Incapsula’s always on service secures AWS-based websites and applications against all types of DDoS attacks—from massive volumetric network (OSI layers 3, 4) barrages to sophisticated application (layer 7) assaults. Automatic detection and transparent mitigation of DDoS penetrations minimizes false positives, ensuring a normal user experience—even when under attack.
Incapsula DDoS Protection for Amazon Web Services (AWS)
Incapsula offers a cloud-based DDoS protection service for businesses hosting their applications on Amazon Web Services (AWS). This service enhances AWS’ basic DDoS mitigation capabilities so that your business-critical applications are always secure against all types of DDoS attacks.
Using advanced traffic inspection technology, Incapsula’s DDoS Protection for AWS automatically detects and mitigates volumetric network (OSI layer 3) and sophisticated application (layer 7) DDoS attacks—with zero business disruption to users.
Over 5,000 AWS-hosted websites use Incapsula!
Incapsula DDoS Protection for AWS
- Leverages Incapsula’s global network of data centers
- Transparent mitigation with very low false positives (< 0.01%)
- Supported by 24 × 7 security team and a 99.999% uptime SLA
- Easy, 5-minute onboarding
- Provided as always on or on demand service
Incapsula for AWS - Frequently Asked Questions
No. You can still use your CloudFront domain for serving static files while using Incapsula for DDoS mitigation.
AWS is not a security platform. It only offers basic DDoS mitigation capabilities, such as SYN cookies and connection limiting. It was built to protect itself from attacks, but was not intended to defend hosted servers and applications. For example, if your web server gets hit by an application (layer 7) DDoS attack, the assault is not mitigated by AWS. Moreover, if you suffer a massive network (layers 3 and 4) DDoS attack, you will be charged for the additional bandwidth and receive a huge bill at the end of the month.
Incapsula is a security company using proprietary hardware and software technologies developed in-house. Our DDoS protection service leverages our experience in mitigating thousands of attacks, in addition to incorporating these technologies. Many of Incapsula’s customers use AWS setups and rely on our DDoS protection.
Yes. Incapsula’s over network of global scrubbing centers mitigates the largest DDoS attacks—including SYN flood and DNS amplifications which can exceed 100 Gbps. The Incapsula network scales on demand to counter massive volumetric DDoS attacks. This ensures that mitigation is applied outside your own network, allowing only filtered traffic to reach your hosts.
Using a combination of behavior and reputation analysis, crowdsourcing, rate-based heuristics, and a series of progressive challenges, Incapsula’s traffic inspection technology differentiates legitimate website visitors from malicious bots. This capability is critical with respect to application layer attacks, where the DDoS requests act like legitimate visitors. Our always on threat monitoring offers real-time detection of application attacks, while IncapRules—an easy-to-use rule engine—enables the quick creation and instant propagation of custom security measures to block these assaults. Incapsula DDoS protection is supported by a 24 × 365 security operations center overseen by experts.
Most DDoS protection service providers integrate third-party solutions that are infrequently updated, and over which they don’t have any control. Contrast this with Incapsula’s DDoS protection solution, which was built from the ground up using proprietary technologies. It includes dedicated hardware (e.g., scrubbing servers) having the highest levels of scalability and resiliency—as required to handle the largest DDoS assaults.
Incapsula’s servers perform robust, deep packet inspection to identify and block malicious packets based on the most granular of details. This permits us to instantly examine all attributes of each incoming packet, while simultaneously serving hundreds of gigabits of traffic at an inline rate.
By using our best-in-class technologies, Incapsula has the flexibility to evolve our DDoS protection at DevOps speed. This lets us provide you with the most robust protection against massive volumetric attacks, as well as highly-sophisticated application layer penetrations.
Yes. Incapsula collects and displays traffic data in real-time, enabling immediate detection and response to DDoS attacks. Being able to react within seconds rather than minutes is critical for effective mitigation. Incapsula’s instantaneous monitoring capabilities provide you with live visibility into incoming traffic streams, offering detailed data about suspicious visitors and abnormal behavior.
Rule propagation can take up to one hour using other, so-called “real-time” DDoS protection services. Using IncapRules, Incapsula’s custom rules engine, you can easily create and propagate security measures that meet your specific requirements. Once an attack is detected, your custom rules can help you defend against advanced DDoS vectors within seconds.
Yes. Incapsula can work with any DNS management server.
Follow these steps to configure Incapsula with Route53:
- 1. Login to the Route53 management console and then browse to your domain record sets.
- 2. From the list of records, select the subdomain you are adding to Incapsula.
- 3. Edit the record in the Edit Record Set dialog.
- 4. In the Type dropdown, select CNAME - Canonical Name; in the Value field, insert your Incapsula CNAME.
- 5. If you are adding your www domain (e.g. www.example.com) or your naked domain (e.g. example.com) select the naked domain from the list of records and edit it in the “Edit Record Set” dialog.
- 6. In the Type drop down select “A - IPv4 address” and in the Value text area insert the two Incapsula IP addresses you received from Incapsula.
Incapsula for Amazon Web Services (AWS)
Incapsula offers an enterprise-grade, cloud-based, application delivery solution for organizations hosting applications on AWS. It complements AWS by providing best-of-breed web application security and DDoS protection. Incapsula simultaneously offers advanced load balancing capabilities that enable you to maximize the performance and availability of your web applications.