Migrating from Akamai to Incapsula: What You Need to Know

For audio, please dial into +1 (415) 655-0069, conference code is 784-532-544

Migrating from Akamai to Incapsula What you need to know

Tim Matthews – VP Marketing, Incapsula

Andrey Shkanov – Lead Solution Manager, Incapsula

© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069

conference code is 784-532-544 3

Agenda

•  Overview of Incapsula

•  Comparing the two platforms

•  The Migration –  Planning for the Move –  Transitioning Platforms –  Configuring Incapsula

•  Lessons Learned from the Field

•  Q & A


conference code is 784-532-544

Incapsula Overview

4

Performance Security Availability

Solving Top Operational Problems

Delivered from the Cloud



Incapsula Application Delivery Cloud

5



How Incapsula Works

6

By routing website traffic through the Incapsula network, malicious traffic is blocked, and legitimate traffic is accelerated.

Incapsula Network Your Website Legitimate Traffic



…what should you expect

Comparing Akamai and Incapsula…



The Incapsula CDN Model

8

Analyzes website content automatically optimizing performance by determining •  What is cacheable (static AND dynamic content) •  How long to cache it •  What resources are frequently used, prioritizing their delivery

Web Server

Website Visitors

Incapsula Content Delivery Network



Comparing Basic Functionality

9

Functionality Imperva Incapsula Akamai CDN Kona Site

Defender (KSD) Akamai Prolexic

Website Security ü ü DDoS Protection ü ü ü CDN ü ü Load Balancing ü ü



Website Security Comparison (Incap vs KSD)

10

Proprietary, Gartner Magic Quadrant-leading, PCI-compliant Web Application Firewall (WAF) ü û Access Control (white/black listing) ü ü IP reputation-based monitoring system ü ü API integration ü ü Client classification algorithms to mitigate advanced bots ü û Transparent, progressive challenges for minimal user impact and reduced false positives ü ü Backdoor protection to guard against malware infection ü û Two factor authentication to prevent breach by stolen passwords ü û Self Service Customization of security rules ü û 60-second security rule propagation ü û



DDoS Mitigation

11

Features Incapsula Akamai KSD

Akamai Prolexic

Protection of Origin IP Address from DDoS ü ü Always on detection and mitigation ü ü Client Classification for low FP ü Real time Attack Monitoring ü Instant custom security rule propagation ü Protected Assets

Websites (HTTP/S) ü ü ü Customer Managed DNS Servers ü ü Infrastructure Protection for Network protocols (per subnet) ü ü Infrastructure Protection for Network protocols (per IP Address) ü



Video Streaming and File Server Use Cases

•  Akamai supports a wide variety of CDN use cases including –  Video streaming –  Large static file serving

•  Incapsula does not support Video streaming or large static file use cases

•  Incapsula can be deployed for DDoS Proteciton in addition to Akamai’s CDN



Custom Application Delivery Rules

Incapsula does not currently support some of the custom application delivery rules present on the Akamai system including:

Supported •  Always cache (by URL is | is not | contains) •  Never cache (by URL | is not | contains)

Unsupported •  Redirection rules based on cookies and headers •  URL rewriting •  Response manipulation



Making the Transition Starts with Proper Planning



Scoping out your Incapsula Migration

•  Incapsula uses many of the same sizing metrics as Akamai including –  Number of sites to be protected –  Aggregate bandwidth –  Add-on functionality (load balancing, DDoS protection, two factor authentication, etc.)

•  Customers can map their Akamai deployment directly to Incapsula but with significant cost savings

•  All solutions will be delivered from a single user interface



Making the Switch

•  Migration happens in minutes via a simple DNS record change to route traffic to the Incapsula network.

z

Your Website Legitimate Traffic



Application Preparation – SSL and Origin IP Tracking

SSL •  Bring your own or have Incapsula partner generate •  Be careful of SSL pinning

Origin IP Tracking •  Akamai users wishing to see client IP addresses “through” their CDN

use a header called “True client IP” •  Incapsula supports this header, X-forwarded for and a proprietary

header called Incap-client-IP in order to preserve client origin IP address visibility



Custom Security Rules Configuration

•  Incapsula has a custom rule engine called “IncapRules” which can be used to create very complex security rules

•  IncapRules can be used to replicate any custom security rules that need to be migrated

•  This process is currently not automated but our managed service team can be used to port the rules over



Lessons Learned 1 – Deploying Side by Side with Akamai

19

•  Incapsula provides DDoS, WAF, and Dynamic Acceleration

•  Akamai provides CDN for Static Content

•  Decouple content from Website

•  Need to segregate resources

International Stock Exchange

Incapsula

Your Website

Akamai CDN

Content Caching DDoS Mitigation • WAF

Bots



Lessons Learned 2 – Akamai Replacement

20

•  Incapsula provides DDoS, WAF, CDN (Static + Dynamic)

•  Added load balancing for reservation system failover

•  Custom security rules created for bot issues – fast propogation was key

•  Watch DNS zones versus web properties

U.S. National Hotel Chain



Lessons Learned 3 – Akamai Replacement

21

•  Incapsula provides DDoS, WAF, CDN (Static + Dynamic)

•  Load balancing for availability/performance

•  12 global sites –  Onboard 4 sites per week, total of three weeks –  Traffic cutover in maintenance windows

•  Ease of management key for large number of properties globally –  Permissions set for regional teams to manage their properties

Global Toy Manufacturer

© 2015 Imperva, Inc. All rights reserved.

Q&A

22

For a free trial of Incapsula, visit us at: www.Incapsula.com

For audio, please dial into +1 (415) 655-0069, conference code is 784-532-544

We’ll follow up via email after the presentation with a complementary copy of our Akamai Migration Guide.

Thank you for your time!

Technology

Migrating from Akamai to Incapsula: What You Need to Know