Site Search

What You Need to Know about DDoS Vulnerabilities


Amazon Web Services is the world’s top cloud platform. That’s probably why you’re on it – to enjoy reliable, scalable and affordable cloud computing.

But while AWS excels at many things, it’s mainly left to the developer to protect against a range of cyber-attacks, including DDoS. In fact, AWS does NOT have customer-specific DDoS detection or prevention. Unless you’re paying for Enterprise Support, AWS may not be able to help you in the event of a DDoS attack.

You’re responsible for fending off threats.

In AWS EC2, clients must protect their content from malicious activity, including DDoS. Firewalls, WAFs, IPS/IDS are not built to stop widely distributed attacks. To stop DDoS in particular, you need purpose-built protection on top of intrusion and fraud prevention systems.

Without the Right Protection, You Could Be Down for Hours

Botnets can range in the thousands of computers, too many to block manually with a firewall. If you’re an AWS client with Developer-level support, their guaranteed response time is <12 hours. If you have Business-level support, it’s <1 hour. You could be down for an hour before AWS even responds to your trouble ticket.

One major problem: your AWS Elastic Load Balancer (ELB) doesn’t scale instantaneously, leaving you vulnerable to fast-ramping DDoS attacks. Likewise, EC2 instances don’t scale on a dime.

As an AWS Technology Partner, Neustar Can Protect You

Neustar offers powerful and flexible options for DDoS protection. Thousands of domains, business and governments worldwide rely on Neustar to protect their online assets.

We’re compatible with AWS EC2 instances and guard your ELBs.

Neustar SiteProtect, our cloud-based DDoS protection solution, is fully compatible with AWS EC2 instances and elastic load balancers (ELBs).

ELBs are great at auto-scaling, if demand rises at a reasonable rate or at known intervals. However, a DDoS attack can overwhelm an ELB before it can scale, resulting in 503 errors and loss of availability. Neustar will rescue your ELB by redirecting traffic to our scrubbing cloud.

Fully Managed and Affordable DDoS Protection

Neustar’s 24x7 Security Operations Center (SOC) manages all mitigations. After creating a unique profile of your network traffic, the SOC guarantees it can restore normal service to your cloud computing instance within minutes. Neustar even supports custom protocols.

We never charge by attack size.

A predictable monthly fee based on normal traffic adds up to affordable protection. Other DDoS providers charge more for larger attacks. As Neustar continues to put down attacks of more than 500 Gbps, with some peak sizes exceeding 700 Gbps, protecting your budget is important, too.

Expertise to block all types of DDoS attacks.

Neustar guards against all Layer 7 DDoS attacks like Object Request floods and “slow and low” attacks and will block malicious hosts. Neustar can also provide AWS Best Practices to help insulate AWS instances from DDoS.

What’s in Your Cloud? It’s well worth protecting.

Think of Neustar SiteProtect as an insurance policy against DDoS. You hope you don’t need it, but it’s there in case you do. It’s also much more effective than old-school approaches.

Remember, firewalls aren’t designed to stop DDoS attacks. And blocking individual IP addresses on a large scale can be a nightmare for systems administrators. What if you block a wireless gateway or proxy server? You may be stopping thousands of legitimate users from accessing your site.

Let the experts at Neustar stop attackers in their tracks, so you can focus on what you do best – taking care of business.

Download Full Document

Related Resources