Imperva Incapsula, profile picture
Uploaded byImperva Incapsula
PPTX, PDF364 views

D3TLV17- Advanced DDoS Mitigation Techniques

The document discusses advanced DDoS mitigation techniques, highlighting the various types of DDoS attacks, such as application layer and volumetric attacks. It emphasizes the challenges in mitigating such attacks, including the need for rapid response, scalable resources, and agile network infrastructure. The overview concludes with insights into the infrastructure needed for effective DDoS defense, exemplified by the capabilities of the 'Behemoth' mitigation system.

Embed presentation

Downloaded 18 times
Advanced DDoS Mitigation Techniques Tomer Shani Infrastructure Protection Development Group Manager, Imperva
BIO Tomer Shani Three kids, Three cats. Three years at Imperva Incapsula Various R&D positions, all in thee field of networking Plan for the worst, only the paranoid survive © 2017 Imperva, Inc. All rights reserved.2
Introduction to DDoS © 2017 Imperva, Inc. All rights reserved.3 Distributed Denial of Service Denial of Service: • Resource exhaustion • Exploit: Network capacity, infrastructure, compute or applicative weaknesses • Will eventually lead to service being unavailable Why “Distributed”? • Difficult to track, contain and prevent • Enabler for mega-scale attacks Attack Types Application Layer • Aimed at specific services Network Layers 3/4 • Volumetric attack – consuming bandwidth • PPS attacks – consuming network equipment capacity • Syn flood/Connection flood – target server’s network stack resources
Introduction to DDoS – Cont. © 2017 Imperva, Inc. All rights reserved.4 DDoS is Easy • Stressers (DDoSers/Booters) will offer you to “test” your website, these saints will offer a premium service: • And in some cases very happy to share their method of exploit
Introduction to DDoS – Cont. © 2017 Imperva, Inc. All rights reserved.5 Motivation • Hacktivism • Vandalism • Competition • Extorsion
Introduction to DDoS – Cont. © 2017 Imperva, Inc. All rights reserved.6 The Impact
DDoS in the Wild – Challenging Mitigation Resources © 2017 Imperva, Inc. All rights reserved.7 Volumetric Attacks PPS Attacks
DDoS in the Wild – Challenging Mitigation Tactics © 2017 Imperva, Inc. All rights reserved.8 Changing Attack Vectors Pulse Wave DDoS
Challenges in Attack Mitigation Fast! Time to Mitigation • Minimal service impact • Attack which goes through provider may get network null routed – Minutes of impact may take hours to fix • Pulse waves • Changing attack vectors Latency • Latency should not degrade when scrubbing is in progress Volume • Distribute network capacity • Equip to handle high PPS attacks and volumetric attacks Agility • React to evolving threats in real-time © 2017 Imperva, Inc. All rights reserved.9
Network Topology © 2017 Imperva, Inc. All rights reserved.10
Meet the Behemoth © 2017 Imperva, Inc. All rights reserved.11
Under the Hood Behemoth 2 Sampling (10G) Mitigation core CPU ALTA Switch © 2017 Imperva, Inc. All rights reserved.12 DDoS Traffic (160G) Traffic (400G)
PEACE TIME Mitigation Core © 2017 Imperva, Inc. All rights reserved.13 Sampled Traffic 1:40 Attack Traffic . . . 16*10G -> 160 Gbps Detection Core Mitigation Core WAR TIME
Performance Challenges Scaling up the muscle Detection Core Brain 75% CPU Mitigation Core Muscle 99% CPU © 2017 Imperva, Inc. All rights reserved.14
Heavy Lifting © 2017 Imperva, Inc. All rights reserved.15 Behemoth 2 Sampling Core Mitigation CPU Clean Traffic QFX SwitchISP ALTA Switch
Heavy Lifting © 2017 Imperva, Inc. All rights reserved.16 Behemoth 2 DDoS Traffic QFX SwitchISP ALTA Switch Sampling Core Mitigation CPU Scrubbed Traffic
Heavy Lifting © 2017 Imperva, Inc. All rights reserved.18 Behemoth 2 Sampling Core Mitigation CPU Clean Traffic QFX SwitchISP ALTA Switch Scrubbed Traffic
Revisiting the 650G DDoS © 2017 Imperva, Inc. All rights reserved.20
D3TLV17- Advanced DDoS Mitigation Techniques
D3TLV17- Advanced DDoS Mitigation Techniques

