Imperva Incapsula - magellan netzwerke GmbH€¦ · A Leader in The Forrester Wave™ : ... This...

© 2018 Imperva, Inc. All rights reserved.

Imperva IncapsulaA Leader in The Forrester Wave™ : DDoS Mitigation Solutions (Q4 2017)

• Speed – Pulse Wave Attacks: Why a 10 second Time-To-Mitigation SLA matters

March 2018

[email protected] – Senior Sales Engineer

© 2018 Imperva, Inc. All rights reserved.2

A Leader in The Forrester Wave™:

DDoS Mitigation

Solutions, Q4 2017

Top ranked in both

current offering and strategy

Among the top ranked in

scale and speed

Read the report to see why…

2

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of

Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted

using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor,

product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect

judgment at the time and are subject to change.


Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D'Hoinne, Adam Hils, Claudio Neiva,

07 August 2017

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

A LEADER for

FOUR CONSECUTIVE

YEARS

2017 Gartner Magic

Quadrant for

Web Application Firewalls

3


Incapsula Application Delivery Cloud

Confidential5


How Incapsula Works

6

Incapsula Network Your Servers

Bots

Spammers

Legitimate Traffic

Hackers

DDoS

Who is Incapsula

Market Leading Products

> 5Tbps / 30 billion pps40 POPs

Over 100,000 Customers

Market Leading Solutions

• Forrester Wave Leader, DDoS Service Providers 2015, 2017

• Gartner MQ Leader for Web Application Firewalls 2014-2017

• Best DDoS Mitigation ServiceTop Ten Reviews 2013 – 2017

• Best Web Security & Performance Service Top Ten Reviews 2012 – 2017

• Security Innovator of the Year Cloud Awards.com 2014

• Readers Choice: DDoS Protection Solution of the YearSearch Security 2014

A Leader in The Forrester Wave™

DDoS Mitigation Solutions, Q4 2017


Security

• DDoS Protection• Website Protection

• Infrastructure Protection

• Name Server Protection

1

Confidential8


Global DDoS Threat Landscape, 2017

9

Source: Incapsula DDOS Reports Q1-Q4 2017: • https://www.incapsula.com/ddos-report/ddos-report-q1-2017.html• https://www.incapsula.com/ddos-report/ddos-report-q2-2017.html• https://www.incapsula.com/ddos-report/ddos-report-q3-2017.html• https://www.incapsula.com/ddos-report/ddos-report-q4-2017.html

https://www.incapsula.com/ddos-report/ddos-report-q1-2017.html





Speed – Breaking Down Time to Mitigation

• A Definition of Time To mitigation:– FROM the first DDoS attack packet hitting your system

– TO when your mitigation provider begins scrubbing incoming traffic.

• It covers the time taken to execute the following steps:– Detection – The speed with which a mitigation service notices that a DDoS attack is

taking place.

– Sampling – The time taken to analyze traffic flows and create directives for scrubbing.

– Scrubbing – The start of the ongoing process of filtering out malicious traffic, based on

patterns identified during the sampling process.

10


Speed – Pulse Wave Attacks

11

Classic Waves… Pulse Wave Attacks…


Time-to-Mitigation

• Rapid time-to-mitigation prevents downtime and protects

against hit-and-run and pulse-wave attacks

• Hybrid solutions have on-prem device disconnected

from internet and breakout to Cloud may be delayed

• Other vendors can take minutes to start scrubbing

attacks

• Incapsula offers a Time-to-Mitigation SLA

of 10 Seconds

12


Size – DDoS Amplification Attack Vector via Memcached Servers

13

Source: US-CERT: https://www.us-cert.gov/ncas/alerts/TA14-017A

On February 28 2018 – Attack with 350Gbps and 30Mpps

https://www.us-cert.gov/ncas/alerts/TA14-017A


Size – Incapsula Global Network Map

40 DDoS-resilient data centers

Scrubbing Capacity of over

5Tbps and 30Gpps

Meshed network and peering

relationships with top-tier providers

14


• High packet rate attacks are the new play in the

DDoS space

• Others focus on bandwidth (bits per sec): These

were not designed to handle large PPS volumes

• Our purpose-built network has the

capacity to mitigate any DDOS attacks.

