Wednesday, 06 August 2014 19:50

Incapsula Builds a Better Web Application Firewall and then Feeds it Some Steroids

Written by
Rate this item
(0 votes)

Reading time is around minutes.

Black Hat 2014, Las Vegas, NV - If you have ever had to build a network or add in a new service then you know the joys that can bring to your life. Not only do you have to plan for power, space, cooling for the systems that actually run the service you want, but you also have to plan for all of the myriad of devices that keep this service safe from the bad guys. You have Web Application Firewalls (WAF), SSL offloading, load balancers, traditional firewalls and sometimes much more. Even with all of that you may (probably will) find yourself with a breach or hack that makes all of that work and hardware seem useless. Traditionally there is no easy way to protect a web service or site with a single solution.

We had the chance to speak with a company that says they have built one and it offers more than just the basic protections we talked about. The company’s name is Incapsula and they have built a cloud based product that offers DDoS (Distributed Denial of Service) protection, SSL offloading, Web Application Firewall, Internet traffic acceleration and more. When I asked what was the motivation to build a product like this Co-Founder and Chief Business Officer Marc Gaffan said simply: “Evolution”

Marc went on to explain that Incapsula built the service they have by identifying issues and developing the solution into their product. He gave me a great example in the form of their DDoS protection. Marc explained that as web sites protected by their service were hit with DDoS attacks they (Incapsula) was actually being hit as well. They knew they had to build a robust DDoS protection system to protect their own servers, so why not extend that out to their clients. This protection extends to infrastructure services in addition to web properties (sites).

As we said, Incapsula is more than just DDoS protection and web proxying. As Marc explained, built into their system is a form of real-time threat intelligence that allows them to react to trends and known threats. With this Incapsula can block known bad IPs so that the traffic originating from those servers never even get the chance to hit your website. Thanks to the volume of traffic that passes through their network, they are also able to identify outbreaks and other threats much faster than single site or on-prem systems can. This allows them a much faster detection to mitigation cycle than most companies can ever hope to achieve.

This traffic also give Incapsula a great window into the way their customers work. They can take this information and evolve their product to offer new features very quickly. It is a form of upgrade that you cannot ever hope to get with a hardware appliance.

One very nice feature that you do not usually find in cloud based WAF solutions is that Incapsula is also looking at your outbound traffic. The practical upshot of this is that even when you get a backdoor in your system that traffic will not get anywhere. Incapsula keeps a list of backdoor signatures and will quarantine that traffic. They will also alert you to the presence of the backdoor and where it is coming from.

Other items that are included in Incapsula are (I feel like I should be saying, wait there’s more) include cloud based two-factor authentication. You can easily set this up in their system and works by either sending a text or through the use of something like the Google authenticator. When someone wants to access an admin or other secured page they will be presented with the request for the additional authentication before they are allowed through. If they do not have it, then their traffic never even gets to your site.

Incapsula also features a load balancing that even extends to geographical distributed networks. As diversity of data centers and systems becomes more and more important this feature is a great one to have and is not something that you can get with a traditional appliance. It also can help if you are transitioning from onsite servers to a cloud based solution or you are running a hybrid cloud.

Now the question is, why would someone really need to go to this length? Well if you have followed the news lately you know that data breaches and targeted attacks are increasing. More and more often systems are being compromised and data stolen due to the lack of proper perimeter security. In the world of e-commerce or cloud based systems this is a huge danger. If your web site or systems that access it was compromised you could be face a business closing event. You can try to put hardware appliances in place, but they you have to maintain them (updates patches etc). You also have to have the staff to monitor them and respond to threats. This can become very cumbersome and in some cases, like patching or replacement, can end up getting put off to ensure the business is up.

The practical upshot of all of this is that you can have one service providing the functionality of what would normally fill 25-40% of a rack. These items all draw power, require man hours to keep going and monitor. As the threats grow these costs will grow along with the need to have even more pieces of hardware that you have to maintain.

The threat landscape is changing, we have been hearing that for a few years now, what we have not heard are any solutions to the problem. With Incapsula we are finally hearing someone talk about a real solution to the problem of protecting web servers and e-commerce products. As a PCI Level 1 and HIPPA compliant Provider they can also help to ensure that the financial and private information that you might be responsible for stays safe. That has to be worth something.

Tell us what you think in our Forum

Read 3673 times Last modified on Wednesday, 06 August 2014 19:54

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.