Website DDoS Protection
Always-on, Cloud-based DDoS Protection
The Imperva Incapsula Website DDoS Protection solution is an always-on, cloud-based DDoS mitigation service which automatically detects and mitigates all types of DDoS attacks launched at websites and web applications.
This service is built on-top of the Incapsula Content Delivery Network (CDN) and leverages a PCI DSS compliant Web Application Firewall technology. As a result, in addition to securing websites against DDoS threats, Incapsula also guards against exploitation of application vulnerabilities and ensures that website traffic runs normal operating speeds, even during large-scale volumetric attacks.
Incapsula Website DDoS Protection
- Always-on protection ensures automatic detection and mitigation of DDoS attacks
- Complements the web application protection provided by Imperva SecureSphere Web Application Firewall
- Identification and differentiation between humans, good bots, bad bots, AJAX and APIs
- Includes CDN for website performance and security enhancement
- Transparent mitigation with extremely low false positives (<0.01%)
How it Works
Incapsula Website DDoS Protection uses DNS redirection to persistently reroute website traffic (HTTP/HTTPS) through the Incapsula network.
Once traffic enters the Incapsula network, it is subject to progressively stringent layers of inspection. Using sophisticated security rules and challenges, Incapsula ensures that DDoS attack traffic is identified and filtered out, while allowing legitimate traffic to flow unhindered to protected websites. At the same time, Incapsula also masks the origin server IPs to counter direct-to-IP attacks.
Since the service leverages the Incapsula global CDN, no latency is introduced, as Web traffic passes through our network. In fact, in many cases, the user experience is enhanced.
Comprehensive Protection
Website DDoS Protection is seamlessly compatible with other Incapsula security solutions, including the Name Server DDoS Protection and Infrastructure Protection services.
Together these solutions provide Incapsula customers with the most robust DDoS offering on the market.
High-Capacity Network
As network DDoS attacks, such as SYN flood and DNS amplifications, continue to grow in size, your organization needs robust network capacity to mitigate any threat that might come your way. Incapsula’s global network of data centers offers 700+ Gbps of aggregate scrubbing capacity, enabling it to easily block the largest DDoS attacks.
DDoS Bot Detection
Incapsula’s renowned traffic inspection technology is proven to accurately identify malicious bots used for Layer 7 DDoS attacks. Relying on a combination of behavior and reputational analysis, rate-based heuristics, and a series of progressive challenges, Incapsula can weed out even the most sophisticated DDoS bots, with no impact to regular human visitors.
IP Masking
Incapsula acts as a secure proxy, masking the actual IPs of the origin server to prevent direct-to-IP DDoS attacks. For added security, operators can also choose to block incoming traffic from all non-Incapsula IPs, ensuring that all visitors are inspected on their way to the origin.
Zero Business Disruption
Incapsula not only protects websites from complete denial-of-service, but also from disruptions related to DDoS attacks, mitigation false-positives, etc. We offer transparent mitigation with less than 1% false positives, and without degrading the normal user experience, in any way. This lets customers enjoy true DDoS protection, even from lengthy attacks, without disrupting business performance.
Real-Time Response
The Incapsula Real-Time monitoring solution provides live visibility into incoming traffic streams, offering detailed information about suspicious visitors and abnormal behavior. At the same time, the Incapsula custom security rule engine allows operators to implement new security rules on-the-fly. Together, these features enable effective real-time response to all security threats.
Documentation:
Download the DDoS Protection (PDF).