Always-on, Cloud-based DDoS Protection

DDoS Protection

The Imperva Incapsula Website DDoS Protection solution is an always-on, cloud-based DDoS protection service that automatically detects and mitigates all types of DDoS attacks launched at websites and Web applications.

This service is built on-top of the Incapsula Content Delivery Network (CDN) and leverages a PCI DSS compliant Web Application Firewall technology. As a result, in addition to ensuring DDoS attack prevention, Incapsula also guards against exploitation of application vulnerabilities and ensures that website traffic runs normal operating speeds, even during large-scale volumetric attacks.

Key Capabilities

  • Incapsula Website DDoS Protection
    web application protection
    • Always-on protection ensures automatic detection and mitigation of DDoS attacks
    • Complements the web application protection provided by Imperva SecureSphere Web Application Firewall
    • Identification and differentiation between humans, good bots, bad bots, AJAX and APIs
    • Includes CDN for website performance and security enhancement
    • Transparent mitigation with extremely low false positives (<0.01%)
  • How To Stop A DDoS Attack

    Incapsula Website DDoS Protection uses DNS redirection to persistently reroute website traffic (HTTP/HTTPS) through the Incapsula network.

    Once traffic enters the Incapsula network, it is subject to progressively stringent layers of inspection. Using sophisticated security rules and challenges, Incapsula ensures that DDoS attack traffic is identified and filtered out, while allowing legitimate traffic to flow unhindered to protected websites. At the same time, Incapsula also masks the origin server IPs to counter direct-to-IP attacks.

    Since the service leverages the Incapsula global CDN, no latency is introduced as Web traffic passes through our network. In fact, in many cases, the user experience is enhanced. It’s a win-win situation—you get DDoS attack prevention and an improved user experience.

  • Comprehensive Protection for DDoS Mitigation
    Comprehensive DDoS Protection

    Website DDoS Protection is seamlessly compatible with other Incapsula security solutions, including the Name Server DDoS Protection and Infrastructure Protection services.

    Together these solutions provide Incapsula customers with the most robust DDoS offering on the market.

  • High-Capacity Network
    DDoS attacks

    As network DDoS attacks—such as SYN flood and DNS amplifications—continue to grow in size, your organization needs robust network capacity to mitigate any threat that might come your way. Incapsula’s global network of data centers offers 1.5+ Tbps of aggregate scrubbing capacity, delivering DDoS attack prevention against the largest attacks.

  • DDoS Bot Detection
    DDoS Bot Detection

    Incapsula’s renowned traffic inspection technology is proven to accurately identify malicious bots used for Layer 7 DDoS attacks. Relying on a combination of behavior and reputational analysis, rate-based heuristics, and a series of progressive challenges, Incapsula can weed out even the most sophisticated DDoS bots, with no impact to regular human visitors.

  • IP Masking
    DDoS Protection - IP Masking

    Incapsula acts as a secure proxy, masking the actual IPs of the origin server to prevent direct-to-IP DDoS attacks. For added security, operators can also choose to block incoming traffic from all non-Incapsula IPs, ensuring that all visitors are inspected on their way to the origin.

  • Zero Business Disruption
    denial-of-service protection

    Incapsula not only protects websites from complete denial-of-service, but also from disruptions related to DDoS attacks, mitigation false-positives, and more. We offer transparent mitigation with less than 1% false positives, and without degrading the normal user experience, in any way. This lets customers enjoy true DDoS attack protection, even from lengthy attacks, without disrupting business performance.

  • Real-Time Response
    DDoS Monitoring

    The Incapsula Real-Time monitoring solution provides live visibility into incoming traffic streams, offering detailed information about suspicious visitors and abnormal behavior. At the same time, the Incapsula custom security rule engine allows operators to implement new security rules on-the-fly. Together, these features enable effective real-time response to all security threats.

  • Cost-Effective Website DDoS Protection

    The Incapsula cloud-based DDoS protection service offers 24x7 protection against all DDoS attacks without the need for multi-gigabit Internet connections, or any additional hardware. Using Incapsula eliminates the setup and overhead costs associated with over-provisioning and deployment of additional on-premise appliances.