Imperva Cloud Service Defends Customers From DDoS Attacks
Imperva's latest cloud service protects customers from both application-based and network based distributed denial of service attacks.
Imperva has launched a cloud-based service designed to help businesses defend against distributed-denial-of-service attacks.
The Imperva Cloud DDos Protection service will help organizations defend against various types of DDoS attacks, including network-based attacks, such as SYN or UDP floods, and application attacks that consume server resources, Imperva said Sept. 6. With the cloud-based model, Imperva can deal with DDoS attack traffic and keep it off the organization's infrastructure before it even reaches the network, the company said.
Imperva guarantees protection for DDoS for attacks up to 4 Gbps even though most organizations tend to see attacks in the range of 10Mbps to 200Mbps, but attacks from LulzSec and other groups this past year has shown how easy it is for attackers to overwhelm corporate defenses, Rob Rachwald, director of security strategy at Imperva, told eWEEK.
The cloud-based managed service can stop multi-gigabit attacks without requiring customers to invest in expensive hardware and bandwidth. There have been a significant increase in the number of DDoS attacks affecting Websites in the past year and the downtime has been costly for organizations according to Rachwild.
"We scratched our heads and said, 'We gotta do something about this,'" Rachwald said.
Imperva also regularly monitors hacker forums as part of its hacker intelligence initiative for insight into some of the technical aspects of hacking, Rachwild said. Hackers rely on forums to learn new techniques, recruit others learn their hacking expertise and buy tools, according to Rachwald. After analyzing one forum with about 250,000 members, Imperva discovered that there was "most chatter" on how to launch DDoS attacks, or about 22 percent of all discussions, Rachwald said.
"DDoS got the gold medal," Rachwald said. SQL injection was the second most frequently mentioned attack vector, accounting for 19 percent of all discussions.
The cloud service will allow genuine traffic to still access the URL while filtering out malicious traffic, Rachwild said. Since it can scale automatically, the organization can use the service to handle various types of attacks, not just "run-of-the-mill network bombs," he said.
The versatility is important as attackers are also changing tactics. While some DDoS attacks are just about flooding the server with multiple requests and overwhelming the machine, there are recent attacks that have shut down machines by using up all the server resources. The Apache Killer script which illustrated a flaw in the Apache Web server software and RefRef, the rumored new tool from an expected Sept. 17 Anonymous group campaign, focus on the this new type of attack.
DDoS attacks nowadays generally use "muscular attack machines" and have much heavier bandwidth than previously seen. Attackers are often using botnets consisting of hacked servers rather than compromised PCs to launch attacks, Kasey Cross, senior product marketing manager at Imperva, told eWEEK. The servers generally have more bandwidth compared to PCs, which may be connected to the Internet via a DSL connection. It's "unbelievable expensive" for businesses to try to defend against attacks by just investing in a bigger bandwidth pipe, Cross said.
In comparison, Imperva can take advantage of its data centers around the world to re-route customer traffic to other locations, Cross said.
Imperva's analysts at its Security Operations Center will also monitor all the customers and pro-actively fine-tune policies that will reflect new and emerging attack methods and known malicious attackers, Rachwild said. The new tool will also monitor application performance, so the organization can keep track of the Website even while under attack. Extra features of the product include access control by both country and visitor type, support for HTTPS sites and threat alert email notification.
Imperva currently offers DDoS services through the Web application firewall services sold through Incapsula, an independent subsidiary, Rachwald said. Incapsula will continue offering the service through small businesses, while Imperva will target businesses with bigger traffic requirements, Rachwald said.
Imperva Cloud DDos Protection "will provide support for larger enterprises," Cross said. Pricing for Imperva Cloud DDoS Protection will start at $12,000 per year.