Imperva have announced this week that they are expanding their Incapsula network. Alongside this expansion of the Incapsula network, Imperva will also be engaging in a significant investment in second-generation DDoS attack mitigation technology. This investment will facilitate Imperva being able to perform faster, and will also mean the introduction of an industry-leading 10 second DDoS mitigation SLA (service level agreement) to minimize the disruption to business in the extremely unfortunate event of a DDoS attack.
This expansion is driven by a notable change in DDoS attack patterns. Research by the Imperva Incapsula security team shows that DDoS attack patterns are shifting, with a significant increase in high packet rate attacks, DDoS assaults in which the packet forwarding rate escalated to about 50 million packets per second (pps). In Q3, Imperva saw 197 high packet rate attacks among clients, more than half of which were greater than 100 million pps. Of these, 11 were more than 200 million pps with the largest hitting 238 million pps for more than 3.5 hours.
The following three areas constitute the bulk of the expansion programme:
New PoPs, Increased Transit Capacity and Peering
Imperva has expanded its Incapsula data center footprint into Delhi, Dubai, Moscow, Mumbai, and Vancouver. Seven more are planned to be online by the end of the year in Bangkok, Istanbul, Jakarta, Johannesburg, Mexico City, Seoul and Taipei. The addition of these new PoPs speeds up the internet experience for local users.
Network bandwidth has been expanded to 4.7 terabits per second through a relationship with Level 3 Communications that adds an additional 1.8 Tbps across 20 strategically located data centres. An additional 2 Tbps of transit capacity is expected to be added by the end of 2017.
Second-Generation Scrubbing Technology Deployed in Mesh Network
The Incapsula global network now includes the Behemoth 2, Imperva’s second-generation DDoS mitigation device that provides DDoS scrubbing capability of 650 million packets per second and 440 gigabits per second per device. The Behemoth 2 devices are linked via the Incapsula mesh network to form a virtual DDoS scrubbing center that can mitigate large scale attacks now and in the future. With the addition of the new PoPs and Behemoth 2, the Incapsula global network has a total DDoS packet scrubbing capacity of 65 billion pps.
“There is a growing sophistication in DDoS attack techniques, and Incapsula’s advanced technology provides the headroom and capacity to handle larger attacks that will inevitably occur,” said Yoav Cohen, vice president of Incapsula research and development at Imperva. “Our unique approach of strategically located PoPs, increased bandwidth, and the Behemoth 2 allows Incapsula to detect and start mitigating a DDoS attack in seconds, effectively protecting against downtime.”
In today’s DDoS heavy cyberworld, any expansion designed to keep us safe is okay with us!
