Infrastructure DDoS ProtectionImperva Information Security

Incapsula Infrastructure DDoS Protection is an on-demand security service that safeguards critical network infrastructure from volumetric and protocol-based DDoS attacks, such as UDP, SMTP, or SYN Floods executed directly or via DNS/NTP amplification. These capabilities are enabled via GRE tunneling and by leveraging Border Gateway Protocol (BGP) routing.

Infrastructure DDoS Protection complements SecureSphere Web Application Firewall to provide web ops with a comprehensive solution that offers complete protection from all DDoS threats.


How does it work?

Infrastructure Protection helps you protect all elements of your critical infrastructure (e.g., web, email, FTP) across entire subnet ranges.

In the event of an attack, traffic is re-routed through Incapsula’s scrubbing centers using BGP announcements. From this point on, Incapsula acts as the “ISP” and advertises all protected IP range announcements.

All incoming network traffic is inspected and filtered. Only legitimate traffic is securely forwarded to the enterprise network, via GRE tunneling.

Incapsula Infra DDoS Protection


Key Features & Benefits:

  • Key Capabilities:
    • Blanket DDoS protection for all types of services (UDP/TCP, SMTP, FTP, SSH, VoIP, etc.)
    • Complements the web application protection provided by SecureSphere WAF
    • GRE tunneling for seamless on-demand onboarding
    • DDoS protection for entire subnets
    • Complete protection against diret-to-IP DDoS attakcs
    • Enabled by Incapsula's "Behemoth" scrubbing servers
  • High ResilientThe Infrastructure Protection service is built on top of Incapsula’s global network of high powered data centers. Route advertisements are propagated from all data centers to create a “many-to-many” defense for incoming DDoS attacks.
  • Quick and Easy ImplementationProtection for entire subnets is enabled on-demand. With the GRE tunnel in place, BGP routing is used to activate and deactivate the service on-the-fly, allowing customers to quickly and easily respond to any type of DDoS attack.
  • Unhindered VisibilityLegitimate incoming traffic passing through the Incapsula network is unaltered, ensuring that source IP address visibility remains intact. At the same time, all outgoing traffic is forwarded as normal to the ISP, minimizing the chance for any impact to regular traffic flow.
  • Comprehensive ProtectionInfrastructure Protection is fully compatible with Incapsula’s Website and Name Server DDoS Protection services. Together these form the most robust DDoS protection offering on the market, able to deal with highly sophisticated DDoS threats and any possible DDoS-related security scenario.
  • Cost-Effective DDoS ProtectionIncapsula's cloud-based service offers 24x7 protection against all DDoS attacks without the need for multi-gigabit Internet connections, or any additional hardware. Using Incapsula eliminates the setup and overhead costs associated with over-provisioning and deployment of additional on-premise appliances.



For more information, contact i2S now to determine how Imperva can help secure your business.  


To learn more about Imperva, visit the Imperva website.