An interview with Marc Gaffan from Incapsula
Security is a major issue and not just for Joomla sites. Every other day I hear about another large site that was hacked, and it always makes me wonder: if big companies that can afford to hire the best talent and use the best servers still get hacked, what hope is there for small companies like mine — and like yours?
At the last Joomla World Conference in November I had the pleasure of meeting Marc Gaffan, one of the founders of Incapsula. Marc gave a great presentation about Incapsula’s solution. You can see it below. I’m going to give you a little review and then move to the interview with Marc.
Incapsula behaves like a firewall, protecting your site from all sorts of bad stuff like cross scripting, SQL injections and more. They have a large, dedicated team of security experts whose only job is to protect your site. They’ll even scan your pages for backdoors and report back to you. Since the average small business can rarely afford even one security person, that’s a great benefit.
And the reports Incapsula delivers are really eye-opening. You will be stunned at the number of hacking attempts that happen on a regular basis against your site, mainly by robots but also by humans.
Incapsula is not hacker-proof
You should know, though, even if your site is behind Incapsula, it’s not 100% protected. You still have to do your due diligence. You still have to close security holes both on your server configuration and on anything you install on top of Joomla. (I’ll include some resources at the end).
The backend of Incapsula has a bunch of tools to help you get the most out of your subscription and to control the alerts you receive.
The difficulty of set-up varies
Setting up Incapsula can be challenging — or easy — depending on the complexity of your site. You may have to tweak your email accounts, FTP and get a new SSL (it’s included free with your membership). It might take you a little bit of time to get everything up running smoothly again. Incapsula will send you a number of emails that explain the steps you need to take. I recommend that you read them all carefully and follow the instructions.
And now over to Marc Gaffan:
Marc, what is Incapsula?
Incapsula is a cloud-based service that protects and accelerates websites. Through a simple DNS change, your website’s traffic is seamlessly routed through Incapsula’s globally-distributed network of high-powered servers.
Incoming traffic is intelligently profiled in real-time, blocking even the latest Web threats: from sophisticated SQL injection attacks to scrapers, malicious bots, intruding comment spammers and thwarting multi-Gigabit DDoS attacks.
Meanwhile, outgoing traffic is accelerated and optimized with Incapsula’s global CDN for faster load times, keeping welcome visitors speeding through.
What made you start Incapsula?
Until recent years, website security and acceleration was accessible only to the big companies, those with financial resources and IT departments capable of handling the configuration and management of appliance-based solutions.
New cloud technology that has emerged over the last few years has allowed services like Incapsula to create affordable and easy-to-set-up website security and acceleration solutions. This is definitely a growing need by SMB’s today who have to make sure that their sites are always online and protected but do not have the time or money to handle it themselves.
What are the top three benefits of Incapsula?
1. Website Security – Instant Virtual Patching:
Incapsula’s unique bot detection technology and Web Application Firewall technology protect Joomla websites from intruding comment spam, fake registrations, site scrapers and other threats. Leveraging a unique crowd-sourcing security model and an extensive real-time knowledge base of website attack patterns, new vulnerabilities are quickly detected and virtual patches are released to mitigate these threats.
2. Website Performance – Global CDN & Optimizer:
Incapsula’s global CDN improves website performance by caching and optimizing its content, and delivering it directly from the Internet’s backbone. On average, websites using Incapsula are 40% faster and consume 50% less bandwidth.
3.Advanced Analytics – Traffic, Performance and Threat Statistics:
Incapsula’s dashboard includes live stats for all website traffic, including human visitors, bots, performance statistics and detailed threats reports.
What does your Joomla extension do? Do I need to install it to use Incapsula?
Any Joomla site owner can sign up to Incapsula through our website and set up their website through our online management console.
Our newest Joomla component enables site owners to do all of that and manage their security and performance directly from their Joomla admin without using the management console.
What are some of the unique challenges Joomla users have when it comes to security?
I think that anyone using open source CMS platforms is exposed to many security vulnerabilities that are detected from time to time on different versions. The extensions installed on CMS websites also suffer from vulnerabilities, so users finds themselves in constant concern that their website may be exposed to different threats.
