Imperva DDoS Protection Service
Stop DDoS Attacks before They Reach Your Network

Features:

DDoS Attacks Can Be Devastating

DDoS attacks have become the weapon of choice of cybercriminals, hacktivists, and nation-states because they are inexpensive to perform and difficult to stop. For $50, a malicious user can rent a botnet to launch an attack on the Website of their choosing. But the impact on the targeted organization is much more expensive, costing businesses $27 million on average for a 24-hour outage.

New DDoS Attacks Can Evade Traditional Defenses

To circumvent network defenses, an increasing number of DDoS attacks target Web applications and application databases. These DDoS attacks mimic regular Web traffic and they initiate requests too slowly to be detected by traditional firewalls. For example, hundreds of bots might perform online searches to cripple a website's back-end database, taking the site offline. Application DDoS attacks often fly under the radar of traditional network-based defenses, resulting in hours, days or weeks of downtime.

DDoS Security Services Often Come Up Short

Service providers often provide security services to mitigate DDoS attacks. However, most of these services focus on blocking volumetric attacks – not advanced application DDoS attacks. In fact, many of these services cannot inspect SSL traffic, so they are blind to advanced attacks targeting HTTPS applications. Moreover, many of these services are fully managed, preventing enterprises from monitoring or fine-tuning their own security defenses.

DDoS Appliances Expose Businesses to Upstream Attacks

While dedicated DDoS security appliances prevent application DDoS attacks, they cannot handle massive volumetric attacks – attacks that top 200 Gbps of throughput and surpass customers' internet bandwidth limits. To eliminate downtime, organizations must block volumetric attacks before they reach the network.

End-to-End DDoS Protection from Imperva

Imperva offers hybrid cloud and on-premise DDoS security that can stop large-scale volumetric attacks in the cloud, but still provide enterprises on-site visibility and control. The SecureSphere Web Application Firewall blocks application DDoS attacks on-premise. DDoS Protection Service for SecureSphere, a managed security service for SecureSphere customers, prevents volumetric attacks and app-layer DDoS attacks in the cloud. With a hybrid DDoS security solution from Imperva, organizations can avoid brand damage and lost revenue due to denial of service threats.

DDoS Protection Service for SecureSphere

Imperva offers a cloud-based security service to complement the SecureSphere Web Application Firewall. DDoS Protection Service for SecureSphere, an add-on subscription for SecureSphere customers, mitigates attacks that saturate organizations' ISP connections and prevent legitimate traffic from reaching organizations' networks. It also stops application DDoS threats like Slowloris and RUDY.

Ironclad Protection Scaling to Stop 350 Gbps Attacks
Powered by Imperva Incapsula, this service offers a complete defense against all types of DDoS threats, including network-based attacks like SYN flood, UDP flood, teardrop, and smurf attacks.

With DDoS Protection Service for SecureSphere, customers can rest assured that their applications are always accessible without needing to over-provision Internet bandwidth.

Supercharged Bot Detection Eliminates App DDoS Attacks
DDoS Protection Service for SecureSphere sets itself apart from other DDoS security services by accurately identifying and stopping application DDoS attacks.

DDoS Protection Service for SecureSphere stops known DDoS attack tools like DirtJumper, #RefRef, and Hulk and prevents slow rate attacks like Slowloris from ever reaching protected web servers. Because the service proxies connections and decrypts SSL traffic, it can stop SSL-based attacks that circumvent many ISPs' DDoS mitigation services. However, the single most important technology powering this DDoS protection service is an advanced bot mitigation engine. Virtually all DDoS traffic originates from automated clients.

DDoS Protection Service for SecureSphere can detect automated clients based on behavior and user agent information. It can recognize when a bot claims to be wellknown browser, but deviates from expected browser behavior. It can spot HTTP requests that are too fast, mismatched user agent data, and other attributes that expose bots. And it can issue a series of challenges, starting with JavaScript checks and ultimately concluding with CAPTCHAs to correctly stop automated DDoS clients without blocking legitimate users.

SecureSphere for Always-on Application DDoS Protection
The Imperva SecureSphere Web Application Firewall is an on-premise security appliance that stops application DDoS attacks as well as Web attacks like SQL injection, site scraping, and fraud.

