Strengthening Web Application Security at Scale Using AWS Global Accelerator with RedShield

RedShield’s service keeps customers informed about evolving cyberattacks so that they understand and prioritize security risks. The service manages these risks by reviewing application security testing data and conducting weekly audits. RedShield proposes solutions that are based on technical and economic considerations and focuses on identifying and managing business continuity risks. It runs test plans to minimize the likelihood of risks materializing and maintains operational event-response capabilities to minimize disruptions.

With the continual rise in the volume and sophistication of distributed denial of service (DDoS) attacks, it is no longer enough to detect and then dynamically introduce protection networks. Confirming that these networks cater for all scenarios is increasingly difficult. “Even if we were scrubbing 99 percent of attack traffic, the remaining 600 Gbps could disrupt the application,” says Matt Taylor, head of business development at RedShield.

RedShield needed a solution with automatic scaling to analyze many inbound transactions. The company also wanted to geographically distribute its points of presence to make applications more difficult for attackers to target. “It was clear that AWS matched our requirements exactly,” says Taylor.

In 2020, RedShield began migrating its on-premises infrastructure to AWS. “CPU wasn’t an issue, automatic scaling was awesome for us, and AWS Global Accelerator gave us what no one else was offering: the ability to publish in 80–100 data centers,” says Taylor. The company created technical designs and built a proof of concept by early 2021. To migrate its existing customers, RedShield ported its entire configuration to AWS. However, to support its large workloads efficiently, it needed to change how it managed IP addresses.

The standard AWS Global Accelerator quota for each AWS account is 20 accelerators, but RedShield needed around 500 to quickly onboard new customers. So RedShield turned to AWS Enterprise Support, which provides businesses with a concierge-like service to achieve outcomes and find success in the cloud. It engaged the AWS Enterprise Support team early in the process to evaluate RedShield’s network architecture and provide appropriate guidance for deploying AWS Global Accelerator resources. The team recommended that RedShield move away from its previous single-account, bring-your-own-IP-address approach to a multi-account architecture. It also suggested using IP addresses provided by AWS Global Accelerator to benefit from its scaling mechanisms while reducing costs. During the implementation, the AWS Enterprise Support team used the AWS Infrastructure Event Management (AWS IEM) program, which offers support for planning and running business critical events.

Static IP addresses from AWS Global Accelerator are anycast from all AWS edge locations at the same time, so RedShield has increased the resiliency of its existing attack surface. “We were partially using anycast across the United States, Australia, and New Zealand, but to have it massively scale across the entire AWS architecture was significantly better,” says Taylor. As RedShield shifted to using IP addresses from AWS, it began adopting its multi-account strategy to onboard new customers quickly and improve its networking performance at scale. By using multiple accounts, the company better positioned itself to scale for thousands of customers while maintaining high performance and security (under the AWS Shared Responsibility Model). “Because we’re using AWS Global Accelerator, all traffic enters the AWS network at the closest possible point,” says Taylor. “Our customers have experienced 40 percent more speed of page load.”

RedShield uses AWS to provide crucial, virtually always-on DDoS protection. The company uses Elastic Load Balancing (ELB), which distributes network traffic to improve application scalability, to make its infrastructure flexible and resilient. “On AWS, you get a massive defensive and distributed presence,” says Taylor. “In peacetime, this gives you speed, and during unrest, it gives you protection.” RedShield’s cloud infrastructure on AWS has mitigated attacks peaking at over 1.3 Tbps, including 25 million Domain Name System requests per second and 1.2 million HTTP requests for web application login per second.

On AWS, RedShield helps customers resolve issues quickly and with minimal impact. “We’ve had a customer come to us with a huge issue that penetration testers said would require a rearchitecting of the application to fix,” says Taylor. “Their developers said it would take 6 months. We got them back up and running within 2 days—and that was over the weekend.” RedShield is providing fast, globally distributed access to its customers’ websites while enhancing resiliency on AWS. The company has also reduced the manual work required to maintain its services by 50 percent and expects to further reduce labor costs. “We wanted to minimize complexity so that we could maximize innovation,” says Taylor. “By going all in on AWS, we’re using AWS optimally while driving costs down.”