Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Google Helps News Sites Thwart DDoS Attacks

Google on Thursday announced the public launch of Project Shield, an initiative aimed at protecting news sites from distributed denial of service (DDoS) attacks, for free.

Google on Thursday announced the public launch of Project Shield, an initiative aimed at protecting news sites from distributed denial of service (DDoS) attacks, for free.

While Project Shield is not a new effort, since it has been around since 2013, only testers had access to it until now. Since the original announcement three years ago, the initiative has offered protection to a series of small websites publishing news about oppressive regimes, as Google wanted to test its ability to keep them safe from cyber-attacks and DDoS assaults.

With the testing phase concluded, Google has decided to allow other small news sites take advantage of Project Shield and serve their content through Google’s infrastructure without having to move their hosting location. According to the Internet giant, the initiative is now open to all the world’s news sites looking for protection from DDoS attacks.

Google’s new attempt to eliminate DDoS as a form of censorship is part of the company’s ongoing effort to support free expression and access to information, and is intended to ensure that journalism is not silenced when it’s needed most. Not only is the service offered for free, but the search-engine giant is looking to protect human rights websites and elections monitoring content as well.

Jared Cohen, President, Jigsaw, and Advisor to Executive Chairman, Alphabet Inc., explains in a blog post that Project Shield’s testing period allowed Google learn more on how DDoS attacks happen and on how to improve its services to defend against them. However, the company notes on the initiative’s website that there’s no guarantee on uptime or protection levels, although the infrastructure is designed to defend itself and the free protection extends to third-party websites as well.

Websites serving news, human rights or elections-related content are encouraged to apply for the service directly on the Project Shield website. Once they have been approved, they will receive an invitation to join Project Shield, along with instructions on how to configure their website for the DDoS mitigation, a process that should take only a few minutes for webmasters with admin privileges and basic technical knowledge.

Qualifying websites will have to provide Google with access to detailed traffic information, since visibility into this data will allow the company to detect malicious traffic. According to Google, all of the obtained data, including logs from Project Shield servers, will be used only for DDoS mitigation and caching and to improve the protection service.

Sites not using a content delivery network (CDN) or a major hosting provider might not have the capacity to defend against DDoS attacks, and Google says that there are tens of thousands of news sites that now have access to Project Shield. The free service will allow even the smallest independent news organizations continue their work without the fear of being shut down.

Advertisement. Scroll to continue reading.

“Finally, Project Shield is not just about protecting journalism. It’s about improving the health of the Internet by mitigating against a significant threat for publishers and people who want to publish content that some might find inconvenient. A free and open Internet depends on protecting the free flow of information—starting with the news,” Cohen said.

In November, encrypted email service ProtonMail was taken offline by a massive DDoS attack, which the company suspected was the doing of a state-sponsored actor. On Dec 31, 2015, BBC’s website was taken offline by anti-ISIS group called New World Hacking, which was testing a DDoS tool capable of launching 600 gigabit-per-second (Gbps) attacks.

According to Arbor Networks’ 11th Annual Worldwide Infrastructure Security Report (WISR), multi-vector DDoS attacks are on the rise, with over 50 percent of attacks targeting an organization’s infrastructure, applications and services simultaneously. The report also shows that DDoS attacks continue to grow in size, with the largest attack reported in 2015 being 500 Gbps.

 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture