New Blog Post | Enhancements to Azure WAF for Application Gateway now in General Availability
Enhancements to Azure WAF for Application Gateway now in General Availability - Microsoft Community Hub Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection for your web applications against common vulnerabilities and exploits. Web applications are increasingly targeted by malicious attacks that vulnerabilities. SQL Injection (SQLi) and Cross-Site Scripting (XSS) are examples of some well-known attacks. Preventing such attacks in application code can be challenging and may require rigorous maintenance, patching, and monitoring at many layers of the application topology. A centralized web application firewall helps make security management much simpler and gives better assurance to application developers and security teams against threats or intrusions. The Azure Web Application Firewall (WAF) engine is the component that inspects traffic and determines whether a web-request represents a potential attack, then takes appropriate action depending on the configuration. Previously, when you used the Azure WAF with Application Gateway, there were certain limitations in the way you could configure and monitor your WAF deployments. We are happy to announce several enhancements to the configurations and monitoring capabilities of Azure WAF when used with Azure Application Gateway going forward.SEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS
UPDATED, post-AMA: Here is the AMA recording in case you missed the live session. ************************************************************* Please join us in this Ask Me Anything session with the Azure Network Security CxE PM team. During this session, the Azure Network Security SME (Subject Matter Experts), will answer your questions on Azure Firewall, Azure Firewall Manager, Azure Web Application Firewall and Azure DDoS. This will be a great forum for our Public Community members to learn, interact and have their feedback listened to by the Azure Network Security team. Feel free to post your questions about Azure Network Security solution areas anytime in the comments before the event starts. The team will be answering questions during the live session, with priority given to the pre-submitted questions from the comments below. If you are new to Microsoft Tech-Community, please follow the sign-in instructions. To register for the upcoming live AMA Sep 26, 2023, visit aka.ms/SecurityCommunity. Mohit_Kumar andrewmathu SaleemBseeu davidfrazee ShabazShaik tobiotolorin gusmodenaSecurity Community | Private Preview form short link correction
This is just a quick update on the short-link to the Private Preview form. The correct link is https://aka.ms/SecurityPrP. You can apply to join our private preview program, where you can get early access to changes in exchange for your feedback, and review our product roadmap. Thank you and I apologize for the inconvenience caused by the old broken link.
New Blog | Intrusion Detection and Prevention System (IDPS) Based on Signatures
An Intrusion Detection and Prevention System (IDPS) is a vital component of modern cybersecurity strategy, designed to safeguard networks by actively monitoring and responding to potential security threats. Among the types of IDPS currently available such as signature-based and anomaly-based, signature based IDPS stands out as a reliable and efficient method for identifying known security risks. This blog delves into signature-based IDPS, with a specific focus on the Azure Firewall Premium IDPS. Read the full blog post here: Intrusion Detection and Prevention System (IDPS) Based on Signatures - Microsoft Community Hub
New Blog Post | Role Based Access Control for Azure Firewall
Role Based Access Control for Azure Firewall - Microsoft Tech Community In this article, we discuss the actions that may be used to create security conscious roles and templates that you can use to create and assign roles for Azure Firewall. Once you understand the boundaries for the role you are trying to create, you can use the template below or modify it by carefully selecting the actions required and assigning it to the user. There are various levels of administrative roles you might be looking to assign, and this may be done at a management group level, subscription level, resource group level or resource level. Azure RBAC focuses on managing user actions at these different scopes.Azure WAF Security Protection and Detection Lab now Available
Azure Web Application Firewall Security Protection and Detection Lab is now available. The intent of this lab is to allow customers to easily test and validate the security capabilities of Azure WAF against common web application vulnerabilities/attacks. A significant amount of work has been put into developing the lab environment and the playbooks for our customers, and we are incredibly proud of the teamwork, collaboration, and support throughout the various stages of the process. The lab is now available on Azure Tech Community blog space and is organized in 5 sections. The step by step instructions in the lab allows anyone to rapidly deploy the lab environment and test Azure WAF’s protection capabilities against common web application attacks such as Reconnaissance, Cross-Site Scripting, and SQL Injection with no or minimal know-how of offensive security testing methodology. The lab also demonstrates how to use Azure WAF Workbook to understand how WAF handles malicious traffic and payloads. Click here for a Tutorial Overview an introduction to the testing framework used in the lab, and the four-part instructions one the lab setup.How does Microsoft Azure handle customer data security and privacy requirements?
