One of the big stories in security over the past year has been the rise of devastating distributed denial of service (DDoS) attacks that have hit sites and organizations like DNS provider Dyn, the BBC and the website of security journalist Brian Krebs.
Amazon Web Services is trying to help protect its customers with a new service aimed at mitigating DDoS impacts. It's called Shield, and the free entry-level tier is enabled by default for all web applications running on AWS, starting on Wednesday.
Werner Vogels, the CTO of Amazon.com, unveiled the service at AWS' re:Invent conference in Las Vegas. Automatically protecting its customers may help encourage businesses to pick Amazon's cloud over others, or convince businesses to migrate their web applications to the cloud. It's also a strike against companies like Cloudflare and Akamai, which offer DDoS mitigation services.
Shield Standard is aimed at protecting web apps from the overwhelming majority of common DDoS attacks at no extra cost. (For the nerds out there, Vogels said that it would block volumetric attacks like NTP reflection attacks, and many state exhaustion attacks.)
Companies that are concerned about more sophisticated attacks can pay for AWS' Shield Advanced service, which gives them a number of advanced capabilities. First off, they get access to an always-available hotline that they can reach out to when they need help with a DDoS attack.
That support will work with customers to develop custom mitigation for attacks that aren't covered by the standard service. For customers of AWS' load balancing and DNS services, the public cloud provider will also cap their costs while the attack is ongoing, so it's easier for them to weather the storm.
Shield is a part of the fleet of announcements coming out of re:Invent. Over the past week, Amazon has revealed a number of capabilities, including new infrastructure offerings, data analysis tools, AI-driven APIs and more.