Confidential1 © 2013 Imperva, Inc. All rights reserved.
Imperva Incapsula
Doug Smith, Region Sales Mgr [email protected] 416.574.2799
© 2013 Imperva, Inc. All rights reserved. Confidential
Imperva Incapsula Overview
2
Incapsula helps Website owners…
© 2013 Imperva, Inc. All rights reserved. Confidential3
Imperva Incapsula OverviewDoug Smith, Region Sales Mgr [email protected] 416.574.2799
By routing Website traffic through Incapsula, bad traffic is removed and good traffic is accelerated
Confidential4 © 2013 Imperva, Inc. All rights reserved.
SaaS, MSSP & Hosting Providers
Enterprise & Public Cloud Users
Cloud Deployment Doug Smith, Region Sales Mgr. [email protected] 416.574.2799
Highly scalable, carrier-grade infrastructure solutions
Virtual appliances and Software Defined Networking (SDN) integration
Majority owned subsidiary Application Security, DDoS
Mitigation, Site Acceleration Rapid Provisioning Monthly or Yearly Service
WAF & DDoS Protection Enterprise Branch Offices
Imperva Incapsula
SMB, Mid-Market & Enterprise
© 2013 Imperva, Inc. All rights reserved.
Imperva Incapsula is Deployed as a Reverse Proxy Network
360° Global Threat Detection & Analysis:
Enables early detection of threats and attack vectors and instant application of protection rules across the entire proxy network
© 2013 Imperva, Inc. All rights reserved. Confidential6
Incapsula’s Global Content Delivery Network
Datacenters• Currently 14 Datacenters
USA 7 (Ashville NC, Ashburn VA, Los Angles, San Jose CA, Chicago, New York, Miami), London, Singapore, Israel, Amsterdam, Tokyo, Frankfurt, Sydney
• Plans for another 5 Datacenters Dallas, Toronto, Hong Kong, Sao Paulo, and Milan
Data Across Borders• Customer data can be locked into (or out of) specific countries
© 2013 Imperva, Inc. All rights reserved. Confidential7
Web Application Security
Full Blown, enterprise-grade Web application firewall• Leverages years of Imperva security expertise with a new SaaS-
based delivery model
Protects against current application level threats• SQL injection, Cross Site Scripting (XSS), Remote File Inclusion,
Illegal Resource Access• Backdoor Shell Scripts• OWASP Top 10 threats• Completely eliminates automated and undesired traffic to your site
(malicious bots, spam bots, content scraping etc.)
Achieve PCI compliance (PCI DSS 6.6)• Certified PCI Level 1 Service Provider
© 2013 Imperva, Inc. All rights reserved. Confidential8
Imperva Incapsula DDoS Protection
Load distribution, scaling to multi-gigabit throughput, preserves uptime
Load distributed on Incapsula Cloud
DDoS attack traffic is blocked
Websites
2 Gbps
20 Mbps
© 2013 Imperva, Inc. All rights reserved. Confidential9
Full DDoS Attack Protection
Stops all DDoS threats• Application and network attacks• Proprietary technology
differentiates humans from bots and search engines Analyzes HTTP redirect, cookie, and JavaScript execution capabilities
Scales beyond customer’s Internet connection limit• All plans include at least 1GBps of DDoS attack protection
User Attacker MaliciousBot
SearchEngine
© 2013 Imperva, Inc. All rights reserved. Confidential10
Improve Website Performance
Dynamic Content Caching• Advanced algorithms that ensure page freshness while
significantly reducing server load
Traffic Shaping• Transformation of cached content into an optimized format to
speedup delivery.
Connection Optimization• Smart handling of session connections to accelerate traffic
delivery
Reduce bandwidth usage (50%+)
© 2013 Imperva, Inc. All rights reserved. Confidential11
Monitoring & Improved Reliability
Reduce Web server load (25%+)• Improved server utilization due to caching
Ensure optimal performance• Monitor EVERY Web transaction• Identify Website errors and slow loading pages• Automatically alerts you to minimize downtime
Automatic alerts when site is down or errors occur• Pin-points root cause of issues• Correlates client characteristics, referrers and overall throughput
© 2013 Imperva, Inc. All rights reserved. Confidential12
Ideal for Cloud Platforms and Secondary Applications
100% Cloud-based Service• Can be used by any website or application regardless of size• Ideal for protecting secondary applications, remotely managed or
externally hosted sites
Flexible pricing plans• Pay as you go and grow (1-yr, to 5-yr subscriptions)• Payment per capacity and number of websites
© 2013 Imperva, Inc. All rights reserved. Confidential13
Perfect for Small to Midsized Businesses
Effortless Deployment• Performed by making a simple DNS change• No software or hardware to install, no application changes
Affordable, low total cost of ownership• Software-as-a-Service delivery model• Low annual cost significantly reduces capital expenditures and
operational costs• Does not require specialized IT or Security expertise to use
Imperva world-class security expertise• Around the clock health monitoring and support• Threat alert notifications and security reports
© 2013 Imperva, Inc. All rights reserved. Confidential14
Service Provider Oriented
Multi-tenant architecture Effectively manage a large portfolio of customers with
minimal human resources Extend enterprise-grade application security to customer
base Use as a platform for offering additional, value-added IT
services
© 2013 Imperva, Inc. All rights reserved. Confidential15
Multiple IP Support
Load balancing (user traffic balancing)• When multiple IPs are defined the Imperva proxies will balance the users
traffic between theses IPs First time a user accesses the site Imperva will select an IP. Later requests from the
same user (IP, session cookie) will be directed to the same IP
Fault tolerance• Each proxy monitors the site IPs.
If it fails to connect to an IP the site(IP) is declared “Unavailable” and the IP is removed from the list of available IPs
The Imperva proxy will check the IP every 10 seconds and add it back when it becomes available
High availability• Allow two lists of IPs for each site
Only one list will be active and used for routing traffic If all IPs in the list become unavailable the Imperva proxy will switch-over to the
second list
Confidential16 © 2013 Imperva, Inc. All rights reserved.
Imperva Incapsula Customer Sample
© 2013 Imperva, Inc. All rights reserved. Confidential17
Imperva Incapsula Summary
Website & Web Application Security• Block Web application attacks and prevent malicious users from
affecting business applications
DDoS Protection• Maintain Website availability by defending against all types of
DDoS attacks
Optimize Website Performance• Save on bandwidth costs, boost Webpage responsiveness, and
create a better user experience for Website visitors
Fulfill PCI 6.6 Compliance• Achieve PCI DSS 6.6 compliance in minutes with automated PCI
Reporting
Confidential18 © 2013 Imperva, Inc. All rights reserved.
Settings - WAF
Confidential19 © 2013 Imperva, Inc. All rights reserved.
Settings - WAF
Confidential20 © 2013 Imperva, Inc. All rights reserved.
Settings – WAF Whitelist
© 2013 Imperva, Inc. All rights reserved.21 Confidential
Questions?