AWS Shield Aims to Protect Against Denial-of-Service Attacks

Amazon Web Services just unveiled AWS Shield, a service to protect its customers against distributed denial-of-service attacks, which push websites offline by overwhelming them with junk data. Last month, such cyberattacks made numerous popular websites unavailable. Amazon is offering two levels of service, Standard and Advanced, both of which are available now. The Standard option is a default service to AWS customers at no extra charge, and the Advanced service costs $3,000 per month plus data-related charges.

The Wall Street Journal reports the difference between the two tiers: “AWS Shield Standard monitors incoming Web traffic for customers and uses anomaly algorithms and other analysis techniques to detect malicious traffic in real-time,” whereas AWS Shield Advanced is “a version designed to protect against more aggressive and sophisticated attacks.”


“This will really help you protect yourselves even against the largest and most sophisticated attacks that we’ve seen,” said Amazon chief technical officer Werner Vogels, at the company’s re:Invent conference.

Security is of paramount importance to Amazon, said Vogels. That is, at least in part, because it is the biggest issue concerning companies moving from on-site data centers to cloud services such as AWS. The websites blocked in last month’s denial-of-service attack included Netflix, Twitter, PayPal and The Wall Street Journal.

According to TechCrunch, the AWS Shield is “based on the work Amazon has done with its Elastic Load Balancer, Cloud Front CDN and Route 53 DNS service.” AWS says the standard, free service “will protect applications against 96 percent of the most common attacks.”

For users of the paid service, Amazon will “provide Advanced users with cost protection so they won’t have to incur massive costs when they come under attacks.” Advanced customers will also get “24/7 access to a response team for custom mitigations.” By offering AWS Shield, Amazon is now competing “with Cloudflare and the DDoS protection services from major networking vendors.”