AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry.
Speaker: Brian Wagner, Security Consultant, Professional Services, AWS
9. Types of DDoS attacks
Volumetric DDoS attacks
Congest networks by flooding them with
more traffic than they are able to handle
(e.g., UDP reflection attacks)
10. Types of DDoS attacks
State-exhaustion DDoS attacks
Abuse protocols to stress systems like
firewalls, IPS, or load balancers (e.g., TCP
SYN flood)
11. Types of DDoS attacks
Application-layer DDoS attacks
Use well-formed but malicious requests to
circumvent mitigation and consume
application resources (e.g., HTTP GET, DNS
query floods)
12. DDoS attack trends
Volumetric State exhaustion Application layer
65%
Volumetric
17%
State exhaustion
18%
Application layer
14. Attack Duration: varies by service provider
Source: Arbor Networks, Inc. 2015 WISR
Report
Source: Imperva DDoS Threat Landscape Report
2015-2016
15. Challenges in mitigating DDoS attacks
Difficult to enable
Complex set-up Provision bandwidth
capacity
Application re-architecture
16. Challenges in mitigating DDoS attacks
Manual involvement
Operator involvement to
initiate mitigation
Re-route traffic via distant
scrubbing location
Increased time to
mitigate
Traditional
Datacenter
17. Challenges in mitigating DDoS attacks
Traffic re-routing = Increased latency for users
Traditional
Datacenter
20. At AWS, our goal has always been to …
Remove undifferentiated
heavy lifting
Automatically protected
against common attacks
Ensure availability
AWS services are highly
available
21. DDoS protections built into AWS
Integrated into the AWS global infrastructure
Always-on, fast mitigation without external routing
Redundant Internet connectivity in AWS data
centers
22. AWS Shield
Standard Protection Advanced Protection
Available to ALL AWS customers at
No Additional Cost
Paid service that provides additional
protections, features and benefits.
23. AWS Shield
AWS Integration
DDoS protection
without infrastructure
changes
Affordable
Don’t force unnecessary
trade-offs between cost and
availability
Flexible
Customize protections
for your applications
Always-On Detection
and Mitigation
Minimize impact on application
latency
Four key pillars…
24. AWS Shield Standard
Layer 3/4 protection
ü Automatic detection & mitigation
ü Protection from most common
attacks (SYN/UDP Floods, Reflection
Attacks, etc.)
ü Built into AWS services
Layer 7 protection
ü AWS WAF for Layer 7 DDoS attack
mitigation
ü Self-service & pay-as-you-go
25. DDoS protections built into AWS
ü Protection against most common
infrastructure attacks
ü SYN/ACK Floods, UDP Floods,
Refection attacks etc.
ü No additional cost
DDoS mitigation
systems
DDoS Attack
Users
26. AWS Shield Advanced
Application Load Balancer
(Select Regions only)
Classic Load Balancer
(Select Regions only)
Amazon CloudFront
(All Regions)
Amazon Route 53
(All Regions)
Available today on …
27. AWS Shield Advanced
Always-on monitoring &
detection
Advanced L3/4 & L7 DDoS
protection
Attack notification and
reporting
24x7 access to DDoS
Response Team
AWS bill protection
28. For protection against most
common DDoS attacks, and
access to tools and best
practices to build a DDoS
resilient architecture on AWS.
AWS DDoS Shield: How to choose
For additional protection against
larger and more sophisticated
attacks, visibility into attacks,
AWS cost protection, Layer 7
mitigations, and 24X7 access to
DDoS experts for complex cases.
Standard Protection Advanced Protection
29. • No commitment
• No additional cost
AWS DDoS Shield: Pricing
• 1 year subscription commitment
• Monthly base fee: $3,000
• Data transfer fees
Data Transfer Price ($ per GB)
CloudFront ELB
First 100 TB $0.025 0.050
Next 400 TB $0.020 0.040
Next 500 TB $0.015 0.030
Next 4 PB $0.010 Contact Us
Above 5 PB Contact Us Contact Us
Standard Protection Advanced Protection
30. You get it automatically
AWS Shield: Getting started
Enable via the AWS Console
Standard Protection Advanced Protection