Microsoft Azure employs a comprehensive set of measures to ensure customer data security and privacy, adhering to stringent industry standards and regulations. Here's an overview of how Microsoft Azure handles these aspects: Data Encryption: In-transit Encryption: Azure uses industry-standard transport protocols like TLS/SSL to encrypt data during transmission. At-rest Encryption: Data stored in Azure services is often automatically encrypted. Azure Disk Storage, for example, uses BitLocker encryption for Windows VMs and DM-Crypt for Linux VMs. Access Controls: Role-Based Access Control (RBAC): Azure provides RBAC to limit access to resources based on roles and responsibilities. Multi-Factor Authentication (MFA): Customers can enable MFA to add an extra layer of security for user logins. Physical Security: Data Centers: Azure data centers are highly secure facilities, adhering to strict physical security standards. Environmental Controls: Measures like fire detection and suppression systems ensure the safety of data center infrastructure. Compliance and Certifications: Azure complies with various international and industry-specific standards, such as ISO 27001, SOC 1 and SOC 2, HIPAA, and GDPR. Microsoft regularly undergoes third-party audits to validate its adherence to these standards. Azure Security Center: This service provides advanced threat protection across all Azure workloads. It monitors security configurations and provides recommendations to enhance security. Azure Active Directory (AD): Azure AD provides identity and access management services, enabling secure and seamless user authentication and authorization. Data Residency and Compliance: Azure allows customers to choose the geographical region where their data will be stored, helping them comply with data residency requirements. Azure provides customers with transparency regarding the location of their data and the controls in place to protect it. Privacy and Transparency: Microsoft is committed to transparency about its data handling practices. Customers have control over their data, and Microsoft provides clear information about how data is processed. Threat Intelligence: Azure Security Center leverages global threat intelligence to detect and respond to security threats proactively. Continuous Monitoring and Auditing: Azure services undergo continuous monitoring, and customers can access logs and audit trails for their resources. It's important for users to configure and manage their Azure resources securely, as security is a shared responsibility between Microsoft and its customers. By leveraging Azure's tools and following best practices, customers can enhance the security and privacy of their data on the platform.Top Benefits of Azure cloud for your business
Microsoft Azure is the leading provider of cloud infrastructure as a service (IaaS) and platform as a service (PaaS) solutions. The platform allows you to build, manage apps, and deploy more quickly and smoothly without having to buy or maintain the infrastructure. Azure’s cloud resources meet organizational security and compliance requirements while being easily customizable for unique needs. Organizations can have advantages which include frameworks, language preferences, and infrastructure. As a cloud computing platform, Microsoft Azure is changing how different industries use cloud services in various ways. Top Benefits of Azure cloud for your business: - Expands your current IT infrastructure: Azure cloud allows organizations IT personnel to focus on the business without worrying about the in-house capabilities or maintaining the equipment that is underused. The azure platform makes it fast and easy to deploy the current apps with little to no downtime. Security, compliance, and disaster recovery: Microsoft understands the importance of security when it comes to protecting the user’s data. Both the platform as well as the end users are protected. Additional services are provided such as multi-factor authentication and disaster recovery abilities which can restore the data in a matter of hours and further address the business needs. Industry-specific applications: Due to the high-risk and sensitive nature of different industries, Azure has designed specific applications to address the users’ unique needs. Healthcare, government, manufacturing, and financial services benefit from Azure features, including offline cloud migrating services, data security needs, simplified compliance, and modernized user apps.
