News

AWS Launches Shield Service To Stop DDoS Attacks

• By Gladys Rama
• 12/02/2016

A new managed solution from Amazon Web Services (AWS) aims to protect cloud applications against distributed denial of service (DDoS) attacks.

Launched on Thursday at the AWS re:Invent conference in Las Vegas, AWS Shield protects applications and Web sites against volumetric, state-exhaustion and application-layer DDoS attacks.

Amazon.com CTO Werner Vogels announced AWS Shield during Thursday's keynote, which focused on transformation in the IT industry. Vogels pointed to the increasing prevalence of DDoS attacks as one driver of change for developers, who must adapt their development and testing processes to ensure their users' security. AWS designed AWS Shield to help developers in that process, Vogels said.

AWS' top priority "is to protect you at all costs," Vogels said in his presentation. "This is our No. 1 priority and will forever be our No. 1 priority."

AWS Shield comes in two flavors -- Standard and Advanced. The Standard version is a free service for all AWS customers and is turned on by default for Amazon CloudFront, Amazon Route 53 and AWS Elastic Load Balancing.

It protects against common Layer 3 and 4 infrastructure attacks "like UDP floods, and State exhaustion attacks like TCP SYN floods," according to this FAQ. "In addition, customers can also use AWS WAF [Web Application Firewall] to protect against Application layer attacks like HTTP POST or GET floods."

The Advanced version is available only to AWS customers with Business Support or Enterprise Support plans, with pricing starting at $3,000 per month. This higher-end version provides more advanced features, including continuous network-traffic monitoring and 24-hour access to AWS' DDoS Response Team, to protect the network and application layers.

"AWS Shield Advanced manages mitigation of layer 3 and 4 DDoS attacks. This means that your designated Web applications are protected from attacks like UDP Floods, or TCP SYN floods," the FAQ explains. "In addition, for application layer (layer 7) attacks, you can use AWS WAF to apply your own mitigations, or you can engage the 24X7 AWS DDoS Response Team...who can write rules on your behalf to mitigate Layer 7 DDoS attacks."

AWS Shield finds and resolves the vast majority of infrastructure attacks within five minutes, the company said.

More from re:Invent 2016

• What AWS Offered to Mobile Developers at re:Invent 2016
• With X-Ray, AWS Gives Devs In-Depth Debugging
• AWS Intros Visual Workflows for Distributed Apps
• AWS Launches Shield Service To Stop DDoS Attacks
• AWS Simplifies Virtual Private Servers with Lightsail
• AWS Supersizes Its Snowball Data Transfer Appliance
• New Amazon AI Services To Help Devs Build Smarter Apps
• Amazon Athena Enables Serverless SQL Queries of S3 Data
• AWS Adds Compute Options for Wider Variety of Workloads
• Amazon Hones APN To Benefit Partners that Specialize
• IoT, Financial Competencies Come to AWS Partners
• New AWS Tool Finds Expert Partners