Article, News

Incapsula’s DDoS Protection

Written by admin2 on . Leave a comment

Secure your website against all types of DDoS attacks – including network, application and DNS targeted attacks. With vast global network capacity, our “always on” service mitigates the largest and smartest DDoS attacks. Infrastructure Protection, leveraging BGP routing and GRE tunnels, lets you protect critical infrastructure (e.g., web, email, FTP, VoIP) on demand across entire subnet ranges.

Global CDN & Optimizer

Incapsula’s application aware CDN boosts website performance by using advanced networking,
dynamic caching and content optimization techniques.

Enterprise Grade Website Security

Incapsula’s PCI-certified Web Application Firewall, advanced Bot detection and access control technologies protect any website against known and emerging web application threats.

Load Balancing

Incapsula provides Layer 7 Load Balancing & Failover, Site Failover and Global Server Load Balancing (GSLB) directly from the cloud, with advanced & real time health monitoring and notifications.

DDoS Protection

Incapsula’s DDoS Protection is capable of mitigating all types of DDoS attacks, targeting any type of online service.

Combining a robust network backbone and industry-acclaimed traffic inspection solutions, Incapsula provides comprehensive protection against all application, network, and protocol-based DDoS attacks.

Incapsula DDoS Protection

Available as an always-on or on-demand service
Powerful network of globally positioned Data Centers
Application (Layer 7) and Network (Layers 3,4) DDoS protection
Blanket DDoS protection for all types of services (UDP/TCP, SMTP, FTP, SSH, VoIP, etc)
Backed by a 24×7 security team and a 99.999% uptime SLA.

Incapsula’s multi-faceted approach to protection leverages a suite of complementary anti-DDoS solutions that together offer blanket protection from all such threats

Each solution defends a different set of critical online assets from DDoS attacks.
Incapsula Website Protection

Incapsula’s Website DDoS Protection is an always-on, cloud-based DDoS mitigation service which automatically detects and mitigates all types of DDoS attacks launched at websites and web applications.

This service is built on-top of Incapsula’s Content Delivery Network (CDN) and leverages Incapsula’s PCI DSS compliant Web Application Firewall (WAF) technology. As a result, in addition to securing your website against DDoS threats, Incapsula also guards against exploitation of application vulnerabilities and accelerates page load times by optimizing all content delivery.
Incapsula Infrastructure Protection
Enabled via GRE tunneling and leveraging Border Gateway Protocol (BGP) routing, Incapsula’s Infrastructure Protection is an on-demand security service that safeguards critical network infrastructure from volumetric and protocol-based DDoS attacks, such as UDP, SMTP or SYN Floods, executed directly or via DNS/NTP amplification.

Infrastructure Protection can be used to protect entire subnets, secure all network elements, and inspect all incoming communication.
Incapsula Name Server Protection

The Name Server Protection service secures client DNS servers from DNS-targeted DDoS attacks. Deployed as an always-on solution, the service automatically identifies and blocks malicious queries that target DNS servers, while also accelerating DNS responses.
Features
Comprehensive DDoS Protection

Incapsula protects applications and infrastructure against all types of DDoS threats. These include network-based attacks (e.g., Slowloris, ICMP or TCP & UDP floods) as well as application layer attacks (e.g., GET flood) that attempt to overwhelm server resources. Supporting Unicast and Anycast technologies, the service leverages a many-to-many defense methodology, automatically detecting and mitigating advanced DDoS attacks that exploit application and Web server vulnerabilities, hit-and-run DDoS events, and large botnets.
Comprehensive DDoS Protection
High-Capacity Network to Handle Massive DDoS Attacks
As the size of network DDoS attacks, such as SYN flood and DNS amplifications, continues to grow, organizations require robust network capacity to mitigate any threat that might come their way. Incapsula’s CDN offers high capacity to thwart multi-gigabit DDoS attacks.
Automatic Detection and Activation

Incapsula offers automatic always-on DDoS protection, well-equipped to handle Hit and Run DDoS events, consisting of short bursts of traffic in random intervals over a long period of time. This type of attack can wreak havoc with DDoS protection solutions that need to be manually activated on every burst.
Automatic detection and activation enables Incapsula’s DDoS protection to take full responsibility for both detection and mitigation of all attacks.
Automatic DDoS Protection
Real-Time Control and Visibility

Incapsula’s Real-Time view supports the mitigation process by providing accurate visibility into Layer 7 traffic. Through Incapsula’s dashboards you can monitor Layer 7 DDoS attacks in real time, analyze the malicious traffic flow and adjust your security measures, while also benefiting from live and accurate feedback on every action taken.

By providing accessible and actionable live information, Incapsula’s Real-Time view serves as an important security tool which enables data-driven response to DDoS threats and any other unwanted scenarios.
Blocking Any Type of Attack

Incapsula’s DDoS Protection service can detect and block the following types of DDoS attacks. Note that Incapsula proxies Web requests, so network layer DDoS attacks are never relayed to the client’s origin servers. Therefore, Incapsula’s DDoS protection can mitigate all network level attacks.

TCP SYN+ACK
TCP FIN
TCP RESET
TCP ACK
TCP ACK+PSH
TCP Fragment
UDP

Slowloris
Spoofing
ICMP
IGMP
HTTP Flood
Brute Force
Connection Flood
DNS Flood
NXDomain
Mixed SYN + UDP or ICMP + UDP Flood
Ping of Death
Smurf
Reflected ICMP & UDP
As well as other attacks

Name server DDoS Protection

Incapsula name server (NS) protection safeguards DNS servers from DDoS attacks. Deployed as an always-on service, NS protection automatically identifies and blocks attacks seeking to target DNS servers, while also accelerating DNS responses.

The service complements our other DDoS protection services, which help safeguard web applications and network infrastructures from application and network layer DDoS attacks.

Incapsula Name Server DDoS Protection

Always on deployment ensures DNS servers are unaffected by DDoS attacks
Speeds up DNS responses by optimizing the response routes
Part of Incapsula’s full suite of DDoS Protection services

How It Works

incapsula-dns-architecture

Through a simple 30-second verification process, you can turn Incapsula into your authoritative DNS server, while continuing to manage your DNS zone files outside of our network.

With name sprotection in place, Incapsula becomes the destination for all incoming DNS queries, functioning as a secure DNS proxy that masks protected DNS servers, while also filtering all incoming DNS queries.

Leave a Reply

Your email address will not be published. Required fields are marked *