Incapsula is on a serious cyber security mission, doing all it can to separate itself from Akamai Prolexic. Incapsula is taking the end-to-end packet security concept and bringing it to life, offering customers a security solution that protects packets from the customer network, all the way to the edge. Incapsula has just introduced two new security features, DDoS Protect and Infrastructure Protect, extending their already robust edge security suite to the network. Akamai is a close second, followed by CloudFlare. The rest of the industry is playing catchup. For example, comparing Incapsula to Amazon CloudFront from a security perspective is like comparing Apples to peas. Â Â
Some industry analysts state that Akamai won’t compete with Palo Alto Networks, as they are in different segments within the security market. I think otherwise, Palo Alto is moving into the cloud, and they are eventually going to spill over into the CDN industry. Incapsula understands this, and they have already responded by going deeper into network security. My guess is that Incapsula will continue to build more features in the network security segment, as there isn’t really much more it can do in the edge, than what it already has now. Akamai will eventually do the same, once they acquire the right company, and expand from edge security into network security. Here is a snapshot of Incapsula’s features, DNS Protection and Infrastructure Protection.
Incapsula “Behemoth”
- DNS Protection: Protect a customer’s DNS servers and accelerates DNS response
- DNS Protection: Protects from DNS DDoS floods such as NXDomain and DNS Query Floods
- DNS Protection: Scrubs all DNS queries separating the good from the bad
- DNS Protection: Enables customers to extend DDoS protection to a customer’s network, including subnets, securing FTP and email, mitigating direct-to-origin attacks
- Infrastructure Protection: Supports GRE (generic routing encryption) for creating encapsulation and tunneling
- Behemoth is Incapsula’s proprietary DDoS scrubbing hardware that processes 170Gbps of traffic per appliance
- Behemoth: Performs filtering, tunneling, deep packet inspection and routing