Incapsula has a bot recognition engine to achieve a low rate of false positives on layer 7 attacks. These attacks are notoriously hard to detect as they are designed to look like regular network traffic.
Their always-on recognition solution automatically triggers layer 7 protection without user intervention, protecting you during downtimes like holidays, weekends, and late nights.
Rules configured through IncapRules are able to instantly propagate to Incapsula's reverse proxy based global network. This is in contrast to DNS based systems that are subject to TTL/DNS cache delays, which slow down the propagation of custom security rules.
Incapsula provides a dashboard that shows traffic data in real time, allowing you to respond to threats immediately as they happen, and see the results of your response as quickly as possible.
IncapRules is a full fledged scripting language that gives clients full and detailed control of security policies. The language provides access to dozens of filters for analyzing incoming traffic, including headers, client type, location, access rates, and more. There are also a multitude of trigger responses on how to deal with the filtered traffic, including alerts, captchas, and blocking.
While there is a rules editor that offers a shortcut into rule definition, the learning curve to master how to utilize in full IncapRules is pretty steep.
Incapsula chat support is always available. Chat can be much easier to use than phone support, as you can easily copy and paste technical data through text, and get instant feedback you don't get through email.
Incapsula's proprietary "Behemoth" machines handle 170 Gbps each, and process up to 100 million packets per second. As of March 10th 2015, they have a network of 13 data centers with these machines, allowing them to process more than 2 Tbps of bandwidth on top of their existing capabilities.
Potential enterprise customers will need to call Incapsula to find out the pricing for their enterprise plans as they are not listed on the site and appear to be priced on a case by case basis.
Cloudflare was able to deflect 2 massive DDoS attacks. During the March 2013 attack on Spamhaus, they were able to absorb a peak 120Gbps attack that lasted 4 days, as well as a 400Gbps attack in February 2014.
Their track record shows their ability to protect against DDoS attacks in practice.
Cloudflare protects over 2 million web properties; with such a large and diverse set of customers, they can pick up on trends very quickly. While their competitor, Akamai has larger customers, they have fewer customers in total, giving them a less diverse data set for protecting smaller customers.
Cloudflare is pretty hands off when it comes to how much customization is required by the user. They take an approach of handling the hard stuff for you so you don't have to manage any security rules for yourself.
Cloudflare uses servers provisioned by Quanta, the same company that makes Facebook's servers, to create custom hardware, specifically tailored to load handling, and security applications.
CloudFlare offers a free plan with basic DDoS protection and promises to always provide a free service with at least the feature set that it has today. More advanced DDoS protection is available for the higher plans, which can be added as your needs grow.
During large attacks, Cloudflare will block users with captcha screens to filter out malicious attacks. Albeit effective, they cause a considerable annoyance to legitimate users.
The Kona Site Defender rules are all customizable, with continuous updates from Akamai. This means you can see how they are protecting your site under the hood, and adjust them to your needs.
Akami's services cost more than triple comparative packages from other security companies. At 13k a month for DDoS protection, there are many other choices out there that cost less for the same protection.
Because of Akamai's large CDN structure, it can take some time for security rules to propagate, making it harder to adjust security responses on the fly.
Verisign uses a very thorough set up process that can take weeks. This allows them to customize the payees service to their site/s in order to provide the best protection possible.
Verisign uses a multitude of tools simultaneously to detect security breaches and DDoS attacks. By using signature analysis and dynamic profiling along with filtering of the OSI stack (in order to detect DDoS attacks that are not coming from the network layer) Verisign can easily detect attacks to then alert the user as well as start mitigating the attack.
If you already use AWS services, AWS Shield Standard is available for no extra costs. You can choose to upgrade to AWS Shield Advanced for a higher degree of protection.
AWS Shield offers several options to deal enforce cyber security. You can block specific requests, or block all requests except the ones you specify, e.g. by IP addresses.
We appreciate the quality of Indusface AppTrana and related services delivered to us and would recommend that Indusface can be entrusted with a similar job for any prospective customer without hesitation
Our complete eCommerce infrastructure is hosted on the cloud and we are glad to have Indusface as a partner for web security. Due to their association with cloud service providers and prompt deployment options, Indusface was the preferred security choice. The on-demand and scheduled scanning helps us keep track of vulnerabilities that may otherwise damage our website or put customers at risk