AWS Shield vs aiProtect
Posted by Max Robbins on May 31st, 2017Amazon Web Services has recently introduced two Denial of Service products. Please find below a comparison of the services with aiProtect.
Please note that the free service provides virtually nothing. It will not protect you from, or notify you of a Denial of Service attack. In fact it gives the illusion of having protection in place while providing no protection.
The AWS Advanced service is a nice service. It is unfortunately very expensive and not nearly as feature rich as you will require if under a real attack.
aiProtect provides a superior service to either and is priced at about 10% of the premium service. Please review the future comparison below and feel free to reach out to us for questions. We provide two hours of free installation support.
| Feature | AWS Shield Standard | AWS Shield Advanced | aiProtect |
| Cost | |||
| Monthly | ✖ | $3000 (Business+ support plan is additionally required) | $60-300 USD |
| Hourly | ✖ | ✖ | 2-3x of instance cost |
| Subscription commitment | None | 1 Year | None |
| Support | 3-10% of monthly AWS bill | 3-10% of monthly AWS bill | $175/hr |
| SLA | ✖ | ✔ | Instance SLA |
| Active Traffic Monitoring | |||
| Network flow monitoring | ✔ | ✔ | ✔ |
| Automatic always-on detection | ✔ | ✔ | ✔ |
| Application traffic monitoring | ✖ | ✔ | ✔ |
| Attack Mitigations | |||
| Protection from common DDoS attacks (e.g. SYN floods, ACK floods, UDP floods, Reflection attacks) | ✔ | ✔ | ✔ |
| Automatic inline mitigation | ✔ | ✔ | ✔ |
| Additional DDoS mitigation capacity for large attacks | ✖ | ✔ | ✔ 1 |
| Self-service application layer (Layer 7) mitigations | ✔ 2 | ✔ 2 | ✔ |
| DRT-driven application layer (Layer 7) mitigations | ✖ | ✔3 | ✔ 4 |
| Rate limiting | ✖ | ✖ | ✔ |
| Fallback on error | ✖ | ✖ | ✔ |
| Visibility and Reporting | |||
| Layer 7 attack notification | ✖ | ✔ | ✔ |
| Layer 3/Layer 4/ Layer 7 attack historical report | ✖ | ✔ | ✔ |
| Raw access logs | ✖ | ✖ | ✔ |
| DDoS Response Team and Support | |||
| DDoS protection best practices/architecture review | ✔5 | ✔ | ✔ 4 |
| Custom mitigations during attacks | ✖ | ✔ | ✔4 |
| Post attack analysis | ✖ | ✔ | ✔4 |
| Web Application Firewall (WAF) | |||
| Self-service | ✔ | ✔ | ✔ |
| API access/integration | ✔ | ✔ | ✔ 6 |
| Flexible rules engine | ✔ | ✔ | ✔ |
| Fast rule propagation | ✔ | ✔ | ✔ |
| Pricing | Yes, see pricing | Included at no additional charge with AWS Shield Advanced | Included at no additional charge |
- aiProtect combines multiple products: application load balancing, caching and protection
- aiProtect is considerably cheaper
- aiProtect provides more configuration flexibility
- aiProtect can reduce AWS bandwidth costs when used on-premise (internet -> aiScaler with traffic filtering and caching -> AWS)
- aiScaler helps avoid vendor lock-in with portability to all platforms.
1 With autoscaling; 2 Using AWS WAF; 3 With DDoS Response Team; 4 With hourly support; 5 Self-service; 6 CLI