AWS Shield, known for its distributed denial of service (DDoS) protection, has introduced a new capability in preview: AWS Shield Network Security Director, a feature that expands Shield’s role beyond DDoS mitigation to provide comprehensive visibility into network configurations, identify security issues, and offer actionable remediation recommendations for AWS resources.
According to the company, organizations frequently struggle to discover all their AWS resources, understand complex interconnections, and assess their security posture against best practices. Hence, the network security director feature aims to simplify these challenges by providing:
- Network Topology Visibility: It automatically discovers AWS resources within an account, mapping their connections to each other and the internet. It identifies configured network security services, such as AWS WAF, Amazon Virtual Private Cloud (Amazon VPC) security groups, and Amazon VPC network access control lists (ACLs), evaluating their configurations against AWS best practices and threat intelligence. William Cooper commented in a LinkedIn post: “The more real time and visual the AWS dashboard always the better.”
- Prioritized Security Findings: The service quickly highlights missing or misconfigured firewalls and other security gaps, presenting network security findings on resources, prioritized by severity (critical, high, medium, low, informational). This helps security teams focus on the most pressing issues.
- Actionable Remediation Recommendations: For each identified finding, the network security director provides specific, step-by-step instructions to correctly implement or update the configurations of AWS security services, facilitating immediate corrective action.
(Source: AWS News blog post)
A notable integration is with Amazon Q Developer in the AWS Management Console and chat applications. This allows security teams to query their network security configurations using natural language (e.g., “Are any of my Internet-facing resources vulnerable to DDoS?”). Amazon Q Developer then provides relevant findings and recommended remediation steps, streamlining the investigative and response processes.
(Source: AWS News blog post)
The announcement of Network Security Director, made ahead of AWS re:Inforce 2025, has been met with positive early feedback. As Will Townsend, a Telco & Security Principal Analyst noted on X “like its observability capability that proactively identifies missing or misconfigured security services within AWS environments and makes remediation recommendations,” adding that it’s a “smart move to expand the company’s Shield capabilities beyond DDoS protection to simplify SecOps.”
While other major cloud providers like Microsoft Azure and Google Cloud Platform also offer robust DDoS protection and network security posture management, AWS Shield Network Security Director brings a consolidated approach to network security visibility and remediation, which in Azure and GCP, are typically distributed across a combination of broader security posture management tools (such as Microsoft Defender for Cloud and Google Cloud’s Security Command Center) and dedicated network monitoring or diagnostic services (like Azure Network Watcher and GCP’s Network Topology/Analyzer).
The network security director’s capabilities are currently available in preview in the US East (N. Virginia) and Europe (Stockholm) regions, with Amazon Q Developer integration available in preview in the US East (N. Virginia) region. With this new feature, the company offers organizations enhanced tools to identify, prioritize, and address network and application security configuration issues proactively, thereby bolstering their defenses against evolving threats such as SQL injection and DDoS attacks.
