AWS has launched a managed security service that can protect cloud applications against Distributed Denial of Service (DDoS) attacks.

The standard functionality of AWS Shield is free to all AWS customers, while an ‘Advanced’ version, designed to protect against especially large and sophisticated attacks, is available on subscription.

The service was introduced at the re:Invent conference in Las Vegas.

The announcement follows a massive DDoS attack that used Mirai malware and thousands of IoT devices like security cameras and routers to successfully shut down major online businesses like AWS, Twitter and Spotify.

Amazon’s DDoS Response Team
Amazon’s DDoS Response Team – Thinkstock / moodboard

Safe from harm

According to Jeff Barr, chief evangelist at AWS, the basic version can protect customers against 96 percent of the most common attacks today, including SYN/ACK floods, reflection attacks, and HTTP slow reads.

AWS Shield Advanced provides additional mitigation capability for application-layer attacks that overload networks with malicious requests, and volumetric attacks that disrupt networks by flooding them with massive amounts of traffic.

The service works in conjunction with Elastic Load Balancing, Amazon CloudFront, and Amazon Route 53.

AWS Shield Advanced offers round-the-clock access to Amazon’s DDoS Response Team that can apply custom mitigations on customers’ behalf. It also includes DDoS Cost Protection, to protect against usage fee surges during mitigation of an attack.

All AWS Shield Advance customers get access to AWS Web App Firewall at no additional cost.

The service is available to customers who are enrolled in either the Enterprise or Business Support levels of AWS Premium Support. It requires a one-year subscription commitment and charges a monthly fee.

Google has been running its own free DDoS protection service called Project Shield – however it is only available to news organizations, journalist, human rights activists, and elections monitoring sites.