Imperva recognized as a ‘Leader’ in The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021 Report

Imperva recognized as a ‘Leader’ in The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021 Report

We are delighted to share that Imperva has been named a leader in The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021 report, a trusted source for technology buyers which helps security and risk professionals select the right vendor for their needs. You can download a copy of the report here.

Imperva’s vision is to protect data and all paths to it and, according to the report authored by Forrester Senior Analyst for Security and Risk, David Holmes, Imperva delivers on its vision in terms of protection from DDoS attacks.

In the report, which evaluates DDoS mitigation solution providers to identify and analyze the most significant among them, Forrester describes Imperva as “an application security specialist vendor that fields a distributed global network to manage DDoS attacks combined with its own custom appliances (Behemoths) in its data centers to handle the heavy lifting of fighting DDoS attacks”.

The report ranks Imperva in the top two in the Current Offering category and we achieved the highest score available in thirteen of the criteria in the Forrester Wave ™ DDoS Mitigation Solutions Scorecard. Our top-scoring criteria in Current Offering include;

  • Threat detection
  • Layer 3 and UDP attacks
  • Layer 4 attacks
  • DNS
  • Burst attacks
  • Speed of implementation
  • Alerting
  • Service delivery
  • Service agreements
  • Threat intelligence

And for Strategy;

  • Product vision
  • Planned enhancements
  • Performance

DDoS attacks are diversifying

In recent years the DDoS threat landscape has evolved with attacks becoming more sophisticated and attackers applying a range of carefully engineered tactics to cause as much damage as possible to their targets. Imperva’s capacity to mitigate with speed and efficiency in the face of increasingly more complex attacks places them in a league of their own.

Pulse Wave Attacks

For example, in the last couple of years we’ve monitored a growing number of shorter, more persistent DDoS attacks, or Pulse Wave attacks, (over 50% in 2019), which take advantage of services that rely on an appliance-first/cloud second hybrid DDoS solution which is the case for many organizations moving their applications to the public cloud while still using legacy infrastructure. .

It’s exactly this type of hybrid setup that can be outsmarted by pulse wave attacks as the attackers start with small persistent bursts on the legacy appliance to congest the traffic pipe, before ramping up the attack resulting in the appliance failing over to the cloud. But, due to the congestion, the legacy appliance wont have communicated much of the attack data to the cloud, which is largely what causes appliance downtime and performance degradation. While a hybrid DDoS solution isn’t capable of handling an attack of this kind, Imperva DDoS Protection can, as we adopt a topology that deploys the cloud, and not the legacy appliance, as the first line of defense, meaning we are able to eliminate the bottleneck created by pulse wave attacks.

Attacks unprecedented in size and ferocity

At the opposite end of the scale, in the last year we mitigated some of the largest ever DDoS attacks on record seeing significant increases in both force and duration. These attacks were unprecedented and exceptional in their size and intensity and were possibly a result of the global disruption caused by the COVID-19 pandemic. But a noteworthy fact about one of these very large attacks was that the force behind the initial burst was so powerful that it peaked at 674 Gbps in under 5 seconds. This is a stark reminder of how important time-to-mitigation is and to ensure that your DDoS solution can start mitigation within seconds.

Extortion-based attacks

And finally, we mitigated a high number of extortion-based Ransom DoS attacks in 2020 mainly targeting large enterprise organizations. The extortionists threatened to launch a DDoS attack within a certain timeframe if the ransom was not paid and also threatened to begin a small DDoS attack on the company’s main IP address to prove they meant business. Any downtime, no matter how short, has the potential to cost your business money.

Improved mitigation for an evolving threat landscape

As the DDoS attack landscape has evolved Imperva DDoS Protection has been improving its mitigation capabilities. Imperva offers the most comprehensive, completely cloud-based approach to DDoS mitigation, with premium DDoS Protection for all of your assets, wherever they are, on premises or in the cloud.

We combine speed, global presence and automation for smart DDoS protection

Our industry-leading 3-second SLA and distributed network of 45 global Points of Presence means we are super-equipped to consistently block any attack, no matter the size or how fast it ramps up. We mitigate hundreds of attacks 365 days a year which we are able to tackle with the most DDoS scrubbing centers in the industry and able to sustain with our 6 Tbps global network which is capable of mitigating 65 attack packets per second.

The Imperva network was designed with software defined networking in mind. Our SD-NOC enables automated tuning, which allows us to deal with even large scale deployments with full automation. We use Anycast routing and define advanced, dynamic edge routing policies to ensure performance is optimal between our global points of presence so that we can be sure to use the best routing for traffic every time. This ensures minimal latency for the traffic to 95% of the globe with our global mesh network. All in all our DDoS Protection is incredibly smart.

We meet data sovereignty compliance

By having a scrubbing center at every point of presence (PoP) not only allows us to tackle the bad traffic at any location but it also enables us to keep traffic out of certain regions, which is essential for countries with data sovereignty compliance requirements.

A Security-First Single-Stack Approach to Cloud Application Security

And that’s not all. Imperva DDoS Protection is architected with a single stack of layered security services where each part plays a role and shares intelligence among the consolidated layers of defense, with all security and delivery features served from each and every PoP. This also streamlines performance by reducing latency. Using a provider offering an assortment of different solutions can result in a complicated user interface and complicate your security management, increasing your vulnerability to cyber attacks.

Imperva DDoS protection has you covered

Investing in good DDoS Protection is like opening an insurance policy, because when you are the target of a DDoS campaign, you need to have a fast, efficient and reliable mitigation solution in place. You might never need it, but if you do come under attack, with the cost of one hour of downtime for an enterprise estimated to be between 100,000 and 300,000 USD, you want to be sure your DDoS solution is going to work well, and work fast.

Download the report here.