More Related Content

PPTX
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
byImperva Incapsula
 
PPTX
D3NY17- Customizing Incapsula to Accommodate Single Sign-On
byImperva Incapsula
 
PPTX
D3NY17 - Migrating to the Cloud
byImperva Incapsula
 
PPTX
D3TLV17- Keeping it Safe
byImperva Incapsula
 
PPTX
D3TLV17- You have Incapsula...now what?
byImperva Incapsula
 
PDF
GWAVACon 2015: GWAVA - Backup, manage & monitor your GroupWise server
byGWAVA
 
PDF
GWAVACon 2015: GWAVA - Three dimensional security for Novell GroupWise
byGWAVA
 
PPTX
Business+ DDoS Protection
byImperva Incapsula
 
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
byImperva Incapsula
 
D3NY17- Customizing Incapsula to Accommodate Single Sign-On
byImperva Incapsula
 
D3NY17 - Migrating to the Cloud
byImperva Incapsula
 
D3TLV17- Keeping it Safe
byImperva Incapsula
 
D3TLV17- You have Incapsula...now what?
byImperva Incapsula
 
GWAVACon 2015: GWAVA - Backup, manage & monitor your GroupWise server
byGWAVA
 
GWAVACon 2015: GWAVA - Three dimensional security for Novell GroupWise
byGWAVA
 
Business+ DDoS Protection
byImperva Incapsula
 

What's hot

PPTX
D3NY17- Using IncapRules to Customize Security
byImperva Incapsula
 
PDF
Cloud Security - Product Overview
byKenneth Chiu
 
PPTX
Is Wi-Fi Enterprise so perfect?
byAleksandr Demchenko
 
PDF
SSL for SaaS Providers
byCloudflare
 
PDF
Why Many Websites are still Insecure (and How to Fix Them)
byCloudflare
 
PPTX
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
byCloudflare
 
PPTX
Unexpected Impacts of DDoS Attacks and How to Stop Them
byCaitlin Magat
 
ODP
Cdns
byivoelenchev
 
PPTX
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
byCloudflare
 
PDF
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
byNeustar, Inc.
 
PDF
Security for AWS : Journey to Least Privilege
bydhubbard858
 
PDF
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
byCloudflare
 
PPTX
DDoS 101: Attack Types and Mitigation
byCloudflare
 
PDF
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
byCloudflare
 
D3NY17- Using IncapRules to Customize Security
byImperva Incapsula
 
Cloud Security - Product Overview
byKenneth Chiu
 
Is Wi-Fi Enterprise so perfect?
byAleksandr Demchenko
 
SSL for SaaS Providers
byCloudflare
 
Why Many Websites are still Insecure (and How to Fix Them)
byCloudflare
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
byCloudflare
 
Unexpected Impacts of DDoS Attacks and How to Stop Them
byCaitlin Magat
 
Cdns
byivoelenchev
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
byCloudflare
 
A Responder's Guide to DDoS Attacks: Seeing Clearly Through the Smoke
byNeustar, Inc.
 
Security for AWS : Journey to Least Privilege
bydhubbard858
 
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
byCloudflare
 
DDoS 101: Attack Types and Mitigation
byCloudflare
 
65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...
byCloudflare
 

Similar to D3TLV17- Advanced DDoS Mitigation Techniques

PDF
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
byImperva
 
PDF
The role of DDoS Providers
byNeil Hinton
 
PPTX
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
byImperva Incapsula
 
PPT
Denail of Service
byRamasubbu .P
 
PDF
How We Blocked a 650Gb DDoS Attack Over Lunch
byImperva
 
PDF
DoS Attack vs DDoS Attack_ The Silent Wars of the Internet.pdf
byCyberPro Magazine
 
