Wednesday, December 21, 2016

GoDaddy Partners with Incapsula through SiteLock

Came across an article titled:

GoDaddy Expands Security Product Lineup With SiteLock TrueShield & TrueSpeed


I was curious what this meant, so did some research... 

So this TrueShield feature seems to be a way to stop hacks via something known as a WAF. Which sounds interesting enough, don't know enough of how it works. Seems to be similar to what CloudFlare offers. The TrueSpeed feature seems to be a caching system, which would in turn speed your website up. Sounds interesting. 

What I found interesting was that it doesn't seem that SiteLock owns this technology. 

The team at WhiteFirDesign did some research too and found:
What they neglected to mention is that these services are not actually provided by SiteLock, but as we recently discovered, by another company, Incapsula. 
I was curious about Incapsula, so looked them up. They seem to offer a partnership program that could potentially offer a white label option, which is what SiteLock would need to pull this off. What's interesting is that they don't call out white label options on their page. They did introduce a partnership program in 2012 though.

Someone from their team also responded to a quora post in 2015:

We are looking for a simple white-label DDoS protection provider. does anyone know of one? with:


Hi,
I work for Imperva Incapsula, the market leader in Cloud DDoS Mitigation.
We have great partnerships with many vendors, Hosting Providers, MSSPs, VARs and other digital agencies. Feel free to contact us here:
https://www.incapsula.com/partners/
This tells me that they are offering it, but not disclosing it. I find that odd..

Perhaps the most interesting bit came from another WhiteFir article where he compared the error pages and noticed that the only difference was the branding. But more damaging was that a number of their sites seemed to be running through Incapsula's network:

Doing a traceroute for www.sitelock.com showed their IP address to be 199.83.134.143, for the which the canonical name is 199.83.134.143.ip.incapdns.net. Incapdns.net as in Incapsula, which you wouldn’t expect since you expect that SiteLock would be using their own TrueSpeed content delivery network (CDN) to serve their website. Next up we did a traceroute on their WordPress focused sub-domain wpdistrict.sitelock.com, which showed a canonical name of iasx4.sitelockcdn.net and an IP address of 192.230.66.155, which in turn has a canonical name of 192.230.66.155.ip.incapdns.net. We then looked at several of their customers websites listed in case studies on wpdistrict.sitelock.com and found they were running through Incapsula as well.
This is all very weird to me.  Why would GoDaddy not mention that they really partnered with Incapsula?

The technology seems to interesting enough, but why partner with a middle man? Seems that partnering with a middle man would only complicate things. I think back to my time with HostGator, it was hard enough working with HostGator and SiteLock. Now, someone like me would have to work with GoDaddy, SiteLock and Incapsula?

Does that sound right?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)