Incapsula secures your hosted websites and applications against all types of DDoS attacks—from massive network layer barrages (e.g., SYN and UDP floods) to sophisticated application layer assaults. Automatic detection and transparent mitigation of DDoS penetrations minimizes false positives, ensuring a normal user experience—even when under attack.
Incapsula DDoS Protection for Microsoft Azure
Our cloud-based DDoS Protection service helps enterprises secure their Azure-hosted applications from all types of DDoS attacks. Built specifically for use in cloud and hybrid environments, Incapsula's best-in-class service bolsters Azure's basic DDoS defenses to help ensure that your business-critical applications are always secure and available.
Incapsula DDoS Protection for Azure automatically mitigates high-volume network layer attacks, as well as identifying hard-to-detect application layer DDoS attacks. Advanced traffic profiling techniques minimize false positives and ensure a normal user experience even under attack.
Incapsula DDoS Protection for Azure
- Always-on protection ensures early detection and automatic mitigation of DDoS attacks
- Global network delivers more than of total scrubbing capacity
- Industry-best false positive rate (<0.01%) for transparent user experience
- 99.999% uptime SLA with 24x7 support
- Onboarding in minutes via simple DNS change
Frequently Asked Questions
Many of our current customers use Incapsula to protect Azure-hosted applications from DDoS attacks. Reflecting our company’s security focus, the DDoS Protection service leverages proprietary, self-developed traffic inspection technologies, as well as our experience mitigating thousands of DDoS attacks. These technologies bolster Azure's standard intrusion detection and mitigation techniques such as SYN cookies, rate limiting, and connection limits. Azure was built to protect its own infrastructure from DDoS attacks, but was not intended to provide protection for hosted servers and applications. This means that if, for example, your application is hit by an HTTP flood attack, such an incident will not be mitigated by Azure. Or, if you suffer an 80Gbps network DDoS attack, you'll be charged a bandwidth overage fee and risk the chance of having all your traffic null-routed until the situation is resolved.
Yes. The ability to mitigate network attacks always comes down to a simple question: who has more network capacity, the attacker or the mitigation service? Incapsula uses a network of global scrubbing centers that has more than enough capacity to mitigates volumetric DDoS attacks—including SYN floods, UDP floods and DNS amplifications which regularly exceed 100 Gbps. The Incapsula network scales on demand to counter massive volumetric DDoS attacks. This ensures that mitigation and filtering take place outside your own network, allowing only clean traffic to reach your hosts.
Application layer attacks are performed by malicious bots that mimic legitimate web traffic (e.g., browsers and other "good" bots). When defending against this type of attack, success depends on the ability of your security technology to distinguish legitimate website visitors from malicious bots. Incapsula has developed a traffic profiling solution that uses signature-based and behavior-based heuristics, combined with IP reputation scoring and a progressive use of security challenges (e.g., JS and cookie challenges) to ensure that malicious traffic is blocked without impairing the experience of legitimate users. An intuitive rule engine (IncapRules) enables quick creation and instant propagation of custom security rules to block these attacks.
Incapsula uses proprietary technologies developed specifically for cloud-based DDoS mitigation. The servers in our data center use these technologies to perform robust deep packet inspection (DPI) to identify and block malicious packets based on the most granular of details. We inspect all attributes of each incoming packet, while serving hundreds of gigabits of traffic at an inline rate. We also developed a custom scrubbing appliance, used in our data centers, with the highest levels of scalability and resiliency, as required to handle the largest network DDoS attacks.
By owning the technology, we have the flexibility to evolve our DDoS protection at DevOps speed, enabling us to provide customers with the best protection against massive volumetric attacks, as well as highly sophisticated application layer attacks. This can be contrasted with other DDoS mitigation providers that use third-party security technologies over which they have little or no control in terms of new features and updates.
In addition, Incapsula DDoS Protection is continuously monitored by a 24x365 Security Operations Center (SOC) manned by security experts. The SOC team provide proactive security event management and response, continuous real-time monitoring, adept policy tuning, summary attack reports, and 24x7 technical support.
Yes. Incapsula allows customers to monitor traffic flows in real-time, enabling rapid data-driven response to DDoS attacks. A real-time dashboard enables users to get access to live traffic statistics in a matter of seconds, providing accurate visibility into incoming traffic streams, with detailed information about suspicious visitors and abnormal behavior. In addition, once an attack is detected, the “IncapRules” custom rules engine lets you create and propagate security rules across the network within seconds for reacting to advanced DDoS vectors or customer-specific requirements.
- Yes. Incapsula can work with any DNS management server.
- In order to configure Incapsula with Azure DNS follow the following steps:
- 1. Login to Azure DNS management console and browse to your domain record sets.
- 2. Select the subdomain you are adding to Incapsula from the list of records
- 3. Edit the record in the "Edit Record Set" dialog.
- 4. In the Type drop down select "CNAME - Canonical Name" and in the Value text area insert your Incapsula CNAME.
Incapsula for Microsoft Azure
Incapsula is an ideal cloud solution for security-minded enterprise, commercial, or DevOps customers needing to safeguard their Azure-hosted applications and data. In addition to delivering industry-leading web application security and DDoS protection, this enterprise-grade service also offers CDN and load balancing services that maximize web application performance and availability.