PPTX
DDoS Attack Prevention and Mitigation Techniques Made Easy (2).pptx
bygwrisv22
 
PDF
DDoS Attack Trends_ How Emerging Threats Affect Protection Strategies -1200.pdf
bynoble hackers
 
PDF
ddos-protector-customer-presentation.pdf
byTuPhan66
 
PDF
Nas nie zaatakują!
byBiznes to Rozmowy
 
PPTX
Service Provider Deployment of DDoS Mitigation
byCorero Network Security
 
PPTX
Study of System Attacks- DoS.pptx
byvasep68958
 
PPT
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
PDF
nitinbisht-170409175645 (2).pdf
byrashidxasan369
 
PPTX
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
byHostway|HOSTING
 
PDF
Ix3615551559
byIJERA Editor
 
PDF
Distributed Denial of Service Attack - Detection And Mitigation
byPavel Odintsov
 
PDF
DDoS Falcon_Tech_Specs-Haltdos
byHaltdos
 
PDF
DDoS Mitigation Techniques for Your Enterprise IT Network
byHaltdos
 
PPTX
DDoS Mitigator. Personal control panel for each hosting clients.
byГлеб Хохлов
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
byImperva
 
The role of DDoS Providers
byNeil Hinton
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
byImperva Incapsula
 
Denail of Service
byRamasubbu .P
 
How We Blocked a 650Gb DDoS Attack Over Lunch
byImperva
 
DoS Attack vs DDoS Attack_ The Silent Wars of the Internet.pdf
byCyberPro Magazine
 
DDoS Attack Prevention and Mitigation Techniques Made Easy (2).pptx
bygwrisv22
 
DDoS Attack Trends_ How Emerging Threats Affect Protection Strategies -1200.pdf
bynoble hackers
 
ddos-protector-customer-presentation.pdf
byTuPhan66
 
Nas nie zaatakują!
byBiznes to Rozmowy
 
Service Provider Deployment of DDoS Mitigation
byCorero Network Security
 
Study of System Attacks- DoS.pptx
byvasep68958
 
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
nitinbisht-170409175645 (2).pdf
byrashidxasan369
 
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
byHostway|HOSTING
 
Ix3615551559
byIJERA Editor
 
Distributed Denial of Service Attack - Detection And Mitigation
byPavel Odintsov
 
DDoS Falcon_Tech_Specs-Haltdos
byHaltdos
 
DDoS Mitigation Techniques for Your Enterprise IT Network
byHaltdos
 
DDoS Mitigator. Personal control panel for each hosting clients.
byГлеб Хохлов
 

More from Imperva Incapsula

PPTX
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
byImperva Incapsula
 
PPTX
D3LDN17 - Recruiting the Browser
byImperva Incapsula
 
PPTX
D3LDN17 - Keynote
byImperva Incapsula
 
PPTX
D3SF17- Using Incap Rules to Customize Your Security and Access Control
byImperva Incapsula
 
PPTX
D3SF17- Boost Your Website Performance with Application Delivery Rules
byImperva Incapsula
 
PPTX
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
byImperva Incapsula
 
PPTX
D3SF17- Improving Our China Clients Performance
byImperva Incapsula
 
PPTX
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
byImperva Incapsula
 
PPTX
D3SF17 -Keynote - Staying Ahead of the Curve
byImperva Incapsula
 
PPTX
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
byImperva Incapsula
 
PPTX
Protect Your Assets with Single IP DDoS Protection
byImperva Incapsula
 
PPT
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
byImperva Incapsula
 
PDF
Migrating from Akamai to Incapsula: What You Need to Know
byImperva Incapsula
 
PPTX
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
byImperva Incapsula
 
PDF
Is the Cloud Going to Kill Traditional Application Delivery?
byImperva Incapsula
 
