What’s new in Azure Network Security at Microsoft Ignite 2022
Published Oct 12 2022 09:00 AM 4,101 Views
Microsoft

UPDATE (10/26): Watch the Ignite on-demand session to learn more about the latest Azure Network Security announcements!

 

Written in collaboration with @henryyan 

 

Welcome to Microsoft Ignite 2022! Check out our recent blog for the network security related sessions at Ignite.

 

We’re excited to share the latest innovations in Azure network security that can help you protect against evolving threats, strengthen your security and compliance posture, and increase your agility and efficiency. This blog post gives you an overview of new capabilities for securing your network infrastructure and applications.

 

Azure Firewall

 

Azure Firewall Basic (Preview)

Azure Firewall is our cloud-native firewall that offers built-in high availability and cloud scalability to protect your resources within your virtual network. The Basic SKU for Azure Firewall delivers enterprise-grade network firewall to SMBs at an affordable price point. You get essential network firewall capabilities, like L3-L7 filtering of East-West and North-South traffic with built-in threat intelligence to block malicious traffic. As a cloud-native service, Azure Firewall is easy to setup, configure, and manage, and requires zero maintenance. Azure Firewall integrates seamlessly with other Azure services like Microsoft Sentinel and Microsoft Defender for Cloud so you can gain more visibility into your environment and identify and respond quicker to threats.

Learn more.

 

Policy Analytics (Preview)

IT teams are challenged with managing and keeping up to date their Firewall policies and rules. For large, geographically dispersed organizations, the process can be complex leading to errors and increasing the risk of a security breach.

 

To help simplify the management and update of Azure Firewall policies and rules, we are introducing Policy Analytics for Azure Firewall, in preview. Policy Analytics provide insights and centralized visibility, and control of your Azure Firewall rules and policies. With policy insights, analytics, and recommendations, IT and security teams can improve their security posture and ensure compliance.

Learn More.

 

 

Azure DDoS Protection

 

IP Protection (Preview)

DDoS attacks are becoming more frequent and advanced with attack bandwidth growing and new attack vectors emerging. Azure DDoS Protection offers cloud scale DDoS protection to defend against the largest and most sophisticated DDoS attacks.

 

IP Protection is a new SKU for Azure DDoS Protection that is designed with SMBs in mind and delivers enterprise-grade, cost-effective DDoS protection. You can defend against L3/L4 DDoS attacks with always-on monitoring and adaptive tuning that ensure your application is always protected. With IP Protection, you now have the flexibility to enable protection on a single public IP. Azure DDoS Protection integrates seamlessly with other Azure services so you can get real-time alerts, metrics, and insights to strengthen your security posture.

 

With IP Protection, you only pay for the public IP resources protected. The cost is a fixed $199/month for each public IP resource protected with no additional variable costs. Prices may vary by region. Billing for IP Protection will be effective starting on February 1, 2023.

 

For more details on pricing, visit the Azure DDoS Protection pricing page.

 

The existing Standard SKU will now be known as Network Protection.

Learn More

 

 

Azure Web Application Firewall

 

Azure Web Application Firewall provides intelligent protection of your applications and APIs running in Azure or at the edge. Azure WAF attaches to Azure Front Door, our modern cloud CDN, to provide secure application delivery and stop security attacks at the network edge closer to the source of the attack with over hundreds of edge locations around the world. Azure WAF also attaches to Azure Application Gateway, a highly scalable, regional load balancer to protect your applications within Azure.

 

Global WAF

  • DRS 2.1 ruleset (coming soon)
  • Bot Manager 1.0 ruleset (GA)

DRS 2.1, which will be available soon, includes the latest Microsoft proprietary rules powered by Microsoft Threat Intelligence to protect against new attack signatures, increase the coverage and patches for specific vulnerabilities, and reduces the number of false positives.

 

Bot Manager 1.0 ruleset, which we released a few months ago, is also powered by Microsoft Threat Intelligence and supports classification for good, bad, and unknown bots to defend against malicious bot attacks more effectively.

 

Regional WAF

  • Bot Manager 1.0 ruleset (coming soon)
  • CRS 3.2 ruleset (GA)
  • Per rule exclusions (GA)

For regional WAF with Azure Application Gateway, we have several recent updates that offer improved security, improved scalability, and better management of your web applications.

 

Bot Manager 1.0 ruleset will be generally available soon for WAF with Application Gateway.

 

Our new next-generation WAF engine delivers improved performance and scalability along with updated Core Rule Set 3.2, which provides comprehensive protection of the OWASP Top 10 security risks and protection against specific vulnerabilities like Log4J and SpringShell.

 

On WAF with Application Gateway, you now have the flexibility to exclude certain rules to reduce false positives and meet application-specific requirements

 

Learn More – WAF on Azure Application Gateway.

Learn More – WAF on Azure Front Door.

 

 

Azure Bastion

 

  • Native client support (GA)
  • IP-based connection (GA)

The more public IP addresses a customer has attached to VMs in their virtual network, the larger their attack surface becomes and the more vulnerable they are to security threats. Azure Bastion provides secure and seamless RDP/SSH access to your VMs in local or peered virtual networks without the need for a public IP address.

 

We’ve expanded the options for connecting to your VMs using Azure Bastion, providing you with more flexibility to securely connect to VMs across Azure, on-premises, and other cloud platforms.

 

With native client support, you can now connect to your Azure VMs with familiar processes and tools using Azure CLI and a native client on your local machine. With IP-based connection, you can connect to your VMs in Azure, on-premises, or in other clouds with Azure Bastion over ExpressRoute and Site-to-Site VPN using a specified IP address. Both are now generally available.

Learn more.

 

Resources:

 

Version history
Last update:
‎Oct 26 2022 12:32 PM
Updated by: