If you are interested in improving your site’s speed and increasing your security, using a CDN (Content Delivery Network) is a great way to do it.
In this article, we’ll compare two popular CDNs: Stackpath and Imperva Incapsula.
What Is A Content Delivery Network
A CDN is a group of servers that work together to provide fast delivery of web assets.
Many people don’t think about CDNs when they browse the internet, but CDNs play a large role in delivering online content.
Often, there will be a slight delay between when you send a request to access web content (such as when you click on a link) and when that content appears on your screen.
Some factors playing into the delay time can include how heavy the coding of the site is, but a lot has to do with the physical distance between you and the server you are communicating with.
If you are in New York and the server is in China or Australia, there will be a longer delay than if both you and the server were in New York.
Content Delivery Networks aim to solve this problem. This is done by storing a copied cache of each web page on different servers around the world.
When a user requests access to content, the content they will be shown will be the cached version delivered from the server closest to them, rather than the site’s actual server, which could be further away.
Why Use A CDN
The most obvious reason for using a CDN would be to improve your site’s speed. Increased speed has several benefits, including a better user experience, a decreased bounce rate, and a potential SEO boost.
However, using a CDN can provide other benefits as well. It can reduce downtime and bandwidth costs by distributing the content load distribution among multiple servers.
Another main benefit of a CDN is the security it can provide you. It can protect your site from bots and spam attacks, including DDOS attacks.
Stackpath offers several cloud computing services for small businesses. Here is a list of their top features.
Stackpath’s CDN can accelerate your site’s loading speed by over 68 percent. It uses advanced intelligence to store your most requested content on different servers.
You can set up rules for how long your content will be stored and even where it will be stored.
You can also instantly purge content from the CDN and it will immediately be deleted from all servers.
You can also create content rules, called EgdeRules. For example, you can set up 301 redirects for web pages that are out of use or you can add or delete headers and other page elements before requests go back to the origin or the connecting client.
There will be a free SSL certification to protect your site. In addition, you will have access to real-time analytics and advanced reporting.
Downloading can be made easier and quicker for your visitors by segmenting your downloads into smaller parts. GZIP compression can be used to reduce the size of HTML and text.
The CDN has servers in North America, South America, Europe, Asia, and Australia, allowing people from all over the world to access your site content quickly.
Stackpath Website Firewall
The StackPath Web Application Firewall helps keep your websites and apps safe. You can direct traffic through the firewall for any website, application, or API.
You can edit the firewall’s default policies and activate or deactivate them according to your needs.
You can also create custom rules and blacklists, which can be customized based on location or applied worldwide.
Traffic that is routed through the firewall is constantly analyzed. Data is collected, which is then used to profile behavior, detect inconsistencies, and more.
There are several advanced security features that the firewall has in place. For example, device fingerprinting and other techniques are used to detect and block bot traffic.
Incoming traffic is monitored to detect DDOS spam attacks. When an excess of traffic is detected, an attack will be suspected and all traffic requests will be subject to verification that they are made by a human.
You can customize this threshold, and you can also whitelist traffic sources that you know are secure to avoid false alarms.
Detailed statistics will be available both about your traffic and security events, such as top threat actions.
Global Managed DNS
Stackpath’s Domain Name System is powered by a global Anycast network. Smart routing is used for high performance.
There is an infinite number of routing options, reducing network failures. It is automatically scalable, meaning that it will automatically respond to spikes in human behavior without your intervention.
Stackpath claims that they provide a 100 percent uptime due to intelligent traffic management and load balancing to avoid downtimes and bottlenecks.
Stackpath already protects against DDOS attacks, but plans are in the making for protection against DNS cache poisoning and forged DNS data attacks.
The DNS is easy to set up and manage.
Stackpath Global Service Monitoring
This is a global monitoring network that allows you full control over where your monitoring checks are executed.
You can choose from both Stackpath’s PoPs around the world or third-party data centers from within major cloud providers.
Locations can be filtered based on country, city, and network carrier. Once you have chosen your location, you can set your monitoring parameters.
For example, you can look for error messages or expected strings.
You can also choose how often you want checks to be executed. This can be anywhere from once a day or once every thirty seconds.
You can get an automated alert after each check via email, text message, Slack, custom webhook, and more.
You will get detailed reports, which you can segment based on time period and geographic location. Your dashboard will provide a quick view of the issues that you may be facing.
Each connection will be broken down and can be analyzed. You can get data about DNS lookup, time to first byte, and content download.
Stackpath Virtual Machines
Stackpath claims to provide up to 2.6x faster service than cloud-based providers such as Amazon Web Services and Google Cloud.
This is because unlike those services, which use a centralized cloud, Stackpath uses virtual machines on an edge platform all around the world.
With one click, you can choose where and on which server you want your workload to be running. There are over 45 edge locations in the network.
Pricing depends on the number of virtual machines running in each location. There is a minimum of five minutes per virtual machine; after that, usage is calculated per second.
Go to this page for detailed information about pricing.
Stackpath Serverless Scripting
Stackpath’s serverless scripting features allows you to create a dynamic scripting layer to create a customized experience for all users.
You can customize the content you deliver to improve download and streaming speeds.
Serverless Scripting costs $10/month. This allows for up to 15 million requests per month; each additional request will cost $0.60.
Stackpath has a number of pricing options. You can pay for individual services and/or tools, or you can purchase bundles.
If you pay for individual services, prices are as follows:
- Content Delivery Network: The CDN costs $10/month for unlimited sites and requests and 1TB of bandwidth per month. There is also a one-month free trial.
- Web Application Firewall: This also costs $10/month for unlimited sites, five custom rules, and 10 million requests per month. You can get a free trial as well.
- Domain Name System: $10/month for unlimited DNS zones and records and two million DNS queries a month. A free trial is available.
- Global Monitoring Service: $10/month for five monitored services, 34 location checks, a five minute check-interval limit, and 30-day data retention. A free trial is available.
- Virtual Machines: Pricing starts at $0.049 per hour.
- Containers: Pricing starts at $0.046 per hour.
- Serverless Scripting: Pricing is mentioned above.
For bundles, prices are as follows:
- Edge Delivery 20: $20/month for the CDN with 1TB of bandwidth, the WAF with five million requests and five rules, the DNS with two million DNS request per month, and one monitoring service. A free trial is available.
- Edge Delivery 200: $200/month for the CDN with 10TB bandwidth, the WAF with 10 million requests per month and 10 rules, the DNS with five million DNS requests per month, and five monitoring services.
- Edge Delivery 2000: $2000/month for the CDN with 100TB of bandwidth, the WAF with 50 million requests and 20 rules, the DNS with 10 million requests, and 10 monitoring services.
With each plan, you can go over the allotted limit, but you will be charged an overcharge fee.
Stackpath has a Help Center, an API Documentation Center, and a Getting Started Guide to help you get started and find solutions to common problems.
You can also contact the support team via live chat 24/7.
Incapsula (Now Imperva)
Incapsula, now at Imperva.com, is a company that offers a range of solutions focusing on cybersecurity and protecting your websites. They also have a CDN.
Incapsula Content Delivery Network
Imperva has a CDN that makes your websites faster and safer.
By making a small change to your DNS settings, you can redirect traffic to your site from different data centers through the CDN and speed up site content delivery through caching and content optimization.
You will get a live view of your traffic flow on your dashboard. Imperva claims that, on average, their CDN boosts speeds by up to 50 percent and decreases bandwidth consumption by up to 60 percent.
Load balancing is accomplished by routing traffic across data centers and even across different cloud service providers around the world.
You can set up your own application delivery rules, such as redirects and rewrites. For example, you can redirect bots to alternative sites.
Incapsula Web Application Firewall
The Imperva WAF protects against critical risks, such as cross-site scripting, SQL injection, illegal resource access, and more, including OWASP Top 10 and Automated Top 20 threats.
The Web Application Firewall uses application profiling (which involves learning all aspects of web applications, including their directories and acceptable user inputs) to detect attacks and attack validation (which aggregates individual violations and analyzes them) to reduce false positives.
The WAF integrates with most of the top Security Information and Event Management systems.
Incapsula DDOS Protection
Imperva offers DDOS protection for attacks targeting websites, web applications, network infrastructure, domain name servers, and IPs.
Imperva supports both Unicast and Anycast technologies (Stackpath uses only Anycast). This will help protect you against attacks targeting vulnerabilities and hit-and-run attacks.
Imperva guarantees to detect and block any website attack, of any size and duration, in three seconds or less – a strong claim!
The Runtime Application Self-Protection feature detects and blocks attacks from inside the application.
Without using signatures, RASP can detect malicious payloads before application processes are completed.
It monitors all traffic in your applications to detect vulnerabilities and analyze attacks.
Incapsula API Security
Upload your OpenAPI specification file so that Imperva can build a model that helps regulate the traffic that can access your API. You can create custom rules that are specific to your API or you can use preset rules.
Incapsula Bot Management
Being able to accurately detect bot traffic is important for both blocking fake traffic and not blocking real traffic due to false alarms.
Imperva analyzes bot traffic and applies biometric data validation methods, such as mouse movements and mobile swipes, to detect botnets and even advanced persistent bots, which might change their behavior in an attempt to avoid detection.
Incapsula Account Takeover Protection
This feature uses a multi-layered detection process to identify malicious logins. This detection uses reputational analysis, behavior machine learning, and more to detect fake logins.
It also uses machine learning to analyze attack methods in their global network and incorporates what they learn into their detection methods.
Incapsula Attack Analytics
By distilling thousands of security events into understandable security narratives that are grouped based on associated security levels and risks, security event investigations can be simplified.
