A new report came out in February, put together by Zero Science Lab, in which they compare the effectiveness between CloudFlare and Incapsula. In it they did the same thing Philip Tibom of Sweden did last year in his comparative report in which he concluded that Incapsula was the superior product. In this new report they included the use of TrustWave’s ModSecurity solution. The thing that website owners have to understand however is that comparing the three is a bit misleading.
Incapsula and Cloudflare are the two leading WAF solutions set up as a software as a service (SaaaS) designed to help every day website owners. CloudFlare probably trumps Incapsula actually in their marketing prowess. ModSecurity, although powerful, is the opposite. It’s something you’d have to configure and maintain on your web servers. It functions the same in that it filters the incoming traffic, but don’t be fooled, it has to be installed and configured and if you don’t know what you’re doing you will likely not render the results they present. That should not take away from its use, in fact I know Cloudflare uses it as part of their solution, not 100% on Incapsula. For the every day website owner, especially those on shared environments, unless you configure your own reverse proxy, ModSecurity will be of little value to you.
Given that ModSecurity is free, we signed up for both CloudFlare and Incapsula paid Business plan. They have noticeably different prices for their paid plans. CloudFlare Business Plan is $200/month (the WAF is also available in the
Pro Plan, for $20/month). Incapsula Business Plan is $59/month. – Zero Science Lab