PPTX
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
byImperva Incapsula
 
PPTX
Understanding Web Bots and How They Hurt Your Business
byImperva Incapsula
 
PPTX
A DevOps Guide to Web Application Security
byImperva Incapsula
 
PPTX
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
byImperva Incapsula
 
PPTX
DNS and Infrastracture DDoS Protection
byImperva Incapsula
 
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
byImperva Incapsula
 
D3LDN17 - Recruiting the Browser
byImperva Incapsula
 
D3LDN17 - Keynote
byImperva Incapsula
 
D3SF17- Using Incap Rules to Customize Your Security and Access Control
byImperva Incapsula
 
D3SF17- Boost Your Website Performance with Application Delivery Rules
byImperva Incapsula
 
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
byImperva Incapsula
 
D3SF17- Improving Our China Clients Performance
byImperva Incapsula
 
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
byImperva Incapsula
 
D3SF17 -Keynote - Staying Ahead of the Curve
byImperva Incapsula
 
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
byImperva Incapsula
 
Protect Your Assets with Single IP DDoS Protection
byImperva Incapsula
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
byImperva Incapsula
 
Migrating from Akamai to Incapsula: What You Need to Know
byImperva Incapsula
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
byImperva Incapsula
 
Is the Cloud Going to Kill Traditional Application Delivery?
byImperva Incapsula
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
byImperva Incapsula
 
Understanding Web Bots and How They Hurt Your Business
byImperva Incapsula
 
A DevOps Guide to Web Application Security
byImperva Incapsula
 
From 1000/day to 1000/sec: The Evolution of Incapsula's BIG DATA System [Surg...
byImperva Incapsula
 
DNS and Infrastracture DDoS Protection
byImperva Incapsula
 

Recently uploaded

PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PDF
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
PPTX
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
PPTX
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PDF
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
PDF
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
PDF
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
PDF
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
PPTX
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PDF
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
Pervasive Encryption - Keeping Data Secure.pdf
byPrecisely
 
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 

D3TLV17- Advanced DDoS Mitigation Techniques

  • 1.
    Advanced DDoS MitigationTechniques Tomer Shani Infrastructure Protection Development Group Manager, Imperva
  • 2.
    BIO Tomer Shani Three kids, Threecats. Three years at Imperva Incapsula Various R&D positions, all in thee field of networking Plan for the worst, only the paranoid survive © 2017 Imperva, Inc. All rights reserved.2
  • 3.
    Introduction to DDoS ©2017 Imperva, Inc. All rights reserved.3 Distributed Denial of Service Denial of Service: • Resource exhaustion • Exploit: Network capacity, infrastructure, compute or applicative weaknesses • Will eventually lead to service being unavailable Why “Distributed”? • Difficult to track, contain and prevent • Enabler for mega-scale attacks Attack Types Application Layer • Aimed at specific services Network Layers 3/4 • Volumetric attack – consuming bandwidth • PPS attacks – consuming network equipment capacity • Syn flood/Connection flood – target server’s network stack resources
  • 4.
    Introduction to DDoS– Cont. © 2017 Imperva, Inc. All rights reserved.4 DDoS is Easy • Stressers (DDoSers/Booters) will offer you to “test” your website, these saints will offer a premium service: • And in some cases very happy to share their method of exploit
  • 5.
    Introduction to DDoS– Cont. © 2017 Imperva, Inc. All rights reserved.5 Motivation • Hacktivism • Vandalism • Competition • Extorsion
  • 6.
    Introduction to DDoS– Cont. © 2017 Imperva, Inc. All rights reserved.6 The Impact
  • 7.
    DDoS in theWild – Challenging Mitigation Resources © 2017 Imperva, Inc. All rights reserved.7 Volumetric Attacks PPS Attacks
  • 8.
    DDoS in theWild – Challenging Mitigation Tactics © 2017 Imperva, Inc. All rights reserved.8 Changing Attack Vectors Pulse Wave DDoS
  • 9.
    Challenges in AttackMitigation Fast! Time to Mitigation • Minimal service impact • Attack which goes through provider may get network null routed – Minutes of impact may take hours to fix • Pulse waves • Changing attack vectors Latency • Latency should not degrade when scrubbing is in progress Volume • Distribute network capacity • Equip to handle high PPS attacks and volumetric attacks Agility • React to evolving threats in real-time © 2017 Imperva, Inc. All rights reserved.9
  • 10.
    Network Topology © 2017Imperva, Inc. All rights reserved.10
  • 11.
    Meet the Behemoth ©2017 Imperva, Inc. All rights reserved.11
  • 12.
    Under the Hood Behemoth2 Sampling (10G) Mitigation core CPU ALTA Switch © 2017 Imperva, Inc. All rights reserved.12 DDoS Traffic (160G) Traffic (400G)
  • 13.
    PEACE TIME Mitigation Core ©2017 Imperva, Inc. All rights reserved.13 Sampled Traffic 1:40 Attack Traffic . . . 16*10G -> 160 Gbps Detection Core Mitigation Core WAR TIME
  • 14.
    Performance Challenges Scaling upthe muscle Detection Core Brain 75% CPU Mitigation Core Muscle 99% CPU © 2017 Imperva, Inc. All rights reserved.14
  • 15.
    Heavy Lifting © 2017Imperva, Inc. All rights reserved.15 Behemoth 2 Sampling Core Mitigation CPU Clean Traffic QFX SwitchISP ALTA Switch
  • 16.
    Heavy Lifting © 2017Imperva, Inc. All rights reserved.16 Behemoth 2 DDoS Traffic QFX SwitchISP ALTA Switch Sampling Core Mitigation CPU Scrubbed Traffic
  • 18.
    Heavy Lifting © 2017Imperva, Inc. All rights reserved.18 Behemoth 2 Sampling Core Mitigation CPU Clean Traffic QFX SwitchISP ALTA Switch Scrubbed Traffic
  • 20.
    Revisiting the 650GDDoS © 2017 Imperva, Inc. All rights reserved.20

