May 28, 2014

Today, Incapsula, one of Imperva’s companies focused on cloud application delivery and security, announced two significant extensions of their DDoS mitigation capability.

  • DNS Protection - New anti-DDoS service that safeguards DNS servers, while also accelerating DNS responses.
  • Infrastructure Protection - New BGP enabled solution that can provide DDoS protection to entire subnets, prevent direct-to-origin attacks, protect FTP and email servers, and other crucial infrastructure elements. 

The underlying technology powering these services is Incapsula’s custom-built scrubbing hardware (codenamed “Behemoth”) that can process 170Gbps worth of traffic, performing deep packet inspection, filtering, tunneling, and routing.

Igal Zeifman of Incapsula goes into more detail on the Incapsula blog

Neither of these on its own is an industry first. What’s interesting here is the combination of the two with Incapsula’s DNS-based cloud solution, layer 7 DDoS mitigation, and Imperva’s on premise web application firewall. That combination represents by far the most comprehensive DDoS mitigation offering to thwart the largest and most sophisticated DDoS attacks.

Some context around “most comprehensive”

There have been two recent acquisitions (Akamai/Prolexic and F5/Defense.Net) in the space, both claiming some form of “most comprehensive.” But the first is limited to cloud based deployment only, and while the second does combine cloud with on premise, the cloud solution lacks sophisticated layer 7 capabilities.

These days, DDoS attacks often resemble APT attacks in that attackers adjust their tactics as mitigation steps are taken, often combining DoS attacks with other application level attacks. In these cases, a defense in depth approach is required to keep all bases covered as the attacker changes tactics. This should include keeping most of the attack traffic away from your networks and infrastructure via the cloud. But, as the attack becomes more application specific and starts to include business logic attacks, you need to have the traditional WAF tools in place to detect and block them.

Share:

Posted by Imperva Blogger at 12:01:33 PM


Tags:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.