AWS Shield To Safeguard Web Apps From DDoS Nastiness

Amazon revealed another development at its AWS re:Invent event in Seattle with the launch of a new managed security service.

Called AWS Shield, the new service is designed to protect web applications from DDoS (Distributed Denial of Service) attacks.

Amazon said the service has been launched as the online world can be an unfriendly place and DDoS attacks are one very common trouble spot. Indeed, in September simultaneous DDoS attacks that reached 1Tbps were recorded against security blogger Brian Krebs and internet service provider OVH. Those attacks were some of the largest-ever DDoS attacks ever reported.

DDoS Protection

Into this environment comes AWS Shield, which is a managed DDoS protection service designed to safeguard web applications running on AWS. It features ‘always-on detection’ and ‘automatic inline mitigations’ so as to minimize application downtime and latency.

AWS Shield comes in two tiers, namely ‘standard’ and ‘advanced’. The standard tier is available to all AWS customers at no additional charge, and it defends against 96 percent of the most common, network and transport layer DDoS attacks that target web sites or applications.

But if an organisation wants to obtain higher levels of protection against attacks targeting web applications running on Elastic Load Balancing (ELB), Amazon CloudFront, and Amazon Route 53 resources, they can subscribe to AWS Shield Advanced.

This advanced tier provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall.

The advanced option also gives the AWS customer 24×7 access to Amazon’s DDoS Response Team for custom mitigation during attacks. Additional benefits include advanced real time metrics and reports, and DDoS cost protection to guard against bill spikes in the aftermath of a DDoS attack.

Attack Threats

DDoS attacks are unfortunately a growing threat to websites and web apps. Denial-of-service attacks more typically involve traffic flooded from large numbers of source systems, often controlled by malicious botnets.

Last month Danish telecommunications company TDC warned that the ‘BlackNurse”‘attack could allow a successful DoS attack against firewall products from Cisco and Zyxel to be launched from a single laptop.

And Arbor Networks recently revealed that public facing websites affiliated with the 2016 Rio Olympics were targeted by sustained, sophisticated DDoS attacks reaching up to 540Gbps.

In August this year a report from Imperva revealed that the UK is the second most targeted nation for DDoS attacks, which have risen 211 percent year over year.

Quiz: Do you know all about security in 2016?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

2 days ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

2 days ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

3 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

3 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

3 days ago