20
Aug
2014
38 Days of DDoS — Behemoth’s Graduation Moment

Not one month after Incapsula announced our new DNS and infrastructure protection services, our new ’Behemoth‘ scrubbers were put to the test—mitigating a massive, multi-vector DDoS attack, peaking at 110+ Gbps and 90+ million packets per second.

Like the proud parents we are, we couldn’t help but brag about Behemoth’s success on Facebook and Twitter. One of these tweets caught the attention of Mohit Kumar, founder and editor-in-chief of The Hacker News (THN), who shot us an email with some questions. In responding we told him it appeared the attack “wasn’t going to stop any time soon”.

In retrospect, this turned to be a serious understatement...

Read more »


06
Aug
2014

Several hours ago, security researcher Nir Goldshlager revealed a new crucial vulnerability that allows offenders to launch a very effective Denial of Service attack, through a process that circumvents existing security measures.

The vulnerability exists in all WordPress and Drupal versions, affecting over 250 million websites, roughly 23% of the Internet website population today.

Incapsula’s security team issued an emergency patch, which has been deployed across the entire Incapsula network, preventing this vulnerability from affecting any of our WAF-protected clients.

We strongly urge all other WordPress and Drupal website operators to apply the latest security patch as soon as possible.

Read more »

24
Jul
2014
Dr. Crawlit - A Bot That Cares About the ‘Little Guy’

In the first post of this two-part series, we shared our insights into Googlebot’s activity and behavior patterns.

However, no overview of Googlebot activity would be complete without a mention of Googlebot imposters, who assume Googlebot’s identity to gain privileged access to websites and online information.

Every day millions of these “evil twins” are used for DDoS attacks, hacking, spam, content theft and many other shady activities. The details of these malicious escapades, that paint the event logs of Incapsula’s security services, are what we share with you here today.

Read more »

24
Jul
2014
Dr. Crawlit - A Bot That Cares About the ‘Little Guy’

Working at Incapsula gives us a bird’s-eye view of the bot traffic landscape. Amongst the innumerable creatures roaming those fields, few are as intriguing as Googlebot – a web crawler that facilitates knowledge exchange between billions of humans, influencing our perceptions, preferences and imaginations in more ways than we can even comprehend.

Over the years, many efforts have been made to better understand Google’s behavior and motives. Today, we want to share with you some of our insights into Googlebot’s behavior, based on what we think is one of the most robust studies on the subject to date.

Read more »

09
Jul
2014
5 Security Tips for E-commerce Websites

Small e-commerce sites are often the target of attacks, with hackers taking advantage of companies without the dedicated security staff and expertise of a company that’s in the top half of the Fortune 500. And while breaches at smaller companies may not make the headlines (if they are detected at all), the number of small ecommerce sites – the long tail – provides a tempting volume of sites to attack.

Those who wonder how they can possibly protect themselves when eBay couldn’t, take heart. The root of the attack on eBay seems to have come from an easy-to-prevent vulnerability, and the cloud has brought with it affordable security solutions that would have been out of reach for small businesses just a few years ago.

Read more »

01
Jul
2014
New Data Center Goes Live in Atlanta Georgia

We are happy to announce the activation of a new Point of Presence (PoP) in Atlanta, Georgia - our 5th new data center to go live in 2014.

Located in the Equinix AT2 facility, our new PoP augments Incapsula’s presence in Southeast USA by further improving connectivity in one of our highest demand areas.

Atlanta's multi 10Gig data center also contributes to Incapsula's overall resilience against volumetric DDoS attacks. With it, Incapsula's total network capacity now reaches 710+ Gbps - more than enough to handle even the largest volumetric DDoS threats.

Read more »

23
Jun
2014
Who Says Behemoths Can’t Dance? Building an Agile 170Gbps DDoS Mitigation Appliance

Today, there is a lot of work being done to separate the Data Plane from the Control Plane, and to make the Data Plane more dynamic by allowing it to identify "flows". These flows are based on information about source and destination ports, source and destination IPs or subnets, and protocols being used.

The practice of flow identification enables granular decision-making on the Data Plane, using technologies like Openflow or FlowSpec, to actually achieve a generic (and flow aware) Data Plane that can handle large packet loads.

From a DDoS mitigation point-of-view, the ability to make flow-related decisions is a huge improvement, but it’s still not enough. To ensure a low level of false positives, there is no alternative but to do actual protocol analysis, including handling streams with packet modification and generation (think SYN cookies, DNS protocol content, and TCP segmentation)...

Read more »

17
Jun
2014
New Data Center Goes Live in Auckland, New Zealand

A few days ago we activated our newest data center, located in Vocus Communications’ facility in Auckland, New Zealand.

This new location enables us to comply with New Zealand’s national data privacy regulations. With it, we are now able to meet the needs of local website operators who expressed their interest in Incapsula’s security and acceleration services, on the condition that the inbound traffic is routed through a local Point of Presence (POP).

Read more »