AWS Shield is a service that protects against Distributed Denial of Service attacks. There are two tiers for this service Standard and Advanced. AWS Shield Standard defends against most common, frequently occurring network and transport (Layer 3 and 4 attacks) layer DDoS attacks that target your web site or applications. AWS Shield Advanced adds on to standard by providing additional detection and mitigation against large and sophisticated DDoS attacks. There is near real-time visibility into attacks. AWS Shield Advanced also comes with 24x7 access to the AWS DDoS Response Team (DRT).
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| aws_shield | AWS Shield | respond | significant | T1498 | Network Denial of Service | |
| aws_shield | AWS Shield | respond | significant | T1498.001 | Direct Network Flood |
Comments
AWS Shield will set and use a static network flow threshold to detect incoming traffic to AWS services. This will reduce direct network DOS attacks by applying an undisclosed combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real-time. AWS Shield Advance identifies anomalies in network traffic to flag attempted attacks and execute inline mitigations to resolve the issue.
References
|
| aws_shield | AWS Shield | respond | significant | T1498.002 | Reflection Amplification |
Comments
AWS Shield will set and use a static network flow threshold to detect incoming traffic to AWS services. This will reduce direct network DOS attacks by applying an undisclosed combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real-time. AWS Shield Advance identifies anomalies in network traffic to flag attempted attacks and execute inline mitigations to resolve the issue.
References
|
| aws_shield | AWS Shield | respond | significant | T1499 | Endpoint Denial of Service | |
| aws_shield | AWS Shield | respond | significant | T1499.001 | OS Exhaustion Flood |
Comments
AWS Shield Standard provides protection and response to these Denial of Service attacks in real time by using a network traffic baseline and identifying anomalies among other techniques.
References
|
| aws_shield | AWS Shield | respond | significant | T1499.002 | Service Exhaustion Flood |
Comments
AWS Shield Standard provides protection and response to these Denial of Service attacks in real time by using a network traffic baseline and identifying anomalies among other techniques.
References
|
| aws_shield | AWS Shield | respond | significant | T1499.003 | Application Exhaustion Flood |
Comments
AWS Shield Advance allows for customized detection and mitigations for custom applications that are running on EC2 instances.
References
|