This is a sponsored post written on behalf of Incapsula. All opinions are 100% my own.
Every day, websites are subjected to a vast array of malicious scripts and attempts of subversion intended to break through any layer of security you’ve implemented. These attempts are largely rooted in a desire to take advantage of service you’ve paid for in order to fulfill whatever goals the hacker has in mind. Protecting your online properties is essential, even if you just have a small personal blog.
Enter Incapsula, a combination CDN (content delivery network) and protective filtering service intended to deliver your site faster to the people you want to visit while blocking access to malicious scripts and bots. Incapsula has an interesting approach to cloud-based site protection. Unlike many client-side protection scripts and services, Incapsula acts as a filter between your visitors and your site. This filter does a little more than just pick out SQL injections, scrapers, and malicious bots. It actually optimizes your site through a basic internationally-staged CDN to provide something of speed boost over a single central server.
Incapsula‘s approach makes absolute perfect sense when you take a look at just how much easier it is to filter unwanted traffic before it hits your server. By switching your DNS over to Incapsula, traffic is forced through one of many Incapsula data centers located around the world. Once it is filtered for security, it is then passed through to receive content. This would cause a slowdown of traffic, obviously.
Enter Incapsula’s CDN feature. By caching static and certain dynamic parts of your site and storing it throughout Incapsula’s network, the visitor actually experiences a bit of a speed boost over a traditional, centrally located host. This also has the effect of shaving some of the bandwidth your site uses by a significant degree.
To test Incapsula’s service, we were offered a demonstration account. I placed the account on a site that gets a small to moderate amount of traffic in order to see just what the service could do for us. We let it roll for about a week, and here are the results.
Incapsula’s built-in security filters spotted and blocked over 6,200 malicious access attempts on our server. The majority of these are malicious bots. Cross site scripting, illegal resource access attempts, and suspected bad bots were handled by Incapsula in an appropriate fashion. Suspected bots were met with a CAPTCHA request to make any submissions to the site. We set the security settings to alert us to malicious scripts and access requests, which it did.
We could lock the site down entirely and block any access to any number of possible visitor types. This is one of the most interesting features of the service. It not only detects and acts on these instances, but gives you the power to deny access or let it through.
Worried about a DDoS attack? Incapsula’s security filter is all over it. By filtering all of the data going to your servers through your DNS, a DDoS attack successfully shutting your site down would be no small task. This protective filter kicks in at the enterprise level of Incapsula’s service, and isn’t available on the free, personal, or business account.
In addition to alert emails, Incapsula users are given access to a robust monitoring dashboard that gives you an amazingly detailed set of statistics about your site. Not only can you take a close look at the security issues, but also the legitimate traffic. Find out how much bandwidth you’re using each day, and how many hits per second your site is bringing in. This statistics readout is similar to Google Analytics, but it actually divides legitimate traffic from bots. You can’t usually see bot traffic on Google Analytics, and these numbers are important as they affect your bandwidth usage and determine where the majority of your traffic is coming from.
For many sites, there are far more bots visiting than humans. It’s the nature of the Internet. Every search engine, news delivery service, and aggregator out there seems to have a bot (or multiple bots) rolling through the Internet non-stop in search of new content to catalog and archive.
Bandwidth and Performance
The CDN feature of Incapsula isn’t its biggest selling point, but the savings it gives your site in terms of bandwidth and performance are noteworthy. During the initial week, the small site we attached to Incapsula used about 2.8 GB of bandwidth. Incapsula’s CDN saved us 1.4 GB. Of that amount, roughly half of the cached data delivered to our visitors was dynamic information. That’s an impressive figure considering the costs involved with using Incapsula. Remember, it’s free for the basic setup with static caching and site protection.
As far as performance goes, I can’t say for sure one way or the other if the site has “sped up” for all of our visitors. I can confirm that from my home office in Austin, TX, things seem a hair snappier than they were before. Again, we weren’t hit with a Reddit storm or anything during the trial period to really test it with. Still, it’s good to know it’s there and actively saving us on bandwidth.
Incapsula claims a 30-40% speed boost internationally for customers presently working with a non-distributed service provider. By delivering the data from a location closer to your visitors, the speed increase should indeed be significant.
Incapsula’s plans are very straightforward. You can sign up and add your site for free, which is recommended for anyone that has a site they wish to keep clear of unwanted visitors. I’ve had more than a few instances where WordPress has been cracked and my site compromised. It’s never a good experience, and it’s one that can be avoided with even the most basic level of filtered security. Incapsula provides this, and it works.
In the free service, you get the advantage of a static-cached DNS with site optimization, basic security protection for your site, and detailed daily traffic statistics.
For $9/month, you get Incapsula’s Personal service, which includes real-time traffic statistics, advanced site optimization including dynamic caching to the CDN, SSL support, and email customer service. This is, to me, the ideal solution for a business running a basic e-commerce site with SSL security. Not having this added level of security opens your site up to a lot of issues down the road.
For $59/month, you’re at Incapsula’s Business account level. This level includes Web Application support, PCI compliance, and a number of other features that appeal to small to mid-sized businesses that rely heavily on having a secure and speedy site.
The Enterprise account has prices that vary depending on the needs of the business, but they start around $200/month. This service includes DDoS protection, dedicated throughput SLA, and API integration and automation. It’s the premiere service for customers that get a lot of traffic to their site, or have advanced needs that extend beyond simple data distribution and commerce.
Setup in any one of these levels takes about five minutes. I have limited experience dealing with server infrastructure and we were able to get Incapsula set up and active on our site in no time. A simple switch of the DNS settings and everything was up and running. We don’t even notice that Incapsula is there. It just works, and that’s exactly what a good security service should do for any site.
Is Incapsula Worth It?
With a free plan available that meets the needs of many small sites out there, I see no reason not to at least give it a try. The paid plans offer a great deal more flexibility for medium and large sites, including some that deal heavily in commerce. You owe it to yourself to protect your site from harm, and there is no better price to get started than free.