SecureSphere uses the following defenses to thwart app DDoS attacks:

• ThreatRadar Reputation Services provides an up-to-date feed of users that are actively attacking other websites, anonymous proxies, and TOR networks, and IP geolocation data.
• Up-to-Date Web Attack Signatures identify known bot user agents and known DDoS attacks vectors.
• DDoS Policy Templates detect users that generate HTTP requests with long response times or download multiple large-sized files.
• Bot Mitigation Policies send a transparent JavaScript challenge to users' browsers to detect and block bots.
• HTTP Protocol Validation uncovers buffer overflow attempts and evasion techniques.
• Patented Dynamic Profiling Technology learns applications – URLs, cookies, and parameter values – to block anomalous behavior.
• Custom Security Rules can examine multiple attributes, from IP reputation and header agent information to the rate of HTTP requests to block DDoS attack traffic.

The SecureSphere Web Application Firewall offers organizations granular DDoS security policies and detailed alerting and reporting.

SecureSphere stops application DDoS attacks with laser precision.

Management and Monitoring from DDoS Security Experts

While automated defenses can stop most DDoS attacks, they cannot mitigate all attacks, especially application-layer assaults that exploit business logic flaws. Advanced attacks can target specific weaknesses in an application and evade standard DDoS defenses. Detecting and stopping anomalies, such as repeated user login attempts that slow down a database or millions of requests from an obscure country, requires monitoring and tuning by security professionals.

As part of its DDoS Protection Service, Imperva offers 24x7 managed services delivered by knowledgeable Security Operations Center (SOC) engineers. Imperva's team of SOC engineers quickly investigate and respond to new DDoS security threats. They can pinpoint never-before-seen threats, such as modified DDoS attack tools or application exploits, and create policies to block these attacks.

Complete Protection Against DDoS Attacks

Organizations can rely on Imperva's cloud and on-premise security solutions to stop powerful DDoS attacks. DDoS Protection Service for SecureSphere, a simple add-on subscription for SecureSphere customers, provides ironclad protection against application and network DDoS attacks. With a global network of datacenters and an advanced bot mitigation engine that correctly identifies and stops bots, this security service fends off the most complex DDoS attacks. The SecureSphere Web Application Firewall offers granular policy control and detailed alerting and reporting to ensure applications are always available and responsive.

With Imperva, customers receive both on-site and cloud-based DDoS security from a single vendor. Imperva delivers integrated and complete DDoS protection and managed security services to thwart high-volume attacks and advanced application DDoS threats.

Deployment:

DDoS Protection Service for SecureSphere can be rolled out without any hardware, software or Web application changes. When customers are under attack, they simply change their Website's DNS settings. This effortless deployment allows customers to be protected in a matter of minutes while maintaining their existing hosting provider and application infrastructure.

The SecureSphere appliance provides continuous protection against app DDoS attacks. When DDoS attacks threaten to overwhelm customers' Internet connections, they can update DNS settings to route traffic through the Imperva cloud. Then DDoS Protection Service for SecureSphere blocks DDoS traffic and forwards legitimate requests to the protected web application.

Specifications:

Specification	Description
Security	Network and application DDoS attack protection Bad bot blocking Access control by country Access control by visitor type Advanced security actions Security rule fine tuning Support for HTTPS Sites Threat Control dashboard
Performance	Globally distributed network Static and dynamic content caching Connection optimization Dynamic content compression Content minification1
Managed Security Service	Around-the-clock health monitoring Threat alert email notifications Performance notifications Server outage notifications Application response time analysis Proactive security event management and response Proactive policy tuning Weekly reporting Around-the-clock support
DDoS Attack Protection2	TCP SYN+ACK TCP FIN TCP RESET TCP ACK TCP ACK+PSH TCP Fragment UDP ICMP IGMP HTTP Flood Brute Force Connection Flood Slowloris Spoofing DNS flood Mixed SYN+UDP or ICMP+UDP flood Ping of Death Smurf Reflected ICMP and UDP Teardrop Zero-day DDoS attacks DDoS attacks targeting Apache, Windows or OpenBSD vulnerabilities As well as other attacks...

¹ Eliminating unnecessary application code such as white spaces and comments.
² The Imperva DDoS Protection Service can detect and block the following DDoS threats. Note that DDoS Protection proxies Web requests, so any network layer DDoS attacks would target the cloud infrastructure and would never be relayed to the client network. Therefore, DDoS Protection will prevent all network DDoS attacks.

Documentation:

Download the DDoS Protection Service Datasheet (PDF).