterprise-grade PCI compliant WAF, which can be integrated with your existing security systems (traffic via proxy, first to Incapsula's CDN, then to the on-premises security appliances). This is actually a very common scenario, as many of our clients come to us for DDoS protection, with an application layer security solutions already in place.
Having said that, we notice that over time, many of our customers tend to remove their on-premises solutions and rely on Incapsula-only setups. The most common reason for doing that is to reduce redundancy, as our WAF comes at no extra cost for all DDoS customers.
Still, this is entirely up to you.

2. Definitely. We have several customers in that category.

25 November 13
it_user3876ConsultantPOPULAR

Hi Igal-Zeifman. Does Incapsula provide SSL support, SQL injection and Advanced exception handling features in its free plan?

28 December 13
it_user6216Vendor

Hi @Imran_sh, thank you for your interest.

To answer your questions, our free plan is mostly geared toward non-commercial sites, as such it's structured around CDN acceleration features, static content caching and anti-bot security features.

From security stand point - as our data/experience shows - our free plan users are not-likely to be specifically targeted (manual SQLi, SSL hacks etc). Instead they are often attacked by automated-hacking tools. While such tools can execute SQLi, XSS (as well as Brute Force and other types of attack), they are much easier to block simply by uncovering their non-human origin.

As you might be aware, Incapsula is widely recognized for it's Client Classification algorithms, which are employed both for bot filtering and Layer 7 DDoS mitigation.

Our free plan provides access to those algorithms, helping our free users prevent access from malicious non-humans.

As for SSL, we offer full SSL support starting from Personal plan (19 USD/month). While this isn't free, it's cheaper than what offered by all of our immediate competitors.

I`m not 100% sure what you mean by Advanced Exception handling (WAF rules? IP rules?) In case of the latter, the answer is 'Yes', our free users can configure IP/Geo-location and Client based restrictions.

29 December 13
it_user3876ConsultantPOPULAR

Thanks for your informative reply. One of the most serious threats that website administrators face today is “Backdoor Attacks”. When a backdoor is installed on server, any intruder can breach the website security and can modify its content. Does Incapsula provide any solution for avoiding such attacks?

11 January 14
it_user6216Vendor

Hi, yes we do. Our backdoor shell protection comes in two forms: one is our Backdoor Protect feature that identifies backdoor shell by intercepting incoming commands (i.e. from hacker or from botnet CnC) and disabling the malicious files. This method is far more effective than the usual signature-based detection methods, as most shell are non-typical - either unique or heavily modified to avoid recognition.
Our second method of protection revolves around our IP Reputation algorithms. Among other things, these also monitor known shell distribution resource and block them, when they are used against our clients.
Our research shows that most shell are distributed via centralized sources (56% of which remain active for over 60 days) so, as you can imagine, we manage to prevent a lot of attacks just by knowing what these sources are. Currently our IP reputation data-base holds ~3M IPs and it's updates each time new attack identified anywhere across our network.

http://www.incapsula.com/the-incapsula-blog/item/685-backdoor-protect-detect-quarantine-remove-shells
http://www.incapsula.com/the-incapsula-blog/item/802-rfi-attacks-in-the-security-threat-landscape

16 January 14
it_user1020VendorPOPULARLEADERBOARD

Hi Igal-Zeifman,

Thank you for replying to my post a few months ago. :)

I have some follow-up questions though. What could you recommend to us should we decide to go for your solution? As mentioned, we have an Oracle Peoplesoft Campus Solution system on premise in fully-virtualized VMware environment. Do you have package plans for this sort of thing?

21 January 14
it_user6216Vendor

Hi FrancisM,
Am I right to assume that you want to use Incapsula for your websites/web applications?
If so, there should be no problem on-boarding Incapsula on any of our plans.
Having said that, the plan should reflect you needs.
Below is a short explanations of our different plans.

Free: standard CDN acceleration and protection from automated-threats
Personal: improves acceleration by introducing intellegent-caching (good for dynamic content)
Business: further hardens security with our PCI DSS compliant WAF
Enterprise : enables DDoS protection & Load Balancing/Failover features, 99.999% SLA etc

From what you've described it sounds like an Enterprise plan (I`m assuming multi-server scenario) but I would definitely suggest contacting our team, as they can learn more about the specifics and help you reach the right decision .

22 January 14
it_user182781Real User

Incapsula helped us mitigate 80GB/s multilayered ddos attacks and nearly immunized us completely against network layer attacks. They also stopped attacks that didn't have names within hours. I can't say there is never downtime but thats the case with any serious denial of service....but in the hundreds of thousands of dollars my clients spent on live testing ddos firewalls, incapsula's team, system and interface were simply the best.

19 January 15
Guest
Why do you like it?

Sign Up with Email