The average number of Distributed Denial of Service (DDoS) attacks doubled from January 2017 to January 2018. Not only are DDoS attacks growing in frequency, but they are also becoming more complex due to lack of security for IoT connected devices and recent Memcached software exploits. Are you secure in your DDoS resiliency in AWS?
With Gartner predicting that there will be 20.4 billion connected devices by 2020, it’s clear that the problem isn’t going away anytime soon. In fact, it may only get worse. DDoS attacks aren’t slowing down, and while you can build defenses up on your own steam, in-line security tools and environments build DDoS resiliency in AWS to help protect your organization against these threats.
There are many features available in AWS to mitigate or scale for DDoS attacks.
AWS DNS Service – Route 53
Amazon Route 53 provides domain name resolution at the edge. This scalable domain name system (DNS) service delivers intelligent routing in the event of endpoints going offline.
Advanced features include geographic routing strategies, which allow you to route users to the closest geographical endpoint, as well as latency-based routing, which checks latency for the requester and routes them to the shortest access path for the requested service. These features improve web application performance while helping you avoid site outages.
Amazon CDN – CloudFront
Amazon CloudFront is a content delivery network (CDN) service that provides web application delivery at the edge. This tool delivers an enterprise’s entire website, including content that is static, dynamic, streaming, or interactive. AWS has a global presence with this service, offering easy set-up and ease of use.
To prevent common DDoS attacks, Amazon CloudFront only accepts well-formed connections and isolates DDoS attacks close to the source to prevent traffic in other locations from becoming affected. This tool improves your ability to continue to serve end-user traffic during larger DDoS attacks.
AWS Auto Scaling
AWS Auto Scaling is an add-on feature that provides automated horizontal scaling to meet workloads. This tool monitors your applications, adjusting capacity automatically in an effort to maintain steady performance in a cost-effective way.
With AWS Auto Scaling, you can quickly set up application scaling for multiple resources, across multiple services including Amazon EC2 instances, Amazon ECS tasks, and Amazon DynamoDB tables and indexes. After configuring instances, creating the appropriate monitors, and setting thresholds, you can create auto-scaling rules that will handle additional traffic appropriately.
AWS Shield – DDoS Specific Protection
While the first three services above can help to scale for a DDoS attack, AWS Shield is a dedicated DDoS resiliency in AWS. This service safeguards AWS applications by providing ongoing detection and automatic inline mitigations to help your enterprise minimize application latency and downtime.
While all AWS customers can benefit from automatic protections with AWS Shield Standard, which defends against common and frequently occurring DDoS attacks, organizations can also access AWS Shield Advanced at an additional cost. AWS Shield Advanced provides higher levels of protection against larger and more sophisticated DDoS attacks, including close to real-time attack visibility.
And the List Goes On…
The tools mentioned above are just some of the native tools available to AWS cloud users.
Remember that there are numerous other cloud-ready third-party tools available on the market. You just need to determine the most effective mix of services, settings, and security protocols to defend your unique environments against the inevitability of DDoS attacks.