In the ever-evolving landscape of cybersecurity threats, businesses face a myriad of challenges to protect their digital assets. This article explores a real-world scenario where RedShield demonstrated its expertise in safeguarding a high profile NZ government agency against a distributed denial of service attack. This incident not only highlights the importance of proactive threat detection and mitigation but also underscores the significance of leveraging advanced AWS security solutions to combat layer 7 DoS attacks.

The Challenge: Probing Volumetric Attack on a Hybrid Environment

The customer in focus was initially deployed on RedShield's locally hosted infrastructure, supplemented by IBM instances. The challenge arose when the customer became the target of a large volumetric attack, a situation that demanded swift and effective countermeasures.

Upon detecting the threat through surveillance, RedShield took proactive measures by introducing offshore scrubbing. This early intervention proved crucial in mitigating a subsequent 2.4Tbps attack. Manual detection and prompt action were instrumental in neutralising the threat, showcasing RedShield's commitment to proactive cybersecurity practices.

Transition to AWS Shield Advanced for Always-On Protection

Recognizing the need for enhanced protection, RedShield made a strategic move to AWS Shield Advanced. This decision provided the customer with always-on protection, substantially larger volumetric capacity, and integration with AWS WAF. The adoption of AWS Shield Advanced demonstrated RedShield's dedication to staying ahead of evolving threats.

To bolster defences against Layer 7 DDoS attacks and support dynamic application scaling, RedShield migrated the customer's services to Application Load Balancers (ALBs) with AWS WAF. This not only ensured protection from L7DoS attacks but also laid the foundation for a scalable and resilient infrastructure.

With the change in hosting provider, the attackers shifted their focus to other services that had not migrated. This underscores the dynamic nature of cyber threats and the importance of a comprehensive security strategy that evolves with the threat landscape.

Second Wave of Attacks: Application Layer DDoS

A month later, the attackers returned with a more sophisticated approach that leveraged application layer (L7DoS) attacks. In response, RedShield successfully thwarted the attack using a combination of AWS WAF for Bot/DoS protection and F5 L7DoS profiles, showcasing the effectiveness of a multi-layered defence strategy that RedShield pioneers.

With the integration of AWS services, such as AWS WAF and Shield Advanced, RedShield gained access to world-class first and second horizon Bot & DoS defence capabilities, namely in traffic and device profiling. This positions RedShield as a leader in providing holistic cybersecurity solutions that address a wide range of threats.

In addition to first and second horizons, RedShield is uniquely positioned to manage the third horizon—identity profiling. Leveraging AWS Lambda and other edge compute capabilities, RedShield extends its cybersecurity prowess to include identity profiling, offering a comprehensive defence against advanced threat actors.


The showcased event emphasises RedShield's commitment to proactive threat detection, rapid response, and continuous evolution of its cybersecurity solutions. By leveraging AWS Shield Advanced, AWS ALB with AWS WAF, and integrating advanced defence profiles, RedShield not only defended against immediate threats but also fortified the customer's infrastructure for future challenges. This real-world scenario exemplifies RedShield's dedication to providing world-class cybersecurity managed services powered by AWS.

Next article: Strengthening DNS Security: A Case Study in Cybersecurity Excellence
All Case studies