Microsoft recently made its new Web Application Firewall available for customers. Initially, they announced the centralized WAF service that protected the applications running in the Azure public cloud environment from attacks such as SQL injection and cross-site scripting attacks.
According to Yousef Khalidi, Microsoft corporate vice president for Azure Networking, it is difficult to prevent the 7-layer app-level attacks and requires maintenance, monitoring and patching through the application tiers. With the introduction of Web Application Firewalls, users will not have to make any application changes for protecting against web attacks and simplifying security management. Microsoft assures a better security against threats and intrusions with its application and compliance administrators.
Microsoft’s Azure Application Gateway can host multiple sites as this application delivery controller (ADC) includes SSL termination; URL path based routing, load distribution. The ADC also provides end-to-end SSL encryption and logging as well as SSL policy control. The WAF comes with Open Wen Application Security Project (OWASP) ModSecurity Core Rule Set (3.0 or 2.2.9) that is designed to protect against threats such as command injection, HTTP response splitting, HTTP request smuggling, HTTP protocol violation, crawlers, bots, and general scanners. Microsoft has attended to the issue of denial-of-service attacks that occur against multiple web pages.
Presently, the Azure Application Gateway can host up to 20 sites behind each gateway, all of which are capable of defending against such attacks. The Microsoft team confirmed that they intend to add the new WAF service through the Azure Security Service that recommends ways to re-mediate discovered issues after scanning the cloud based subscriptions for vulnerabilities. Their security service did not include protecting web pages that aren’t scanned by a WAF. However, it offers third party firewalls from a Barracuda Networks.
Net Activity, Inc. is a Microsoft certified partner and has actively been supporting businesses across Ohio for installation of Office 365 and Microsoft Azure. We operate since 2002 and ensure a secured cloud presence while enhancing business productivity cost-effectively. For more details, please visit http://www.netactivity.us/services/cloud-computing-services or get in touch with Harry Bhatia, President, Net Activity, Inc. at 888-545-5346.