Currently 5Tbps+ / 30Gpps+

Capacity

15


• Switching traffic over to a scrubbing network

adds latency

• Other vendors have very few scrubbing PoPs,

making them prone to latency

•We offer connectivity speeds of

under 50 Milliseconds to more than

90% of the world

Latency

16


WebsiteProtection

Name ServerProtection

InfrastructureProtection

Incapsula – Comprehensive DDoS Protection

17

DNS

WEB

UDP, TCP

SSH, FTP, Telnet

SMTP

SIP

DDoS Protection Service Protected Assets


Incapsula – Website Protection

18

Legitimate Traffic

IncapsulaHTTP/S Proxy

HTTP/S Requests

From Cache

Only SafeHTTP/S Reguests

Web Servers(HTTP/S)


Incapsula – Name Server Protection

19

Legitimate Traffic

DNS Servers

DNS Queries

From Cache

Only Safe DNS Queries

IncapsulaDNS Proxy


Incapsula – Infrastructure Protection (Layer 3/4)

20

DDoS

LegitTraffic

Incapsula’s Network

GRE Tunnel /Cross Connect /

Equinix ECX

Protected Subnet

1.2.3.0/24

CustomerInfrastructure

CustomerRouter

BGP

Announcement

• Unlimited DDoS protection for the entire Data Center

• Simple activation for entire subnets using BGP announcements

• Protect multiple protocols and services including SMTP, FTP, VoIP, and

proprietary protocols

• Available in on-demand or always-on deployments


The Incapsula DDoS Advantage

• Easily defeats DDoS attacks of any size with a global 5Tbps+ / 30Gpps scrubbing

network

• Automatically blocks any type of DDoS attacks (network, application, protocol, etc.)

• Sophisticated application layer and crowd-sourcing techniques

– Client classification engine combats DDoS bots

– WAF integration deals with multi-vector attacks

– Transparent challenges ensure minimal false positives

• Won’t slow down websites, impact user experiences, or create false positives

• Proprietary mitigation technology

– Custom HW, SW, and algorithms

– Complete control of system to defeat emerging and morphing DDoS threats

– Fastest system-wide updates and custom rule propagation available

21


Incapsula

Contact us for a demo or free trial...

5

22

mailto:[email protected]?subject=Incapsula Trial


Security

• Website Security2

24


WEBAPP

The Incapsula Security Model

25

Access Control

Blocks unwanted IPs, Regions, Countries

Bot Mitigation

Blocks automated attackers, bad bots, scrapers, spammers

WAFBlocks Hacking attacks

OWASP Top 10 attacks (SQLi, XSS, etc.)

Custom Rule & Policy Engine

Application specific attacks

IP ReputationLists

ClientClassification WAF

Crowdsourcing

Big Data analysis on

• 160,000 Sites+

• Tbs of traffic

• Millions of attacks

Clear visibility on the web attack landscape


Performance

• CDN & Optimizer3

Confidential26


Website Acceleration

27

• Bringing Websites Closer to Their

Visitors

– With Incapsula, content is cached,

optimized, and served locally from

physical memory

• Analyzes static + dynamic website

content automatically optimizing

performance by determining

– What is cacheable

– How long to cache it

– What resources are frequently used,

prioritizing their delivery

Cached resources are served directly from physical memory making responses lightning fast


Availability

• Load Balancing4

28


Incapsula Load Balancing and Failover

29

We bring cloud versatility to application load balancing.

Global Server Load Balancing

Data Center

Data Center

IncapsulaNetwork

Traffic

SiteFailover

Data Center

Data Center

Incapsula Network

Traffic

LocalLoad Balancing

DataCenter

IncapsulaNetwork

Traffic

Imperva Incapsula - magellan netzwerke GmbH€¦ · A Leader in The Forrester Wave™ : ... This...

Documents

Transcript of Imperva Incapsula - magellan netzwerke GmbH€¦ · A Leader in The Forrester Wave™ : ... This...