Creating your shiny new application is useless unless you also strive to protect it. While it may zip along in your test environment, far from the noise of the Internet, it can seize in just a few minutes when deployed in an under-protected environment. Today’s hackers are employing increasingly sophisticated hybrid DDoS attacks to slow and stop the performance of your application.
Deploying your app, regardless of how it’s coded, requires the same level of sophistication to prevent and mitigate attacks. You can’t do it on your own. But beware. The market is cluttered with CDN and DDoS mitigators, and choosing the right one will make the difference between keeping your business safe and putting it at risk of losing customers and reputation.
Table of Contents
- An Attack is an Attack is an Attack
- Your customers want the site to work and to trust that their data and transactions are safe.
- Hiding Your Infrastructure Origin IP Addresses
- DDos Scrubbing
- Protecting a Single IP Addresses in an Always-On Mode
- Speed of Deployment
- Superior Session Persistence
- Easily Navigable Dashboard
- Ease of Switching
Your customer doesn’t care if you stung with a level 3 or level 7 attack. They don’t care to make the distinction that this was a DDoS attack as opposed to a data breach. To the average person, they look the same: Something is wrong.
A DDoS strikes at the heart of that trust. Your sites downtime may not be a loss of that customer, but it is an erosion of your reputation and could lead to an eventual loss and the cost of customer acquisition - especially after downtime - is too great to be wasted by a DDoS attack.
If you don’t have a DDoS mitigation solution or you’re using an inferior product, your site and business’ reputation are sitting ducks. Incapsula has pioneered best-in-class solutions for small and larges business. Here are Seven Reasons Why Incapsula is Your Best DDoS Solution
Incapsula provides infrastructure DDoS protection for their clients origin IPs addresses. By design, a CDN acting as a proxy prevents a hacker from directly attacking the servers. But a determined hacker can pretty easily uncover the origin IP address by looking up the DNS records of non-HTTP/S services, such as FTP.
To stop that, Incapsula assigns you an IP address from its IP range for routing traffic, using a Generic Routing Encapsulation (GRE) tunnel to established traffic between your origin servers and the Incapsula network. The tunnel routes clean traffic from its network to your origin server and back.
The attacker’s goal is to saturate server resources of the targets or those of intermediate communication equipment (e.g. Load balancers) exploiting network protocol flaw. The category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS and more. The Protocol Attacks magnitude is measured in packets per second.
Incapsula launched its Infrastructure Protection Services across its entire content delivery network of 30 PoPs, where other providers use just a few scrubbing centers globally. The bigger network allows it to serve its clients with minimum latency across the globe, even in an always-on mode.
AS soon as a DDoS attack is detected, inbound traffic is redirected to the nearest scrubbing center, and the centers applies DDoS filtering and routing techniques to reduce DDoS traffic interference. The scrubbed traffic is then routed back to the customer’s network.
The capacity of scrubbing centers and the filtering methods are critical for the provisioning of an efficient defensive service. Incapsula global network has over 3.5 Tbps (Terabits per second) of scrubbing capacity and the ability to process 30 billion packets per second. Once activated, the service blocks any attack in less than a second.
As organizations move assets to public cloud, Incapsula created a solution similar to Infrastructure Protection - as described above. With single-address IP Protection Incapsula uses its own IP ranges and “lease” its IP addresses. Clean traffic would then be routed back to their origin over a GRE tunnel, just as it does with the Infrastructure Protection service. The result is packets remain untouched and the source IPs are available for firewalls and back end applications. This breakthrough service is unique to Incapsula.
One major factor in a DDoS service is how fast can you on board the service and what kind of effort do you need to invest,” said Incapsula founder, Gur Shatz. “When you are under fire making sure you have chosen a solution that can shield your network from that attack with the minimal effort and time.”
This is how Incapsula approaches DDoS protection. It recommends its cloud based service that can be joined with no hardware, software or other integration requirements. Adding a website to Incapsula is done with a DNS change, allowing it nearly any company size, IT resources or expertise.
Session Stickiness or Session Persistence is vital for financial and other critical transactions. Incapsula supports various load balancing methods and by default, all of these methods are also session-persistent, meaning the same HTTP session will always return to the same preferred server (if it the server is responsive). Incapsula uses Source IP hash to maintain client session states, also unique to Incapsula.
When Persistence is enabled, Incapsula applies the load balancing algorithm only to the first request of each user session. Following that, Incapsula maintains the user session continuity by setting a dedicated session cookie in the client’s browser.
You already know the benefits from your SIEM. At it’s best, your SIEM reduces the panes of glass you must look at in your environment. The Incapsula dashboard plugs into most major SIEMs so real time monitoring and administration can take place in a centralized location. Even on premise SIEMs can receive real-time data from Incapsula’s cloud-based services.
Incapsula also provides near real-time statistics. Incapsula integrates into nearly any SIEM as just another tab, showing little wait time for data. As little as one minute from the time the log is pulled and processed in the SIEM. That kind of information can help make better and faster decisions.
Enterprises are often leery of switching large services, especially when those services are deeply integrated in the architecture of the enterprise. Uprooting old Authoritative DNS servers when moving to a new platform may seem daunting, but better CDN providers like Incapsula ensure that you are not alone with the move because Incapsula designs solutions around the enterprise. It doesn’t try to shoehorn the enterprise into the solution.
This post is sponsored by SyndicateAds.
This content is sponsored via Syndicate Ads.