12
Nov
2014
DoS Impact Survey - The Actual Cost of DDoS Attacks

During our work, we noticed that there's little understanding out there about exactly how DDoS attacks put businesses at risk. Some companies seem to ignore the risk altogether, while others know the danger is real, but are unsure exactly what that entails.

That's why we thought that it would be a good idea to show the actual impact that DDoS attacks can have on a business. With that in mind, we prepared our first DDoS Impact Survey...

Read more »

11
Nov
2014
Security Blueprints for Amazon Web Services (AWS)

Imperva, our parent company, has just launched its Cloud Reference Architect (CRA)—a framework for protecting web applications in infrastructure-as-a-service (IaaS) environments.

Using Imperva SecureSphere web application firewall (WAF) and complementary products from Incapsula and Skyfence, the new reference architecture provides blueprints (read: templates) for implementing web application security and DDoS protection layers within a public cloud.

Read more »

10
Nov
2014
Shellshock - 28 and some days later

As any security researcher will tell you, zero-days never die young. The reason is simple. Even when rapidly released, official patches are only useful for containment. Left unattended, some resources will remain vulnerable. . These might be some old WP templates using an older version of TimThumb or, in the case of Shellshock, a home router having an outdated Linux installation. One way or another, there are always stragglers for attackers to prey on.

Today, more than thirty days after Shellshock was officially disclosed, there are still plenty of them roaming around...

Read more »

31
Oct
2014

On Thursday, the Drupal Security Team issued a PSA on the Drupal 7 SQL injection vulnerability (SA-CORE-2014-005). The announcement underscores the importance of updating your server to Drupal 7.32.

Incapsula issued an update to our WAF rules on October 15 to protect against SA-CORE-2014-005. Customers who have the WAF enabled are protected against this vulnerability. To confirm SQL injection protection is on, log into your Incapsula account, go to Settings > WAF, and confirm that SQL Injection is set to Block Request.

Read more »

30
Oct
2014
New Data Center Goes Live in Stockholm Sweden

Today we are pleased to announce the activation of Incapsula’s latest data center in Stockholm, Sweden—located in the lucrative Telecity STO1 facility.

With this new point-of-presence (PoP), we’ve expanded our portfolio of connectivity routes to provide better performance to visitors in the Nordic region, Baltic countries, and Eastern Europe.

Read more »

29
Oct
2014
IncapRules - Fighting Comment Spam

IncapRules is a new custom security rules engine that lets you integrate your own policies on top of Incapsula’s core security logic. As we’ve discussed previously in this blog, the IncapRules scripting language is now being used globally by online organizations to gain complete and granular control over application security.

In this post, we’re going to cover how IncapRules can be applied to a prevalent security issue: comment spam.

Read more »

27
Oct
2014
How to Start Making a DDoS Response Plan

Some organizations exhibit strange behavior today when it comes to distributed denial of service (DDoS) attacks. DDoS assaults are becoming more common, increasingly sophisticated, and more costly all the time. Yet organizations continue to rely on the same dated firewall solutions they have always used to protect themselves.

It's clear they need a new strategy to update their DDoS response plan. However, developing such a plan can be a difficult proposition, particularly for organizations that have spent years ignoring the possibility of DDoS attacks.

This is where the Incapsula’s new DDoS Response Playbook can help.

This ebook is filled with useful guidance to help prepare your organization for the current threat landscape—no matter what your present DDoS mitigation strategy looks like. It also helps you in creating a plan if you don’t already have one.

Read more »


21
Oct
2014
Deprecating SHA-1 Hash Algorithm. Why, What and When.

As some of you may already know, in September Incapsula began the process of replacing all SHA-1 SSL certificates with the more secure SHA-2 version. This transition is on schedule and will be completed within the following week. In addition, all new SSL certificates issued by Incapsula will use the SHA-2 algorithm.

Our decision to discontinue SHA-1 support is in line with the industry trend, which acknowledges the potential weakness of the SHA-1 cryptographic algorithm.

In November 2013 Microsoft was the first to announce its timetable for phasing out SHA-1 certificates. According to this timetable, MSN platforms will stop supporting SHA-1 as of January 1, 2017.

More recently, Google and Mozilla announced that their browsers will no longer trust SHA-1 encrypted SSL certificates with expiration dates past December 31, 2016...

Read more »