DDoS Mitigation Services

"If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

Richard Clarke

Incapsula’s DDoS mitigation solutions provide complete protection against DDoS attacks of all types, including Layer 3-4 attacks, Layer 7 attacks, and DNS attacks.

Mitigation of layer 3-4 DDoS attacks

Incapsula protects against Layer 3-4 attacks by acting as a secure proxy for the origin server or other networking resources, while providing on-demand resource overprovisioning. Incapsula can also mask the origin IP of the protected domain, preventing direct-to-IP attacks against that server.

NTP Amplification attack - 180Gbps and 50MppsIncapsula protects against a NTP amplification attack: 180Gbps and 50 million packets per second

Alternately, admins can make a BGP announcement to ensure that all incoming traffic is routed through Incapsula’s scrubbing centers, which identifies and null-routes malicious requests. This offers versatile DDoS protection for all elements of client’s infrastructure.

>> Learn more about Incapsula's Infrastructure DDoS Protection


Mitigation of layer 7 DDoS attacks

Layer 7 attacks can be more complex and harder to mitigate since they target applications. Incapsula CDN serves as a secure proxy which protects websites and web applications from layer 7 attacks and provides complete attack visibility – without requiring intervention or direct action in the mitigation process.

HTTP flood - 690,000,000 DDOS requests from 180,000 botnets IPsIncapsula mitigates a massive HTTP flood: 690,000,000 DDoS requests from 180,000 botnets IPs.

Incapsula uses client classification technology to establish the actual identity of traffic sources – differentiating between humans, bad bots and good bots. To achieve this, Incapsula’s multi layered approach uses a combination of security heuristics to identify visitors, including:

  • Client classification
  • Visitor whitelisting and reputation
  • Web application firewall
  • Progressive challenges
  • Behavioral anomaly detection

>> Learn more about Incapsula's Website DDoS Protection


Mitigation of DNS-targeted DDoS attacks

To protect DNS servers, Incapsula can optionally set up a secure DNS proxy, which masks the original DNS server and filters incoming DNS requests. Once deployed, Incapsula relies of reputation and rate-based security heuristics to identify and block malicious DNS packets with no impact on legitimate DNS traffic.

UDP/DNS flood - 25 million packets per secondIncapsula mitigates a massive DNS flood, peaking at over 25 million packets per second

It should be noted that Incapsula solution also speeds up DNS response rates, owing to its global network of data centers, which responds to DNS queries based on proximity, significantly reducing the overall turnaround time.

>> Learn more about Incapsula's Name Server DDoS Protection


DDoS attack, who’s at risk?

Simply put: everyone. Distributed Denial of Service (DDoS) attacks are today plaguing companies, organizations, governments, and even individuals with a prominent web presence.

In a survey of nearly 300 IT professionals, almost half (45%) of the respondents indicated their organization had been hit at some point. Of these, 91% reported an attack during the last 12 months, and over two-thirds (70%) were targeted two or more times.

Moreover, DDoS attacks, which used to focus mainly on high-profile websites, now also target mid-sized enterprises and SMBs. [Learn more]

The increasing size and sophistication of DDoS attacks should come as no surprise. DDoS attacks, like other computing-related trends, conform to Moore’s Law – as increased computer processing power is available, costs of using that power goes down. DDoS attacks are no exception.

What’s driving DDoS attack proliferation?

First off, the simplicity and low cost of putting an attack in motion, and the relative impunity attackers enjoy. Simple and widely available DoS tools, like Low Orbit Ion Cannon and Dirt Jumper, leave no web site or network safe.

Moreover, DDoS-for-hire service providers, known as “booters,” are now offering “DDoS as a service” option that makes commercial-scale attacks easily accessible to anyone with a PayPal account.


60Gbps DDoS attacks. Packages starting from 3.99$...

These attacks, which are often pure blackmail attempts, are often attributed to “competitors.” Whether or not a given attack is actually competitor-driven, DDoS attacks are being increasingly used as a competitive business tool, designed to sow chaos and damage competitor sites.

The economics of DDoS attacks

According to our survey, 49% of DDoS attacks in 2014 lasted between 6-24 hours. For large enterprises, with an estimated cost of $40,000 per hour, the average DDoS attack can cost some $500,000 and many can ran significantly higher - depending of the type of business and the prevalence of online activity in its business model.

The impact of DDoS attacks is not limited to IT and direct sales alone. DDoS attacks and resulting site downtime have tremendous impact on all aspects of an organization’s activity - from customer service to brand value and consumer trust. In highly-competitive online retail markets, where margins are tight, prolonged down times are simply unacceptable.

NTP Amplification attack - 180Gbps and 50Mpps

With their short and long term reputational impact, DDoS attacks can easily dampen the success of established online brands, and can even run up-and-coming SaaS (Software as a Service) providers and Internet startups completely out of business.

DDoS mitigation and preliminary precautions

For businesses large and small, DDoS is a threat that cannot be ignored. Since all sites are at risk, everyone should take DDoS mitigation seriously. However, organizations with significant online financial or reputational assets should take immediate DDoS mitigation action.

Even those still considering their DDoS mitigation options should at the very least conduct ongoing monitoring to be aware of threats. For example, security-conscious businesses should take note of online buzz about their organization, which may offer hints of budding hacktivism focus.

Another good idea is to follow security assessment reports that cover DDoS incidents and emerging DDoS techniques. Learning from such reports, organization can stay keep pace with latest mitigation recommendations and use those to periodically update their firewall settings and their access control solutions.

In the event of an attack, it’s also important to have pre-prepare a communications strategy that will let customers know what’s going on, and what you’re doing about it.

Finally, site managers should consider using dedicated DDoS mitigation services, which can deliver DDoS protection on call – offering the scalability and security capabilities needed to keep sites and servers from crashing in the event of an attack.