There are many benefits in migrating to the best-in-class Incapsula cloud security solution from Akamai.
In a recent webinar, Tim Matthews, VP of Marketing, Incapsula, examined the core differences between the Imperva Incapsula suite of security tools and those of Akamai. Andrey Shkanov, Incapsula Lead Solution Manager, offered his best tips and tricks, as well as use cases.
Here we’ve wrapped up the details about how to make your switch to Incapsula a breeze.
Scoping Out Your Migration to Incapsula
In a nutshell, here are the highlights of migrating to Incapsula, as well as key differences:
- Mapping deployment and savings – Incapsula users find significant cost savings with the same level of service. Additionally, there are several operational efficiencies in having all your applications accessible in a single-user interface.
- Migration in minutes – You can make the switch to Incapsula in minutes via a simple DNS record change.
- Similar onboarding process – Incapsula uses the same sizing metrics, so the transition is very similar if you’re already familiar with Akamai onboarding.
The Incapsula CDN
Four key functional areas of the Incapsula package offering include website security, distributed denial of service (DDoS) protection, load balancing failover and a content delivery network (CDN) in one global cloud.
When your traffic is routed through Incapsula, it’s inspected for attack signatures. If a DDoS assault is detected, our CDN assesses if your network or application layer is the target and performs the appropriate mitigation.
The Incapsula CDN also looks for common threat signatures like cross-site scripting (XSS) attacks, SQL injection assaults and—importantly—bot penetrations looking to scrape your site or add unnecessary traffic to it.
Comparing Basic Functionality
Matthews compared Incapsula versus Akamai website security and DDoS mitigation capabilities. In addition to inspecting inbound traffic, the Incapsula CDN simultaneously accelerates traffic. It performs both dynamic and static caching while load balancing your traffic—all on a single platform. “All of our global PoPS have these capabilities built in, and you get all of them when you sign up to use the Incapsula cloud,” he said.
Comparing Website Security Capabilities
When considering the Incapsula Web Application Firewall (WAF), there are several notable points:
- Gartner Magic Quadrant award-winning WAF – Gartner, the world’s leading information technology research and advisory company, named Incapsula a leader in its Magic Quadrant.
- Bot or not – Incapsula bot mitigation can be implemented without any service disruption.
“We have the ability to do client classification, and we are able to understand whether or not the visitor to a website is a human or a bot,” stated Matthews.
- Two-factor authentication – This feature lets you layer on two-factor authentication in any login or admin page without any changes to your own code.
- Backdoor protection – Incapsula protects against backdoor vulnerability—malicious code inserted into a server that can be activated by a hacker trying to break into your system and take control.
- Custom security rules – You can build custom security rules for your website or update them in response to a vulnerability notification. Propagation is immediate.
- 60-second propagation – Responding to a vulnerability report can quickly be done via the Incapsula dashboard. Admins can write a rule using our IncapRules and implement an update within seconds.
DDoS attacks continue to make front-page news. Many organizations have now implemented world-class mitigation services or systems for their websites, with others quickly doing the same. Incapsula offers several advanced DDoS mitigation solutions:
- Incapsula = one platform; Akamai = three platforms – The Incapsula DDoS solution is built in, simplifying deployment and administration that yields cost savings. Akamai requires three separate platforms, including its KSD and Prolexic.
- Client classification for low false positives – Incapsula performs client classification to detect if a visitor is a bot, a human, or a bot posing as a human. Bots are further classified as being good, such as Google bots crawling your site and improving page ranking, or malicious. Only the latter are blocked.
- Instant security rule propagation – Similar to the Incapsula WAF, you can build custom DDoS rules that are quickly propagated across your network.
- Infrastructure protection for network protocols – This service is unique to Incapsula. You can protect your infrastructure at the network layer on a per-IP basis without having an entire C class subnet. Individual IP addresses can be protected not only against web attacks, but also against assaults targeting other network protocols (this feature is currently in beta.)
What Akamai Offers
Akamai offers a few features in these areas, some not yet available with Incapsula:
- Video streaming – The Incapsula CDN is not designed for video streaming and large static file serving. However, Incapsula can run in front of Akamai’s CDN or alongside it (depending on how users access streaming and file serving).
- Custom application delivery rules – There are a few cases in which custom application delivery rules present in Akamai are not fully supported in Incapsula. For example, always cache and never cache aren’t supported, but you can specify this on an individual URL-basis within Incapsula.
Built-in security, site access acceleration, the unified Incapsula dashboard, rapid custom rule propagation and simplified onboarding process—in addition to significant cost savings—combine to provide a competitive advantage to your organization.
Watch the complete webinar, “Migrating from Akamai to Incapsula: What You Need to Know,” to find out more.
Get the latest from imperva
The latest news from our experts in the fast-changing world of application, data, and edge security.