Obviously patches and new Joomla versions are released to overcome vulnerabilities, but it requires the user’s time and efforts each time a patch needs to be installed or a version upgrade is required.
Can Joomla users protect themselves from hackers without Incapsula by using Joomla tools like RS Firewall? What added benefits does Incapsula have that those tools lack?
Joomla users defend their websites by using different extensions such as RS Firewall, but Incapsula’s advantage is the fact that it’s an external service that constantly updates with the newest threats and makes sure the website is protected at all times. In addition, you need to remember that traffic to the protected website is routed first through Incapsula’s servers. This means that attacks are stopped at Incapsula’s side and never even get to the protected website. That is something which is unique to Incapsula.
In addition, Incapsula provides a PCI DDS Compliant WAF, which is the highest widely recognized standard for Web Application Firewalls.
And last, remember that Incapsula doesn’t provide websites just with security but also accelerates websites with our CDN and optimization technology
I feel like your security team works for me, which is cool. What can you tell me a about their work routine and function?
Incapsula keeps a dedicated team of security engineers 24/7 who monitor all the websites under our protection. Once a new threat is detected, we learn the threat and immediately deploy a new security rule protecting from it. This is something you get only with a cloud-based service like ours.
Do you ever hire hackers?
No, we do not.
How do the people in your security team work to find new vulnerabilities?
In three ways:
– We get information from our community members who alert us about new vulnerabilities that
they have heard of or encountered.
– We monitor the thousands of websites under our protection and detect attempts
to exploit vulnerabilities in these websites.
– We proactively look at all the online resources where you can find information about new
vulnerabilities: forums, blogs, etc.
What are the top countries for hackers?
Well, the bigger the country the bigger the number of hackers, so you can see lots of hackers from China, the U.S., Russia, U.K., etc. But you can also see lots of hackers from smaller countries as South Korea, Israel, Denmark and more.
The feature that surprised me the most was the spam blocking. We used to get dozens of spam posts on our forum. Since we moved to Incapsula, we only got one, which makes us very happy. How does the spam blocking work?
We developed a unique bot classification and detention technology which is based on several layers of protection and on our existing and ever-growing bot signature database. When filtering human visitors from bots (and good bots from bad bots) we will look at signatures, HTTP headers and even behavior patterns. We will cross-verify these signals to gain an initial “first impression” and when still not 100 percent sure, we will perform a series of seamless tests (i.e. JS challenge and Cookie challenge). This process will accurately identify 99.9 percent of all bots and our users can turn up their Security setting to provide CAPTCHA challenges to the remaining 0.01 percent. Upon identification, every new bot signature is aggregated across the network to benefit all users, who become instantly immune, even from the latest threats.
It almost seems like fighting with hackers is pointless because they will always be a step ahead of us. That’s why I believe Incapsula and similar services will become the standard for websites in the not-so-far future. Do you see a future where every website out there is protected by a service like yours? Is it even plausible? Will it make your service stronger or weaker if most websites use it?
That’s actually a very good question. Obviously today a website owner can’t really keep up with all the different types of attacks that emerge every day, and we do already see millions of websites using services like Incapsula. This trend will only grow over the next few years.
From our point of view, the more websites we protect the smarter we get and the better our website protection becomes. Our system constantly detects bots and threats that arise against any website on our network. This means that Incapsula continually learns and that every site, regardless of size, makes the system smarter.
What words of advice do you have for Joomla users when it comes to security?
Accept the fact that the days when installing patches every time a new vulnerability arises are over. Website owners simply do not have the capacity today to monitor new threats and make sure their websites are protected from them. Use security services as Incapsula which do the work for you. As one of our customers put it: “Incapsula is like hiring a System Administrator that never sleeps.”
Thank you Marc!
Here are some security resources:
Joomla Security Check List: http://docs.joomla.org/Security_Checklist
Security Checklist/Getting Started: http://docs.joomla.org/Security_Checklist/Getting_Started