WP Meet Yoav Cohen, the architect of the Incapsula network

Archive

Meet Yoav Cohen: Architecting a Next Generation Network

Meet Yoav Cohen: Architecting a Next Generation Network

I spoke to Yoav Cohen, VP, R&D at Imperva Incapsula during his visit to our U.S. headquarters. We talked about his plans for 2016, network attacks, and his passion—building a next-generation network.

Incapsula: 2015 was a busy year for cyber security. What have you seen in relation to network attacks?

Cohen: Our analysis of recent attacks indicates that network hackers are becoming more sophisticated. Hackers have learned that simple network floods, either by employing large botnets, high-end zombie servers, or amplification techniques can be detected and mitigated by relatively simple techniques. We see a rise in attacks that try to mimic real traffic and evade classic mitigation algorithms. This is similar to the cat-and-mouse game security vendors and hackers have played in recent years in the field of HTTP-based DDoS attacks, going from simple HTTP floods to attacks that combine multiple vectors and are harder to detect.

Since we’re in a very innovative area, we need to meet these new challenges head on. Since the launch of our Infrastructure Protection service 18 months ago, we learned a great deal about modern network DDoS attacks. By observing and mitigating attacks to some of the world’s biggest online services we have evolved our technology so that we are able to detect attacks faster, and by using our big data-based threat intelligence systems react to new attack patterns in real-time. We build our own mitigation stack, which lets Incapsula be increasingly agile and responsive to the needs of our customers.

To make that possible we built a new engineering team around network security and DDoS. The network security team is focused on building our own proprietary technology and platform. Much of their time is spent creating the engines, advanced rules, and algorithms to mitigate attacks.

Yoav

Incapsula: How are Incapsula services different from other vendors?

Cohen: Most vendors are focused on operating third-party technology. Since we build our own technology, we have a very tight feedback loop between our customers and the operations and development teams. This gives us the edge in delivering innovations that are focused on the needs of our customers and lets us respond quickly—we upgrade our mitigation software and algorithms on a daily basis. With other vendors these cycles are much longer and do not really reflect what the customer needs—a partner they can count on when times are hard.

Incapsula: Can you tell us more about Incapsula’s proprietary technology?

Cohen: Yes, and we’re very excited about it. Our teams have learned a lot since we built our first-generation DDoS technology five years ago. We’ve gathered a lot of data since we started; this has given us better intelligence about threats, letting us  respond quickly to customer needs.

This year Incapsula will roll out a new generation of our mitigation technology. It’s very innovative and built to cope with attacks that can bring the entire web to its knees. We will have more details to share in a few months. In addition, we are planning to have an even tighter feedback loop between what our customers experience in production, our NOC (Network Operations Center), our SOC (Security Operations Center) and the security research and development teams and provide more tools to mitigate very sophisticated attacks.

Incapsula: What’s new in website protection?

Cohen: We’ve planned a lot for 2016. Just to recap, Incapsula reached several milestones last year with our CDN and WAF, including IPv6 support and CDN caching power improvements. We were also first in releasing support for HTTP/2.

This year we’ll launch an order of magnitude upgrade to our caching engines, with a new type of caching technology. We are also investing heavily on optimizing the performance of our network, making it even faster for our customers’ website visitors. We will do this by launching new PoPs and increasing our peering footprint.

We rebuilt our big-data systems to deliver the SIEM Integration service, and we plan to offer more services on top of that technology this year. To make this happen, we created a new team of engineers that overhauled our data processing capabilities, deploying dozens of new systems to process more customer data faster.

Incapsula: HTTP/2 is one of Incapsula’s top projects. Can you tell us why customers should be (and why you are) excited about this new protocol?

Cohen: I was waiting for that question! As it stands now, web developers have had to circumvent some HTTP shortcomings to improve the performance of their websites. Domain sharding, image spriting, appending resources and minimizing the number of HTTP requests, and more. Being a web developer in the HTTP/1.1 world was tough!

HTTP/2 overcomes these limitations. For example, a browser multiplexes several HTTP requests on the same TCP connection, so suddenly it’s not so important to reduce the number of requests. Workarounds that we’ve become used to will become obsolete, and it will become easier to develop applications. Our customers literally don’t have to do anything to use it. In other words, they get it for free. Once the protocol is turned on by customers their users immediately benefit from it. We see that HTTP/2 is adopted very fast, as most browsers already support it.

Incapsula: Can you tell us what you’re seeing with regard to big data—a key part of Incapsula R&D?

Cohen: Yes. Traditionally, only after they’re stored are analysts able to take data sets and analyze them offline to gather insights. A lot of what we do at Incapsula is to stay ahead of trends by providing our customers data and feeding our threat intelligence systems. The field of big data is pioneered today by the open source community, and a trend toward real-time processing of data, with projects like Apache Kafka and Spark is becoming very popular. For us, analyzing data in this way lets us build our systems to support customers’ immediate needs better. Incapsula can be more responsive as our team can do the research faster.

Incapsula: That is a full plate for 2016. But I’ll ask, is there anything else you’d like our readers to know?

Cohen: Incapsula R&D is working hard on all fronts to bring new services and better experience to our customers. To do that we grew our engineering force by over 50 percent in 2015, hiring top talent engineers and designers. We have a few more surprises planned for 2016 to make our customers love our services even more, so stay tuned!

Do you have questions for Yoav? We look forward to your comments.