Search blog for

How to Secure Google Cloud Platform Deployments with the Imperva Incapsula Service

We are pleased to announce that the Imperva Incapsula service is available on Google Cloud Launcher. Incapsula complements Google Cloud Platform (GCP) with a Gartner Magic Quadrant-leading web application firewall, Forrester Wave-leading DDoS mitigation, and application layer load balancing for any website or application in a pure or hybrid GCP environment.

Find out how you can secure your cloud deployment at our upcoming webinar,  “How Imperva Incapsula Secures and Protects Google Cloud Customers” on October 12. Webinar attendees who are new customers will receive up to $1000 of credits, $500 each for GCP and Incapsula services.

Web Application Firewall and DDoS for Google Cloud

As data and applications move to the GCP so does the increased threat of web attacks like SQL injections, cross-site scripting (XSS), hacking attempts, bad bots and application layer DDoS floods. While the GCP includes a number of basic security features such as data encryption, authentication, and vulnerability scanning, it recommends using a specialized solution for protection against web attacks, bots, and application layer DDoS attacks.

Incapsula protects Google-hosted applications from all web and DDoS attacks, filtering out malicious traffic before it reaches the GCP. Incapsula can be deployed in a few minutes, and once configured, automatic daily updates of bot signatures and reputation lists offload your staff of the burden of learning and configuring security rules.

Protection for All Environments

Incapsula covers any deployment model for GCP, including hybrid cloud environments. Customers that are migrating to GCP can make a simple DNS change to enable their GCP deployments to benefit from the same level of protection as their existing on-premises deployments. Incapsula gives customers the ability to apply a consistent security model across their entire infrastructure whether it be on premises or on a private or public cloud.

google-cloud-platform_blog

Here are three common examples of how Incapsula secures and protects GCP users:

Use Case 1: with Google Load Balancing

Incapsula complements Google security services by providing an additional layer of protection in front of the traffic before it reaches GCP. After Incapsula is deployed, attacks are mitigated before they can reach the GCP servers.

To start, Google provides an IP address that can be found on the Load Balancing control panel.

gcp-01

To begin the configuration process with Incapsula, it is necessary to create a DNS entry mapping the hostname to the GCP load balancer IP address (provided by Google) on the Cloud DNS control panel.

gcp-02

Once the mapping exists in the DNS zone file, Incapsula will pull the load balancer IP address by performing an NS lookup on the load balancer DNS entry.

gcp-03

After a site is successfully provisioned on Incapsula, it is assigned a unique CNAME record that is used both for pointing traffic to the Incapsula network and also to identify the Incapsula site when multiple applications point to the same site.

gcp-04

Use Case 2: Hybrid Deployments

Incapsula is deployed in front of all customer applications, including GCP, in existing on-premises data centers, or in other cloud environments. As a result, the customer gets a single application to monitor and enforce policies across all deployments. This ensures security policies are identical between GCP and the customer’s on-premises deployments, making the migration of the security architecture to the GCP as simple as making a DNS change.

gcp-05

GCP websites using Incapsula Website Protection for hybrid deployments are protected from any DDoS attack, including both network (layer 3 and 4) and application (layer 7) attacks.

Use Case 3: Without Google Load Balancing

Customers can also use Incapsula DDoS protection and Web Security services with the Incapsula service layer 7 load balancing by pointing their DNS settings to the Incapsula CNAME.

gcp-06

Incapsula Load Balancer distributes user requests among origin data centers and GCP alias names to achieve optimal performance and response time. In addition, it helps ensure high availability in the case of a malfunctioning server or data center by routing traffic to a healthy server.

gcp-07

In all use cases, Incapsula provides security and acceleration at the web application level by mitigating all types of attacks in real time, before they reach the GCP.

gcp-08

Users can also create custom security rules in the settings dashboard. Once created, all of the customer’s rules are propagated throughout the Incapsula network within 90 seconds. The example below shows a rule written to block scraping bots.

gcp-09

Learn More About GCP and Incapsula

Find out how the GCP and Incapsula can provide a scalable, resilient and secure cloud platform for your website by registering for the webinar, “How Imperva Incapsula Secures and Protects Google Cloud Customers” on October 12. Webinar attendees will receive up to $1000 of credits, $500 each for GCP and Incapsula services (available for new customers only).