Editor's Notes

  • #5 https://www.incapsula.com/ddos/booters-stressers-ddosers.html https://www.incapsula.com/blog/unmasking-ddos-for-hire-fiverr.html And even goes as low as 5$ (Fivrr)
  • #6 TODO: remove ad from the russian bank piece https://en.wikipedia.org/wiki/2016_Dyn_cyberattack http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/
  • #7 TODO: remove ad from the russian bank piece https://en.wikipedia.org/wiki/2016_Dyn_cyberattack http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/
  • #8  https://www.incapsula.com/blog/throughput-forwarding-rate-ddos-attacks.html https://www.incapsula.com/blog/650gbps-ddos-attack-leet-botnet.html Targeting network resources
  • #9  https://www.incapsula.com/blog/pulse-wave-ddos-pins-down-multiple-targets.html Targeting mitigation tactics Pulse waves aiming to expoit on off services / manual mitigation
  • #10 - Icon is a suggestion. Seems like the slide could use a visual.
  • #11  Similar location maps for other vendors, only incapsula has the same scrubbing map as the CDN map. Scrubbing center vs scrubbing at the source Latency – no need to haul traffic Attacks are split up, attackers ability to congest a given datacenter is very low
  • #13 Customized hardware consisting of al Intel CPU running Ubuntu LTS And Intel switching silicon with 400G of external bandwidth (10G nics) & 200G of internal bandwidth (PCIE)
  • #14  Dive into the behemoth Detection core will take decisions at a sub-second resolution Decisions are fully automated All software based – software is high performance lockless code Houses software rules which can be updated globally / per account (perfromed by the incapsula SOC) New version released every week
  • #15 Don’t wait for things to scale to start thinking about measuring. you won’t see that things are breaking or about to break and you will miss huge opportunity for improvement. DDoS mitigation is at the core of what we do, hence we can’t run into glass ceilings in that area.
  • #16 Dive into the behemoth
  • #17 Dive into the behemoth
  • #19 Dive into the behemoth
  • #21 Revisiting the 650G attack, let revisit the PPS numbers Some pulse waves to test the system, few minutes to regroup and back at full force in a volumetric attack