Offering DDoS mitigation in under ten seconds

11th October 2017
Source: Imperva
Posted By : Joe Bush
Offering DDoS mitigation in under ten seconds

The DDoS attack mitigation technology from Imperva has been expanded. The second generation of the technology means faster performance for internet users and introduces a ten second DDoS mitigation Service Level Agreement (SLA) to minimise business disruption in the event of a DDoS attack.

The network expansion is driven by subscriber growth along with a change in DDoS attack type, size and frequency. Research by the Imperva Incapsula security team shows that DDoS attack patterns are shifting, with a significant increase in high packet rate attacks, DDoS assaults in which the packet forwarding rate escalated to about 50 million packets per second (pps).

In Q3, Imperva saw 197 high packet rate attacks among clients, more than half of which were greater than 100 million pps. Of these, 11 were more than 200 million pps with the largest hitting 238 million pps for more than three and a half hours.

New PoPs, increased transit capacity and peering
Imperva has expanded its Incapsula data centre footprint with the addition of points of presence (PoPs) in Delhi, Dubai, Moscow, Mumbai, Taipei and Vancouver. Six more are planned to be online by the end of the year in Bangkok, Istanbul, Jakarta, Johannesburg, Mexico City and Seoul. The addition of these new PoPs speeds up the internet experience for local users.

Network bandwidth has been expanded to 4.7Tbps through a relationship with Level 3 Communications that adds an additional 1.8Tbps across 20 strategically located data centres. An additional 2Tbps of transit capacity is expected to be added by the end of 2017. Imperva has also expanded direct peering relationships including one with Comcast Corporation. The network expansion and new peering relationships allow Incapsula to serve more than 90% of the globe with sub-second response times.

Second generation scrubbing technology deployed in mesh network
The Incapsula global network now includes the Behemoth 2, Imperva’s second generation DDoS mitigation device that provides DDoS scrubbing capability of 650 million packets per second and 440 gigabits per second per device. The Behemoth 2 devices are linked via the Incapsula mesh network to form a virtual DDoS scrubbing centre that can mitigate large scale attacks now and in the future. With the addition of the new PoPs and Behemoth 2, the Incapsula global network has a total DDoS packet scrubbing capacity of 65 billion pps.

Together, the additional PoP locations, expanded capacity and Behemoth 2 allow Incapsula to offer a new ten second DDoS mitigation SLA. Other services measure DDoS mitigation response times in minutes, which can result in website slowdowns and outages. The new Incapsula DDoS SLA provides DDoS customers with an improved service level commitment to mitigate the onset of a DDoS attack in a matter of seconds.

“There is a growing sophistication in DDoS attack techniques, and Incapsula’s advanced technology provides the headroom and capacity to handle larger attacks that will inevitably occur,” said Yoav Cohen, Vice President of Incapsula research and development at Imperva. “Our unique approach of strategically located PoPs, increased bandwidth, and the Behemoth 2 allows Incapsula to detect and start mitigating a DDoS attack in seconds, effectively protecting against down-time.”


You must be logged in to comment

Write a comment

No comments




Sign up to view our publications

Sign up

Sign up to view our downloads

Sign up

Developing wearable products: technology and opportunities
17th January 2018
United Kingdom Cocoon Networks, London