Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google’s Project Shield explained – free DDoS protection or clever marketing?

John E Dunn | March 1, 2016
Google's new reverse proxy offers a shields of sorts - but only for some.

More and more of the world's information, news and humanitarian websites are under attack from clever often politically-motivated DDoS attacks that want to silence them. Now Google has announced what it thinks is the answer to the problem - offer a selection of victims free DDoS mitigation.

Project Shield, as it is called, is an interesting and possibly radical idea no matter that it is also good PR for Google. DDoS attacks are an unequal battle. The attacks themselves have become easier and cheaper to mount with the emergence of cloud infrastructure able to offer huge number of compromised servers to direct traffic, leaving small news publishers in some countries on the receiving end of the sort of attacks that would once have been reserved for the biggest sites.

Buying protection can be expensive, and with attacks getting larger, not guaranteed to work. It's not even clear that low-end providers want the sort of customer who is going to be a target in the first place. A contentious news site likely to be a magnet to the cottage industry of DDoS-for-hire entities. For multi-tenant datacentres this is probably more trouble than it's worth and the targets might be asked to host elsewhere.

Project or shield?

The revealing word in this typically low-key announcement is 'project'. Projects aren't businesses, projects are ideas, in this case one designed to project Google's underlying liberal-pluralist sense that information society depends on digital diversity. The security market as currently configured is a free one in which vendors produce product and services and find customers willing to pay for them. It is undoubtedly true that some organisations don't have DDoS because they don't see it as necessary; many others simply can't pay the prices being asked for a given service level and are left open to every and any attack.


Over the years Google has quietly primed other initiatives in DDoS security. Three years ago - the moment when DDoS reflection attacks were becoming a big worry - the firm partnered with Arbor Networks (which has Atlas sensors in many Tier-1 content delivery networks and carriers) to create the Digital Attack Map from Google Ideas, an attempt to visualise what was going on in DDoS attack traffic in real time.

For the first time it was possible for anyone to get a meaningful view on attack volumes as well as the countries originating and receiving all these packets. It was a good idea. For too long DDoS had been seen as a narrow interest of security geeks. Although not referenced by that many publications, Digital Attack Map was at least a way of peering into the void so see something, anything.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.