Search Blog for

Tuning a Cloud-based Service In the Real World

The Incapsula security sandbox — in short — this is where we play, research, test out new capabilities and lay the seeds for our next-generation security and performance features, call it our “experimental greenhouse”.

The sandbox was first built to help us test new security capabilities on real traffic. If there is one thing we learned in years of looking at web applications it is that the web is a jungle. No two web applications are alike, and web site owners can be a lot more creative than you can imagine. If you think browsers are any different — think again. Each browser has its own take on HTTP and HTML and its own way of handling them. So, there is no chance you can predict every type of client, request or session going through your system; it’s only when you deal with real traffic that you can learn if something really works. In order to get new security capabilities tested on real traffic as early in the process as possible, we built our security sandbox. It is part of every Incapsula proxy and it works in parallel to the production security engine.

We add new capabilities to the sandbox as soon as we start working on them, sometimes even before we are finished tuning them. The value we get out of seeing the effect on real traffic is invaluable. When a security rule goes out to production, it has ‘virtually’ accrued a lot of mileage with our customers’ web sites and we are confident that it does what it’s supposed to.

The sandbox also helps us resolve the conflict between wanting to block bad actors as soon as possible while providing important data to our security research team so they can improve our security. If clients were blocked on the onset, how could our team further investigate these intruders and their attack methodologies? This is when we started to use our security sandbox for research as well. It acts as a ghost version of our actual security engine that receives and processes the malicious client requests and generates internal alerts while intruders are completely blocked by the real security engine. These alerts are pushed into our back- office analytics system that gathers and analyzes them so our security team can easily receive a complete log describing attack details.

The sandbox is no longer limited to security and it is used today by almost the entire Incapsula team. For example, our engineers were looking for a way to try out all sorts of innovative ways to make web sites faster. Testing those on fake web sites with fake traffic did not really give us any insights. We could say that something worked but we could not really justify full development and integration into the production system as there was no way to truly predict what the impact would be on real web sites. The sandbox makes all this easy and actually saved us a lot of time. Features we initially thought would have a minimal impact on web site performance turned out to provide a significant boost to web sites’ speed while others we were expecting to perform well turned out to be disappointing.

While our sandbox is invisible to you, it’s one of those “playing grounds” where our most innovative ideas and our users’ suggestions flourish, ensuring that we keep providing your site with an ultimate security service and keeping it at an optimized performance level.

If you have ideas for us to throw into the sandbox, let us know.

The Incapsula Team