AWS Shield Reviews

AWS Shield protects us against denial-of-service attacks. As an online casino company, we are a prime target for hackers, and our servers are constantly exposed to potential threats.

We have integrated the tool with Active Directory. The most important feature is that it's transparent and doesn't degrade the performance of our solution. Additionally, it's easy to configure, which is crucial for us. It's easy to use and set up and stops attacks on our servers. We haven't encountered any attack problems because the solution stops them in real-time. AWS Shield specifically focuses on defending against denial-of-service attacks, making it a great solution for that type of threat.

The product needs to improve its logs and reports to make it read better. 

I have been using the product for five years. 

I rate the solution's stability an eight out of ten. 

I rate the tool's scalability an eight out of ten. 

I'm new to the company, but based on colleague feedback, my experience with AWS Shield's technical support has been positive. They help us when we have problems. 

Since our platform is hosted on the Amazon cloud, AWS Shield was our natural choice. It's the same cloud as Amazon, and after researching solutions online, we found that AWS Shield is the solution for our needs.

The tool's deployment is easy. 

The tool's pricing is good. 

I rate the overall solution a nine out of ten. 

Its use case can be anything from volume DDoS to lightweight web application framework capabilities. These are mostly the two areas where you see it.

It is integrated with AWS. So, it gives you a good first step. 

The management of it is a bit hard. If you don't engineer it on the front side, it is hard to go back in and change it. It could be improved in terms of architecture requirements and then ongoing support requirements as a secondary component to it. People tend to set up things like this, and they just expect it to work without the care and feeding that needs to go back into it either from an application team or a network environment team.

I have been using this solution for a couple of years.

I've not heard any concerns about the stability.

We didn't have any concerns on the scaling side. One customer, in particular, had 50 to 100 instances. The number tends to be less for some of my other customers because they have more of a data center presence that they're starting to move to the cloud, but even on the applications that they're moving to the cloud, they're ramping up. It is nowhere near the number of that first customer.

I've always found that it is just about getting to the right level of tech support with AWS. I've found their tech support to be fantastic. It is more about whether you have a good support contract and how quickly you can get to the right level of support for the immediacy of the conversation you need to have.

It is pretty straightforward, but it is hard to rework it back into your architecture without a lot of impact. If you know that you need this capability at the beginning of a project, you're probably good, but if you need to go back and add Shield, you're in a little bit of trouble. It all depends on the number of users you have and the type of application, but you're in a much different spot if you're having to go back and rework it.

For maintenance, you would require one cloud engineer for Shield in the environment, especially if you're doing anything at scale with that. You would also require a part-time architect person for overall oversight of that Shield capability. The architect's role would be more attending meetings and confirming that something is good, and it aligns with Shield capabilities, and Shield can be used for this application. The engineer's role would be more along the lines of the day-to-day implementation based on the application.

It depends on your subscription level and the volume that you're spending with AWS. So, it is very relative to the consumption alignment in your subscription level. It is a well-constructed, scalable pricing option, but it is relative to how much you're spending on AWS. Because the more you spend, typically, the more you get off on services like this. I find it to be comparable to other solutions.

You have to be careful about the architecture. Make sure that you're accounting for the requirements as you build out your environment. 

Normally, I see people go with third-party solutions instead of AWS when they want to have all their alerting and management awareness in one console, but that's not every customer. Typically, what I see happening is they'll do on-prem solutions for their DDoS or their colo data center environments for DDoS protection, and then they'll turn around and use cloud-native Shield. They work it out at their SOC level or whatever their management construct is for those alerts, but I do have a few customers that are all in with a third-party provider for it. In my opinion, with most cyber incidents, if they're targeting an organization, they tend to not care whether it is on-prem or in the cloud. They're going to target the whole organization. It has to do with that organization's experience in those DDoS attacks.

My advice would be to think about how you want to respond to a DDoS attack as an organization. If most of your internet presence from your application side is in AWS, AWS Shield is a great option. You've got one spot to go to. If you're more of a hybrid customer, just think about the mix of possibly two different DDoS solutions.

It is very cloud service specific. The service is really good. If I were looking at it, depending on where the ingress points are for my environment, I would want one vendor to alert me across my entire environment instead of two, three, or four. It doesn't matter how good your SOC is; it takes longer to evaluate that because you have different tools, and they may not have alignment on all their settings or alerting at the same time. A great example is that a third party might alert at your colo physical location sooner, and your cloud may take a little while to realize it is under attack and start alerting you there for it, or it can be vice versa. If it were me, I just want green, yellow, or red when something is happening across the environment and orchestrate a response to it if it is across multiple tools.

I would rate it a seven out of ten. 

I am impressed with the product's multiple features like security. 

The product is expensive. 

I have used the product for six to seven years. 

I would rate the solution's scalability a nine out of ten. My company has 150-200 users for the product. 

The product's setup is easy and took a couple of days to complete since we had to go through a lot of things like approvals for configuration. 

I would rate the product an eight out of ten. I would recommend people go ahead with the standard version, which comes along with the web. If you are looking for DDoS protection, then you would need an advanced version.