Datapipe’s David Lucky recently sat down with Tim Matthews, VP of Marketing for Imperva Incapsula regarding last week’s partnership news and why their Incapsula service is so important in light of evolving DDoS attacks. Read on to hear his take on how Incapsula works with AWS offerings to better safeguard data for enterprises and what this means for Datapipe’s own customers.
David: If our clients are reading about this partnership for the first time, can you tell our readers a bit about the Incapsula service?
Tim: Incapsula is a cloud service that makes websites and web applications both faster and safer. In particular, we are a reverse proxy between our end users and customer sites. We inspect the traffic as it comes through. Since we are seeing all the traffic, we can look at signatures of the traffic, including the location of traffic, helping us identify incoming requests that are not legitimate. What this enables us to do is look for signs of DDoS attacks before they hit the customer site and wreak havoc.
David: And what sizes and types of businesses should consider using your service?
Tim: We really have two main categories of businesses that should consider using our service. The first group is companies who can’t afford any downtime. These are mostly ecommerce, gaming, and travel companies who just can’t afford a minute of downtime otherwise the impact to their business would be detrimental. The second group consists of very large global brands that are concerned about hacktivism – groups of activist hackers bringing down a brand’s site to draw attention to their cause. Essentially Incapsula users, regardless of size, rely on us and Datapipe to keep them safe and running smoothly. They look to us to avoid downtime and keep their brand reputations intact.
David: One of the reasons we decided to integrate with Incapsula is because you integrate with AWS, which fits extremely well with how Datapipe works with this service. Can you tell our readers more about how you integrate with AWS?
Tim: When someone builds an app on AWS, they don’t own the data center or machines. They are hosting their app on AWS infrastructure. So when a Datapipe user implements Incapsula, we sit in front of AWS as another cloud, and that organization’s data is routed through us. We provide an application layer security capability and very easy access to caching on our network. We have a collection of 25 data centers around the world, which enables us to optimize routes and push out content to people a lot faster.
David: And what does Incapsula do that AWS doesn’t?
Tim: We are finding that there truly are more attacks happening at the application layer. Attackers are flooding organizations with requests, going after weak spots, utilizing giant files that take up massive amounts of bandwidth. AWS actually doesn’t offer that level of application layer protection and as a result, more sophisticated attackers are targeting those application flaws. Also, as a result of the increase in DDoS attacks, organizations sometimes have to spin up multiple servers to handle the increase in traffic, which can result in very large AWS bills. By utilizing Incapsula, all traffic is routed, reviewed and filtered so the DDoS attacks never actually reach AWS’ systems, saving organizations money. In addition, organizations can also scale up their protection, just like you can with insurance, which isn’t something you can currently do utilizing the AWS service on their own. In short, we act as an additional barrier, an additional layer of security, providing customers peace of mind.
David: How do you actually identify unwanted traffic?
Tim: There are three things we use to figure out if the traffic is malicious.
- Country of origin – we monitor typical traffic patterns and when we see traffic from an unusual place, such as a country the customer has never received incoming traffic from, that’s a definite tip-off.
- IP addresses – if we notice that customer A is attacked by a certain IP address, when traffic from that IP address attacks customer B, we can automatically block it. Once we identify that traffic is bad, we’ll put it in our database. We have thousands of illegitimate IP addresses in our database.
David: Are you seeing a growing trend of these more sophisticated DDoS attacks?
Tim: Absolutely. We do an annual report capturing how attacks are changing over time and most recently there are two trends we are seeing. One is that the size of attacks are getting even bigger. As organizations are taking advantage of the economies of the cloud, so are the bad guys. Secondly, we are seeing an increase in the types of the attacks that are application layer attacks, plus people are now posing as Google bots or browsers. No web teams want to block Google bots because they naturally want to be found. However, attackers are now pretending to be bots so they can get right through the system and crawl all the pages for the data they need. They are getting more sophisticated and learning new techniques – it’s up to us to continue to block them at every turn.