At CloudLayer8 we have partnered with industry leading experts in website protection Incapsula in order to offer an always-on cloud-based DDoS protection, which automatically detects and mitigates DDoS attacks launched at websites and web applications.

Supported by a robust Content Delivery Network (CDN) and enterprise-grade Web Application Firewall, this service also protects against attacks seeking to exploit application vulnerabilities, while improving connectivity and accelerating content delivery.

CloudLayer8 and Incapsula’s Website DDoS Protection offers:

  • Always-on protection and ensures automatic detection and mitigation of DDoS attacks
  • Application and network layer DDoS attack protection
  • Identification and differentiation between humans, good bots, bad bots, AJAX and APIs
  • Includes a CDN and WAF for website performance and security enhancement
  • Transparent mitigation with extremely low false positives (<0.01%)

How it works:

Our website protection solution uses DNS redirection to persistently reroute website traffic (HTTP/HTTPS) through the Incapsula network.

Once traffic enters our network, it is subject to progressively-stringent layers of inspection. Using sophisticated security rules and challenges, Incapsula ensures that DDoS attack traffic is identified and filtered out, while letting legitimate traffic to flow unhindered to protected websites. At the same time, Incapsula also masks the origin server IPs to counter direct-to-IP attacks.

Since the service leverages Incapsula’s global content delivery network (CDN), no latency is introduced as web traffic passes through it. In fact, in many cases user experience is enhanced.

webprotection

FEATURES AND BENEFITS

High-Capacity Network

As network DDoS attacks continue to grow in size, your organization needs robust network capacity to mitigate any threat that might come your way. Incapsula’s global data center network offers 2Tbps of aggregate scrubbing capacity, enabling it to easily block attacks of any size.

DDoS Bot Detection

Incapsula’s renowned traffic inspection technology is proven to accurately identify malicious bots used for application layer DDoS attacks. Relying on a combination of behavioral and reputational analysis, rate-based heuristics, and a series of transparent and progressive client interrogation challenges, Incapsula can weed out even the most sophisticated DDoS bots, with no impact to legitimate human visitors.

IP Masking

Incapsula acts as a secure proxy, masking the IPs of your origin servers to prevent direct-to-IP DDoS attacks. For added security, operators can also choose to block incoming traffic from all non-Incapsula IPs, ensuring that all visitors are inspected on their way to the origin.

Zero Business Disruption

Incapsula not only protects websites from complete denial of service, but also from disruptions related to DDoS attacks, and mitigation false-positives. We offer transparent mitigation with less than 1% false positives, and without degrading the normal user experience in any way. This lets you enjoy true DDoS protection, even from lengthy attacks, without disrupting business performance.

Real-Time Response

Our real-time monitoring solution provides live visibility into incoming traffic streams, offering detailed information about suspicious visitors and abnormal behavior. At the same time, our custom security rule engine empowers operators to implement new security rules on-the-fly. Together, these features enable effective, real-time response to all security threats.

Blocking the type of attacks

Our DDoS protection service can detect and block the following types of DDoS attacks. Note that Incapsula proxies Web requests, so network layer DDoS attacks are never relayed to the client’s origin servers, thereby mitigating all such attacks.

  • TCP SYN+ACK
  • TCP FIN
  • TCP RESET
  • TCP ACK
  • TCP ACK+PSH
  • TCP Fragment
  • UDP
  • Slowloris
  • Spoofing
  • ICMP
  • IGMP
  • HTTP Flood
  • Brute Force
  • Connection Flood
  • DNS Flood
  • NXDomain
  • Mixed SYN + UDP or ICMP + UDP Flood
  • Ping of Death
  • Smurf
  • Reflected ICMP & UDP
  • Others