This can help your IT team respond quickly to threats in real time.
There is an easy to read dashboard that gives you a unified view of all events.
Attack Analytics resides in the cloud and is capable of handling as many events as necessary (it is infinitely scalable).
Data Activity Monitoring is an Imperva feature that monitors behavior to protect your data.
Profiling is used to analyze database accounts and the data objects that they access regularly and create a whitelist.
You can also create your own whitelist and/or a blacklist to exclude an account from accessing a data object.
This way, you can detect and stop unauthorized data access in real time. The DAM solution also looks for other suspicious activity, such as unauthorized SQL activity, to detect malicious attacks.
Incapsula Data Risk Analytics
Incapsula analyzes the risk level of events to spotlight critical threats. Events can be filtered by their severity before taking a close look at what went on.
All events and data are presented in an easy-to-understand way.
By establishing a baseline of typical behavior and user access, unusual activity and behaviors are detected in real time before a breach can occur.
Imperva looks for forgotten databases and other hidden risks to discover, assess, and fix vulnerabilities. It also automatically identifies sensitive data and classifies it as such.
There are over 1,500 predefined vulnerability tests to detect database vulnerabilities, such as default passwords that have remained in place.
Incapsula Data Masking
You can mask large volumes and data quickly, optimized for your specific platform and enterprise environment. Masking consistency is achieved by using random and deterministic methods.
You can also create data sensitivity classifications to configure your masking rules.
Incapsula File Security
Share files securely and monitor all user access to your files. Detailed logs will be kept as well.
Suspicious file access requests will be blocked early on. Granular user data capture, such as client IP and user name, is used for audit reporting and establishing baselines of normal activity.
Imperva has three pricing options: Application security plans, data security plans, and application + data security plans.
Application plans are Pro, Plus, and Premier. Data and application + data plans are only available in Plus and Premier.
For a complete breakdown of the different plans and the features included in each one, go to Imperva’s pricing page.
Imperva has a documentation center and also offers training at select locations throughout the year.
Customer service is available via email and phone, but you can also sign up for technical support on different levels, depending on your needs.
Top Stackpath & Incapsula Alternatives
There are a number of other good options if you are looking for a high-quality content delivery network and web application firewall.
Here are some of the top Stackpath alternatives.
Cloudflare is one of the best free CDNs on the market, and it also provides a range of security features.
It claims to double your site’s loading speed and reduce bandwidth consumption by 60 percent.
They currently support over 20 million domains and claim that their DNS network has an average domain name lookup speed of just 11ms.
Cloudflare also protects against a host of threats, including DDOS attacks, data breaches, and malicious bots. Its web application firewall detects suspicious access requests and analyzes traffic to detect bot activity.
Its Argo Smart Routing system routes over 10 trillion global requests every month to provide quicker access to web content and applications.
Cloudflare Stream is designed to speed up video streaming. It causes your videos to start quicker and reduces buffering.
Cloudflare even has a WordPress plugin for speeding up and enhancing the security of your WordPress site. This plugin makes it simple and easy for anyone to use Cloudflare.
As mentioned, Cloudflare has a free plan, which makes it a great option for people with personal websites or small businesses who want to use a CDN and protect their web assets while on a budget.
The free plan includes DDOS protection and a shared SSL certificate.
To get the Web Application Firewall, you will need to upgrade to Pro, which costs $20/month. There is also a Business plan ($200/month) and a custom Enterprise plan option.
KeyCDN is another good Content Delivery Network, but it lacks many of the security features that you would find in Stackpath, Incapsula, and Cloudflare.
However, it has very competitive pricing and aims to keep its costs low by working with many peering partners.
It offers HTTP/2, zone aliases, log forwarding, header control, GZIP compressions, real-time analytics and reporting, and much more.
It also has solid security features, although if security is your top priority, you might want to go with Incapsula.
KeyCDN offers a custom or Let’s Protect TLS, protects against DDOS attacks, blocks bad bots, lets you create and control access rules, and provides a two-factor authentication feature.
It’s also easy to integrate KeyCDN with WordPress, Joomla, Drupal, and many other content management services.
Pricing depends on your region. In North America, it starts at $0.04/GB if you use up to 10TB a month. If your usage increases to more than 10TB, it’s $0.03/GB, and you can get it down to $0.01/GB if you use more than 150TB/month.
Sucuri is a good alternative to Stackpath and Incapsula. It includes a WAF, monitoring, incident response, and a CDN for optimized performance.
It can also help you clean up your hacked site. They even have a free WordPress plugin that you can install to protect your site.
Final Words – Stackpath Vs Incapsula
Both Stackpath and Incapsula are good services. However, they have a slightly different focus.
If you’re mainly interested in a CDN, you can choose Stackpath, but if security is your main priority, Incapsula is probably a better choice.
Worth Reading :