News

AWS Launches Shield Service To Stop DDoS Attacks

A new managed solution from Amazon Web Services (AWS) aims to protect cloud applications against distributed denial of service (DDoS) attacks.

Launched on Thursday at the AWS re:Invent conference in Las Vegas, AWS Shield protects applications and Web sites against volumetric, state-exhaustion and application-layer DDoS attacks.

Amazon.com CTO Werner Vogels announced AWS Shield during Thursday's keynote, which focused on transformation in the IT industry. Vogels pointed to the increasing prevalence of DDoS attacks as one driver of change for developers, who must adapt their development and testing processes to ensure their users' security. AWS designed AWS Shield to help developers in that process, Vogels said.

AWS' top priority "is to protect you at all costs," Vogels said in his presentation. "This is our No. 1 priority and will forever be our No. 1 priority."

AWS Shield comes in two flavors -- Standard and Advanced. The Standard version is a free service for all AWS customers and is turned on by default for Amazon CloudFront, Amazon Route 53 and AWS Elastic Load Balancing.

It protects against common Layer 3 and 4 infrastructure attacks "like UDP floods, and State exhaustion attacks like TCP SYN floods," according to this FAQ. "In addition, customers can also use AWS WAF [Web Application Firewall] to protect against Application layer attacks like HTTP POST or GET floods."

The Advanced version is available only to AWS customers with Business Support or Enterprise Support plans, with pricing starting at $3,000 per month. This higher-end version provides more advanced features, including continuous network-traffic monitoring and 24-hour access to AWS' DDoS Response Team, to protect the network and application layers.

"AWS Shield Advanced manages mitigation of layer 3 and 4 DDoS attacks. This means that your designated Web applications are protected from attacks like UDP Floods, or TCP SYN floods," the FAQ explains. "In addition, for application layer (layer 7) attacks, you can use AWS WAF to apply your own mitigations, or you can engage the 24X7 AWS DDoS Response Team...who can write rules on your behalf to mitigate Layer 7 DDoS attacks."

AWS Shield finds and resolves the vast majority of infrastructure attacks within five minutes, the company said.

More from re:Invent 2016