1. Home
  2. Mapping Frameworks
  3. AWS Home
  4. AWS Shield

AWS aws_shield Mappings

AWS Shield is a service that protects against Distributed Denial of Service attacks. There are two tiers for this service Standard and Advanced. AWS Shield Standard defends against most common, frequently occurring network and transport (Layer 3 and 4 attacks) layer DDoS attacks that target your web site or applications. AWS Shield Advanced adds on to standard by providing additional detection and mitigation against large and sophisticated DDoS attacks. There is near real-time visibility into attacks. AWS Shield Advanced also comes with 24x7 access to the AWS DDoS Response Team (DRT).

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
aws_shield AWS Shield respond significant T1498 Network Denial of Service
Comments
References
  1. https://aws.amazon.com/shield/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc
  2. https://aws.amazon.com/shield/features/
aws_shield AWS Shield respond significant T1498.001 Direct Network Flood
Comments
AWS Shield will set and use a static network flow threshold to detect incoming traffic to AWS services. This will reduce direct network DOS attacks by applying an undisclosed combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real-time. AWS Shield Advance identifies anomalies in network traffic to flag attempted attacks and execute inline mitigations to resolve the issue.
References
    aws_shield AWS Shield respond significant T1498.002 Reflection Amplification
    Comments
    AWS Shield will set and use a static network flow threshold to detect incoming traffic to AWS services. This will reduce direct network DOS attacks by applying an undisclosed combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real-time. AWS Shield Advance identifies anomalies in network traffic to flag attempted attacks and execute inline mitigations to resolve the issue.
    References
      aws_shield AWS Shield respond significant T1499 Endpoint Denial of Service
      Comments
      References
      1. https://aws.amazon.com/shield/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc
      2. https://aws.amazon.com/shield/features/
      aws_shield AWS Shield respond significant T1499.001 OS Exhaustion Flood
      Comments
      AWS Shield Standard provides protection and response to these Denial of Service attacks in real time by using a network traffic baseline and identifying anomalies among other techniques.
      References
        aws_shield AWS Shield respond significant T1499.002 Service Exhaustion Flood
        Comments
        AWS Shield Standard provides protection and response to these Denial of Service attacks in real time by using a network traffic baseline and identifying anomalies among other techniques.
        References
          aws_shield AWS Shield respond significant T1499.003 Application Exhaustion Flood
          Comments
          AWS Shield Advance allows for customized detection and mitigations for custom applications that are running on EC2 instances.
          References