18
Dec
2014
2014 Bot Traffic Report

As Incapsula’s prior annual reports have shown, bots are the Internet’s silent majority. Behind the scenes, billions of these software agents shape our web experience by influencing the way we learn, trade, work, let loose, and interact with each other online.

Bots are also often designed for mischief, however. In fact, many of them are used for some kind of malicious activity—including mass-scale hack attacks, DDoS floods, spam schemes, and click-fraud campaigns.

For the third year running, Incapsula is publishing our annual Bot Traffic Report—a statistical study examining the typically-transparent flow of bot traffic on the Web. This year we build upon our previous findings to report year-to-year bot traffic trends. We also dig deeper into Incapsula’s database to reveal an even more substantial data sample, providing new insights into bot activity.

Read more »

18
Dec
2014
Banishing Bad Bots with Incapsula

Dealing with bad bots using Incapsula couldn’t be simpler. We’ve gone to painstaking measures to develop a completely automated system capable of identifying, classifying, and blocking malicious bots with no manual intervention. That is not to say we’ve implemented an iron-fisted, one-size fits all approach to dealing with bots. Quite the contrary, Incapsula is designed to be a no-touch, low false-positive solution; the key is our client classification engine.

Conceptually, the Incapsula client classification system may be thought of as concentric rings, or sequential layers of analysis. It determines whether a website visitor is human or not, and what its intention is.

Here’s a more detailed look at the process Incapsula uses to identify and classify bots for you.

Read more »

02
Dec
2014
Understanding the Mega-Vulnerabilities of 2014

As a provider of web security services to thousands of customers worldwide, Incapsula benefits from a broad view of the threat landscape. From our unique vantage point, we’d like to offer some insights into the top three mega vulnerabilities of 2014 – namely, Heartbleed, Shellshock and Poodle.

What makes these mega vulnerabilities special is that unlike most vulnerabilities that are specific to a particular OS, browser or software application, these three relate to the core Internet infrastructure (e.g., SSL and Linux devices) and, in essence, affect just about every connected device owner and every Internet user on the globe.

We believe it’s very important to raise awareness regarding these types of mega vulnerabilities. With a huge number of systems affected worldwide, their appeal to hackers is almost irresistible and even with multiple patches and solutions out there, plenty of under-maintained systems are still vulnerable, even as we speak...

Read more »

24
Nov
2014
Getting Your Site Ready for Cyber Monday: How to Use Incapsula to Optimize E-commerce Sitesy

Cyber Monday online sales topped $2 billion for the first time in 2013, coming in at $2.29 billion—another important milestone for the newest shopping holiday. By comparison, online sales for the elder Black Friday were a little more than half, at $1.2 billion.

Though the date is fast approaching, it’s not too late to optimize your e-store for the holiday rush. Let’s walk through how Incapsula can help you stay on top of your game come Cyber Monday and on through the remaining holiday season.

Read more »


12
Nov
2014
DoS Impact Survey - The Actual Cost of DDoS Attacks

During our work, we noticed that there's little understanding out there about exactly how DDoS attacks put businesses at risk. Some companies seem to ignore the risk altogether, while others know the danger is real, but are unsure exactly what that entails.

That's why we thought that it would be a good idea to show the actual impact that DDoS attacks can have on a business. With that in mind, we prepared our first DDoS Impact Survey...

Read more »

11
Nov
2014
Security Blueprints for Amazon Web Services (AWS)

Imperva, our parent company, has just launched its Cloud Reference Architect (CRA)—a framework for protecting web applications in infrastructure-as-a-service (IaaS) environments.

Using Imperva SecureSphere web application firewall (WAF) and complementary products from Incapsula and Skyfence, the new reference architecture provides blueprints (read: templates) for implementing web application security and DDoS protection layers within a public cloud.

Read more »

10
Nov
2014
Shellshock - 28 and some days later

As any security researcher will tell you, zero-days never die young. The reason is simple. Even when rapidly released, official patches are only useful for containment. Left unattended, some resources will remain vulnerable. . These might be some old WP templates using an older version of TimThumb or, in the case of Shellshock, a home router having an outdated Linux installation. One way or another, there are always stragglers for attackers to prey on.

Today, more than thirty days after Shellshock was officially disclosed, there are still plenty of them roaming around...

Read more »

31
Oct
2014

On Thursday, the Drupal Security Team issued a PSA on the Drupal 7 SQL injection vulnerability (SA-CORE-2014-005). The announcement underscores the importance of updating your server to Drupal 7.32.

Incapsula issued an update to our WAF rules on October 15 to protect against SA-CORE-2014-005. Customers who have the WAF enabled are protected against this vulnerability. To confirm SQL injection protection is on, log into your Incapsula account, go to Settings > WAF, and confirm that SQL Injection is set to Block Request.

Read more »

30
Oct
2014
New Data Center Goes Live in Stockholm Sweden

Today we are pleased to announce the activation of Incapsula’s latest data center in Stockholm, Sweden—located in the lucrative Telecity STO1 facility.

With this new point-of-presence (PoP), we’ve expanded our portfolio of connectivity routes to provide better performance to visitors in the Nordic region, Baltic countries, and Eastern Europe.

Read more »