IT Management Articles

Securing Your Business With Incapsula

by Rakesh Sharma
Published on 12 May 2011

I was pretty happy when I received the first comment on my website blog. "I finally have company," I thought to myself. My website, you see, was pretty much the dreary outpost of the Internet. But my happiness quickly turned to disappointment and horror when I clicked the commenter's website link to thank them. I was the victim of a comment spam. Since then, my blog regularly receives at least one comment a day from the spammer, praising my website content in generic terms. And, I am still stuck on the fringes of the Internet. That is why, I was delighted to learn that the product for this week was Incapsula: a cloud-based website security solution. According to the folks behind the solution, it protects your website from hackers and spammers.

We will look at Incapsula's interface, functionalities, and how it can be of use to you.


Did you read about the recent Sony Playstation network breach recently? If not, I suggest you read about it. That breach resulted in theft of personal details of 100 million users. Can you imagine the consequences of such a breach in your online business? Part of the reason why the breach occurred is because the hackers knew that they could get personal details online. This is because our life is increasingly being transacted in a combination of online and offline modes. For example, you network with friends online through Facebook and, also, buy products off online e-commerce retailers such as Amazon. Thus, your business will definitely need to have an online component in the future.

This component will be vulnerable to hackers or programmers whose business it is to invade networks and websites. Unlike big corporations like Sony, however, you do not have the resources, financial or otherwise, to fight hackers. This is where affordable solutions like Incapsula come in. According to its website, Incapsula offers website security, increased speed (because it uses a cache of recently viewed pages to retrieve information about your website) and updates you in real time about threats to your website.


Incapsula intrigued me because it sounded like a firewall. Typically, firewalls work on a network or locally on your computer. However, Incapsula is a Web Application Firewall (WAF) which inspects all your web traffic at the HTTP/S level. The folks at Incapsula have optimized the WAF to work on a cloud service platform or configured it, in their own words, to become an enterprise-grade security service In simple words, this means that you become part of the Incapsula network once you subscribe to an Incapsula plan. All security and threat knowledge is distributed through architecture of distributed servers. The folks at Incapsula call this a unique cooperation model.


Incapsula is not really a product. It is a service that is activated through through a series of four steps. The steps are aimed at changing the DNS for your website. Once you have changed that, then you are all set. For simplicity, this one wins hands down.

You can login to their website on a daily basis and check out statistics relating to your website. For example, you can distinguish between the number of human and bot visits on your website. Similarly, you can see bandwidth being used and also generate threat reports about your website.


There are several hosting providers, who for reasons of security and business, do not allow changes to DNS. How does one change records for hosting providers where DNS field are non-editable? The folks at Incapsula recommend working with support staff to bypass this problem. However, it might be an idea for them to add features or functionality that will enable users to install or work with their service for such providers. As an example, how about creating an application that is bundled up with hosting provider solutions. For a minimal charge, users who are tied to such hosting providers could install the Incapsula application on their websites.

I was also curious about how the service worked with SSL websites. SSL sites are secure sites with an extra layer of security to ensure confidentiality and privacy of information that is being passed between your browser and website server. Typically, they are used for payment sites such as Paypal. According to the Incapsula website, support for SSL sites requires an SSL certificate from Incapsula. Thus, GlobalSign, Incapsula's SSL certificate provider will generate an SSL certificate for your domain within 24 hours of registration. You need to approve this certificate before using Incapsula for your website.


The website has an extensive help forum with topics and discussions about product features and website security. I thought it was pretty good because it combined the big picture with specifics at the same time. For example, the help forum explains the importance of an alert and kinds of alert available through Incapsula. In addition, it also contains user forums for users to discuss features. Here is a suggestion from my side: given the critical and time-sensitive nature of website security, it might be an idea to have support staff for chat available online.


Incapsula is not just security. Keeping your site running at top-speed is also a high priority. Good performance ensures happy users, which in turn leads to returning business; Incapsula also optimizes your site's loading and navigation processes, without compromising your website's look-and- feel or its functionality. According to Incapsula, an average website's load time is improved by over 30% with an even higher reduction in server load and bandwidth usage.


Yes. If you are concerned about website security and interested in protecting user data for your business. I think it is a great product at an affordable price. The service ensures that you can protect your website and customers without spending too much. Of course, then there are those comment spammers….


Apps mentioned in this article