Amazon Web Services has announced some important updates for its AWS Firewall Manager service. The company says that the popular security management tool has added support for AWS Shield Advanced automatic application layer DDoS mitigation.
For those unfamiliar, AWS Network Firewall is a security management service that allows users to configure and manage their firewall rules across accounts and applications. It helps to ensure the consistent enforcement of all firewall rules within the organization. AWS Network Firewall also provides an option to customize and import the rules engine from various AWS Partner Network (APN) providers, including Trend Micro, CrowdStrike, and Fortinet.
Amazon launched the AWS Shield service back in 2016 to help organizations protect their web applications from DDoS attacks. The security service comes in Standard and Advanced tiers. AWS Shield Standard offers free protection against the most common DDoS attacks to all AWS customers. Additionally, they can subscribe to AWS Shield Advanced to protect their apps against large and sophisticated attacks.
This new set of capabilities enables Shield Advanced customers to configure the AWS Firewall Manager to detect and mitigate application-layer DDoS attacks automatically. This feature counts and blocks all web requests involved in the attack.
“Shield Advanced compares current traffic patterns against historic traffic baselines to detect deviations that might indicate a DDoS attack. When you enable automatic application layer DDoS mitigation for a resource, Shield Advanced responds to detected DDoS attacks by creating, evaluating, and deploying custom AWS WAF rules to respond to the attack,” the company explained.
To get started, Amazon Web Services customers will need to manually turn on the automatic L7 DDoS mitigation on a Firewall Manager Shield Advanced policy. Amazon has also detailed a couple of limitations, and you can read the AWS documentation for more details.