Google on Thursday announced that it was expanding its Project Shield program, offering to protect news and human rights websites from distributed denial of service attacks for free.
Project Shield uses Google’s security infrastructure to detect and filter DDoS attacks, which flood websites with Internet traffic or service requests in order to impair their functioning or take them down altogether.
“A simple, inexpensive distributed denial of service attack can be carried out by almost anyone with access to a computer — and take a site completely offline before its owners even know they’ve been attacked,” noted Jared Cohen, president of Jigsaw and advisor to Alphabet Executive Chairman Eric Schmidt.
“These attacks threaten free expression and access to information — two of Google’s core values,” Cohen pointed out. “With this expansion, tens of thousands of news sites will have access to Project Shield. And because Project Shield is free, even the smallest independent news organizations will be able to continue their important work without the fear of being shut down.”
Cheap DDoS
“Project Shield is a valuable solution that highlights an important issue: the existence of cheap DDoS-for-hire services that enable anyone to launch DDoS attacks of substantial size, against any target,” said Igal Zeifman, senior digital strategist at Imperva.
“Google is also correct in assuming that news sites are amongst the most prominent targets for DDoS offenders,” he told TechNewsWorld.
Google’s action appears to be well-timed, as DDoS attacks have become larger and more frequent.
“Just recently, we saw an attack of 500 Gb/sec; just two years ago it was 300 Gb/sec, which is more than any average website can handle,” said Rene Paap, a product marketing manager withA10 Networks.
“I think Shield will be very effective, because Google has a huge infrastructure,” he told TechNewsWorld. “I don’t think anyone comes close to it. They have the capacity and connectivity to do this right.”
Infrastructure Muscle
“Google’s DDoS defenses are likely to be extremely effective,” added Sumit Agarwal, vice president of strategy at Shape Security, and former leader of mobile project management at Google.
“Defending against DDoS attacks requires two things: massive scale, and broad visibility over the entire Internet,” he told TechNewsWorld. “Google likely has more of both attributes than anyone on the Web.”
However, there are limitations to Project Shield, said Imperva’s Zeifman.
“The solution Google offers combines traffic filtering and the ability to present cached content while a website is dealing with more traffic that it can handle,” he explained.”This can help against certain attack vectors, but it doesn’t fully address the different DDoS threats that websites are facing today.”
The Stale News Solution
Project Shield cannot mitigate network layer attacks, especially direct-to-IP attacks that target specific IP addresses and elements of a network’s infrastructure, according to Zeifman.
“There is also the question of attack duration, as many DDoS assaults can be easily sustained for days, weeks or even months at a time,” he pointed out.
“For attacks like these, serving stale cached content is a hard compromise — perhaps even more so for a news organization,” he said.
News sites vulnerable to DDoS attacks won’t be the only beneficiaries of Google’s expansion of Shield.
“Regimes which suppress free speech often restrict access to Google’s services as well, so limiting such oppression is likely to favor the usage of Google’s services over time,” observed Shape’s Agarwal.
Google’s Angle
Project Shield also could improve Google’s search results, noted Anthony Khamsei, CEO of Gold Security.
“Google wants to show the most relevant search results, so showing a site that’s not accessible is not desirable,” he told TechNewsWorld. “Therefore, Google has a lot to gain by making the Web a safer place.”
When Internet companies offer something for free, some skepticism may be in order, but “I don’t see that to be the case here,” said A10’s Paap. “This seems like it’s focused on making the Internet a better place.”
Loading ...
