Amazon to Offer DDoS Protection of AWS Users
During the AWS re:Invent conference, Amazon announced AWS Shield, a managed service that protects web applications against DDoS (Distributed Denial of Service) attacks. It’s similar to what sites like CloudFlare also offer. The big difference is that Amazon is using its gigantic cloud to power the shield.
“It works in conjunction with Elastic Load Balancing, Amazon CloudFront, and Amazon Route 53 and protects you from DDoS attacks of many types, shapes, and sizes,” Jeff Barr, Chief Evangelist for Amazon Web Services wrote on the company blog.
Amazon is offering two services: AWS Shield Standard and AWS Shield Advanced. AWS Shield Standard is a basic-level, free service that’s available to all AWS customers to protect them from attacks like SYN/ACK floods, reflection attacks, and HTTP slow reads.
AWS Shield Advanced service is $3,000 per month and is available to customers who have Enterprise or Business Support levels of AWS Premium Support. In addition to the monthly fee, Amazon also charges a usage fee based on data transfer out from Amazon CloudFront and Elastic Load Balancing (ELB).
According to Amazon, AWS Shield Advanced provides additional DDoS mitigation capability for volumetric attacks, intelligent attack detection, and mitigation for attacks at the application and network layers. Customers also get 24/7 access to Amazon’s DDoS Response Team (DRT) for custom mitigation during attacks, advanced real-time metrics and reports, and DDoS cost protection to guard against bill spikes in the aftermath of a DDoS attack.
DDoS is the most inexpensive way for cybercriminals to wreak havoc on target sites. It’s not just one site anymore, the infamous Dyn DDoS attack that took down a huge chunk of the Internet poses a much bigger problem. Amazon itself was a victim of the Dyn attack, and the service was inaccessible for large parts of the US. Now Amazon has entered the DDoS defense market with its massive cloud footprint.