Incapsula Review

If you own or manage a website, two of your biggest concerns are keeping it secure and making it faster. Thanks to Incapsula, a cloud-based service for SME's, these needs can be fully met with a simple setup and without installing any hardware or software.
Incapsula protects and accelerates websites. The service includes a bot detection technology to identify and filter out malicious bots, a PCI-certified Web Application Firewall (WAF) to provide Enterprise-grade website security against malicious attacks and hackers, and a content delivery network (CDN) to accelerate websites.

How does it work?

Once the user signs up to Incapsula, he gets simple directions to change his website's DNS records in order to route the traffic through Incapsula's global network of data centers. After the DNS changes have been completed (it takes minutes to make the changes and up to 24 hours for the changes to fully propagate – but there is no downtime during the process), the incoming traffic is profiled in real-time by Incapsula, allowing Incapsula to block all threats to the website. Meanwhile, the outgoing traffic is accelerated and optimized by Incapsula.

By offering a distributed, cloud-based service, Incapsula is able to offer a variety of affordable plans, starting with a free plan for small websites and up to Business and Enterprise plans which include Enterprise-grade security features.

The Dashboard

The Traffic tab provides an overview of the website visits and sessions, separating human visits and bot visits, along with a list of top countries & Applications used to hit the website.

The Security tab lists the different threats and incidents identified by Incapsula. For each threat there is an option to view the event – which means to get a detailed session report. You can also view your current setting - is Incapsula blocking the threat, reporting it or completely ignoring it.

The Performance tab in the dashboard helps in ascertaining the bandwidth consumption and also provides insight on how much speed has been increased by the caching and optimization features provided by Incapsula.

As Incapsula provides a global Content delivery network (CDN), by presenting the content of the website to the visitor from the nearest data center, the pages load can be dramatically improved, which improves SEO ranking and of course the user experience.

Settings

Incapsula offers various setting options to allow the user full control of his security and performance rules:
The Site Settings screen offers various options but the most interesting one is the ‘Advanced Acceleration Mode' that enables Incapsula's unique dynamic content caching. In my case, indeed it improved site performance significantly.

The Notifications Settings provides a few option to make sure that the user is always updated with the latest events:
- A Weekly report: sent automatically to the email, listing all important security events in the passing week, and other traffic and performance stats
- A PCI Compliance Report: PCI compliance is an important issue for e-commerce sites. The PCI report is a unique feature of Incapsula and allows you to provide your auditor with a report indicating that your website has been protected by a Web Application Firewall during a specific period.
- Real-time Notifications: Including notification emails for specific types of threats and visitors to the site.

The Security Settings: Incapsula's Bot Access Control allows the user to decide which bots are allowed to visit the website, which should be blocked, and which should get a CAPTCHA test.
As some of the bots disguise themselves through spoofed IPs & fake user-agents, Incapsula uses various identification techniques, to search for clues in the behavior patterns of the bot and the HTTP Headers.

The WAF Settings: Incapsula's PCI-Compliant Web Application Firewall protects from 4 types of threats: SQL Injection, XSS, Illegal Resource Access and DDoS attacks. For each type of attacks the user has various options, starting from deciding what Incapsula should do with the attack (Alert only, Block, ignore) and up to Blocking a specific User or IP.

DDoS Settings

The ‘Automatic’ feature in DDoS gets enabled at the time of attack. The ‘Advanced Settings’ option allows site administrator to configure the challenge and DDoS request rate. Various configurable challenge options are Cookie / Javascript / Captcha support.

Overall Assessment: te’s DNS changes
My overall assessment of the tool is 9 on a scale of 1-10 and would recommend customers using Incapsula for protecting their websites against web threats and accelerating it
If you have an eCommerce website, Incapsula provides a PCI-Certified WAF with excellent reports that can be filed in your compliance file. If you are a customer to whom true security, confidentiality, integrity, and availability are of crucial or of utmost importance - this is, in my opinion, one of the best tools to help you to reach this goal.

About evaluator: Amit Chugh, CEH®, ISO 27001 LA, Creative, innovative & results driven technology leader with over 14 years of industry experience, with 7+ years specialising in Information Security Management, Incident Management, Business Continuity Management and Software Development. He is reachable at chugh ‘dot’ a ‘at’ gmail ‘dot’com.