incapsula: how to increase saas websites’ uptime and accelerate performance

For audio, please dial into 1-(888) 681-1078, conference code is 490 048 1

© 2015 Imperva, Inc. All rights reserved.

Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance

Nicole Donner, Incapsula

Jason Sweitzer, Tempus Technologies

© 2015 Imperva, Inc. All rights reserved. Confidential3

Introduction

• Thanks for joining our webinar• The webinar will last 30 minutes and will be recorded• Questions will be answered during the session

• Incapsula: Incapsula provides any website and web application with best-of-breed security, DDoS protection, load balancing and failover solutions—available as standalone services or as an integrated solution.

• Tempus Technologies: Whether your business accepts payments by credit card, debit card, or health benefit card, PaymentMate® is the versatile and cost-effective software solution.



Agenda

• Business and Technical Challenge for SaaS companies

• Solution #1: Saving Time with WAF

• Solution #2: Increasing Up Time– Failover ISPs– SSL Frontend– DDoS and PCI

• The Results and Benefits

• Wrap-Up

• Q&A



Poll

How many of you run or help manage IT for a SaaS company?

Please answer in the chat, reply to “All – Entire Audience”


Confidential6 © 2015 Imperva, Inc. All rights reserved.

Business and Technical Challenge for SaaS companies



Business and Technical Challenge for SaaS Companies

• Scalability– Needed to scale application between multiple data centers

• Availability– Automatic failover in the case of a server or data center outage

• Security– PCI Compliance

• Web Application Firewall for PCI

• Load Balancing/Failover– Best done at proxy level– DNS Failover has a relatively slow failure detection/re-route– Needed to meet demanding customer SLAs



Business and Technical Challenges for SaaS Companies

• Physical hardware deployment issues– Expensive up front costs– Very Little practical DDOS capability

• Rate limiting• Simple remediation measures are quickly rendered useless if your internet connection has been

saturated by attacker’s data• Far more practical 5 years ago when attack vectors were less sophisticated and had far less

volume

– High touch administration• Constant firmware and signature updates requiring reboots causing administrative

costs/productivity loss

– SSL• Required all SSL Certificates to be installed on all server clusters• SSL Costs became prohibitive for our SMB clients


Solution #1: Saving Time with WAF1


Poll

Have you used a WAF for your company’s website before?

Please answer in the chat, reply to “All – Entire Audience”


Saving Time with WAF

• Quick site setup– Configure a domain– Reconfigure DNS– Wait for SSL certificate issuance

• Reduced maintenance– All signatures are automatically updated– Zero-Days are automatically patched and deployed

• Dashboard– Live view gives deep insight into traffic and attack patterns in real time– Flexible rules allow for custom rule writing


Solution #2: Increasing Up Time2


Increasing Up Time: Failover ISPs

• Application availability is paramount– Tempus utilizes live load balancing between 3 data centers and 6 ISPs

– Configurable with various routing rules

– Quick detection and re-route of traffic

– Allows us to utilize more lower SLA providers for a higher overall uptime percentage with a lower overall cost

– Easy server maintenance• Simply take one data center or origin server down for maintenance and traffic keeps flowing


Increasing Up Time: SSL Frontend

• SSL Deployment critical– Use one SSL certificate on the origin server

• Significant network simplification– 1 IP per server instead of 1 IP per site

– Use Incapsula generated and signed certificates on all front end servers

• Reduces deployment and SSL costs• Allows us to offer vanity domain names for our clients at a cheaper cost• Reduces administrative overhead of managing SSL certificates for dozens of clients

– No certificate expiration management


Increasing Up Time: DDoS and PCI

• Hardware based WAF will not handle modern DDoS– Layer 7 is the only data it will see– Other network infrastructure will crumble under network layer DDoS such as syn floods,

DNS reflection, etc– Layer 7 protection won’t help if the network flood overwhelms network pipe

• Even large (1GBPS +) pipes are easily overwhelmed by DDoS for hire

• Block attack traffic in the cloud before it gets close to your infrastructure

• Incapsula is PCI Complaint– Allows compliance with PCI DSS Mandates


Results and Benefts


Results and Benefits

• Significant cost savings– No hardware costs

• Comparison: Barracuda 860 WAF $24,999 + $17,749 annually for signatures, support, and replacement insurance (Double for redundancy)

– No additional SSL certificate costs– No Signature update/Annual maintenance costs– 40% Reduced bandwidth costs due to edge caching

• Enhanced security– Automatic zero day fixes– Automatic attack signatures/mitigation

• Availability improvements– Near perfect uptime due to multi-site/multi orgin server failover– Having Incapsula operations team on the front-end allows leaner operations staff


Wrap-Up


Wrap-up

• Quick set-up with WAF, reduced maintenance, zero-day vulnerabilities are patched and deployed, dashboard is available for live analytics

• Use load balancing to increase application availability

• SSL deployment is critical

• Block attack traffic in the cloud before it gets close to your infrastructure


Q&A

incapsula: how to increase saas websites’ uptime and accelerate performance

Technology