New Rules Engine Boosts Defense Capabilities Against DDoS and Sophisticated Layer-7 Application Attacks
Incapsula, a cloud-based website performance and security service, today announced a new security rules engine designed to help quickly remediate complex application level (7) and business logic attacks.
According to the company, the new engine and “InRules” security scripting language let customers create complex, granular security rules that are implemented and enforced instantly across Incapsula’s global network. These rules can be either manually coded or generated via a graphical user interface (GUI) that helps users with the rule generation process, the company explained.
New capabilities include:
• Granular access control: Provides the ability to restrict access to a specific web resource (application, URL, parameter) per IP, country, or client type.
• Focused mitigation: Applies mitigation rules with a fine tuned response only where needed. For example: Restricting the rate of account signups per IP and/or session, and requiring the client to pass a transparent browser integrity check.
• Application flow enforcement: Enforces application logic such as parameter content and format validation, allowed rates, and flow enforcement. For example: Requiring a customer to submit a form before allowing them to move to checkout.
Additionally, InRules has a validation feature that helps prevent scripting errors, as well as a revision management system that helps track changes and allows users to revert to a previous rule version.
“Driven by our InRules security language, our new security engine allows customers to apply even those most complex, granular rules across our worldwide network in just seconds, for the first time giving customers the same controls as our security team,” said Gur Shatz, CEO of Incapsula.
Late last year, the company rolled out new capabilities that give users total control over their caching and acceleration policies, enabling them to take advantage of Incapsula’s dynamic application profiling, caching and acceleration capabilities.
Incapsulas cloud-based service helps protect websites from threats such as DDoS attacks, illegal access attempts, spammers, scrapers and other malicious bots, and also addresses the entire OWASP’s Top 10 vulnerabilities list. The company is a spin-off and backed by data security firm Imperva.