Amazon recently took a revolutionary step forward with the introduction of AWS Shield. Launched in December, AWS Shield grants free Distributed Denial of Service (DDoS) protection to all Amazon Web Services (AWS) customers. Typically, DDoS attacks are difficult to prevent because attackers have no interest in infiltrating networks, confiscating data, or even receiving a response. Yet, without the effort of cracking anything, they still have the ability to interrupt applications, servers, or entire systems. In order to aid in the prevention of successful DDoS attacks, upon its release, Amazon automatically integrated AWS Shield into all existing AWS web apps, without any extra effort on part of their users.
Competing with companies such as Cloudflare, F5, and Verisign, AWS Shield vows to protect against over 96 percent of the most well-known DDoS attacks. Some of these include reflection attacks, SYN and ACK floods, UDP floods, and even application layer attacks such as HTTP, GET, and POST floods.
AWS Shield also offers an advanced (paid) version with more customization options on part of the user. This allows for them to develop their own rules in order for a more tailored experience. The advanced version also protects against larger and more complex attacks and comes with instant, customizable rulesets, mitigation assistance, post-mortem analyses, reporting, protection on layers 3, 4, and 7, and the benefit of SLAs and 24×7 support. Furthermore, because of its integration with Amazon CloudFront Content Delivery Network (CDN), AWS Shield can even be used outside of AWS.
For decades, DDoS attacks have been one of the most challenging threats facing security professionals; and for a while, it seemed as if there was no solution in sight. However, with third-party services, and now with an entire hosting platform offering solutions, will we soon see the death of the DDoS attack?
To Learn More: