AWS Shield vs aiProtectPosted by Max Robbins on May 31st, 2017
Amazon Web Services has recently introduced two Denial of Service products. Please find below a comparison of the services with aiProtect.
Please note that the free service provides virtually nothing. It will not protect you from, or notify you of a Denial of Service attack. In fact it gives the illusion of having protection in place while providing no protection.
The AWS Advanced service is a nice service. It is unfortunately very expensive and not nearly as feature rich as you will require if under a real attack.
aiProtect provides a superior service to either and is priced at about 10% of the premium service. Please review the future comparison below and feel free to reach out to us for questions. We provide two hours of free installation support.
|Feature||AWS Shield Standard||AWS Shield Advanced||aiProtect|
|Monthly||✖||$3000 (Business+ support plan is additionally required)||$60-300 USD|
|Hourly||✖||✖||2-3x of instance cost|
|Subscription commitment||None||1 Year||None|
|Support||3-10% of monthly AWS bill||3-10% of monthly AWS bill||$175/hr|
|Active Traffic Monitoring|
|Network flow monitoring||✔||✔||✔|
|Automatic always-on detection||✔||✔||✔|
|Application traffic monitoring||✖||✔||✔|
|Protection from common DDoS attacks (e.g. SYN floods, ACK floods, UDP floods, Reflection attacks)||✔||✔||✔|
|Automatic inline mitigation||✔||✔||✔|
|Additional DDoS mitigation capacity for large attacks||✖||✔||✔ 1|
|Self-service application layer (Layer 7) mitigations||✔ 2||✔ 2||✔|
|DRT-driven application layer (Layer 7) mitigations||✖||✔3||✔ 4|
|Fallback on error||✖||✖||✔|
|Visibility and Reporting|
|Layer 7 attack notification||✖||✔||✔|
|Layer 3/Layer 4/ Layer 7 attack historical report||✖||✔||✔|
|Raw access logs||✖||✖||✔|
|DDoS Response Team and Support|
|DDoS protection best practices/architecture review||✔5||✔||✔ 4|
|Custom mitigations during attacks||✖||✔||✔4|
|Post attack analysis||✖||✔||✔4|
|Web Application Firewall (WAF)|
|API access/integration||✔||✔||✔ 6|
|Flexible rules engine||✔||✔||✔|
|Fast rule propagation||✔||✔||✔|
|Pricing||Yes, see pricing||Included at no additional charge with AWS Shield Advanced||Included at no additional charge|
- aiProtect combines multiple products: application load balancing, caching and protection
- aiProtect is considerably cheaper
- aiProtect provides more configuration flexibility
- aiProtect can reduce AWS bandwidth costs when used on-premise (internet -> aiScaler with traffic filtering and caching -> AWS)
- aiScaler helps avoid vendor lock-in with portability to all platforms.
1 With autoscaling; 2 Using AWS WAF; 3 With DDoS Response Team; 4 With hourly support; 5 Self-service; 6 CLI