Builtin Azure Service that automatically updates the attack signature heuristically ?

EnterpriseArchitect 4,721 Reputation points
2020-09-15T04:39:31.373+00:00

Hi Experts,

We have the need to secure the Application Gateway and hundreds of API exposed to the Internet as part of our production environment, Using the existing builtin, Azure services, How to make it secure from Unknown Threat or 0-day attack exploit?

I wonder if Microsoft Azure has something that can do such Machine Learning or AI in this architecture diagram https://gallery.technet.microsoft.com/Cybersecurity-Reference-883fb54c

As per my understanding, we still have to manage or manually update the OWASP exploit Default protection policy in the Application Gateway-WAF settings.

Or if there is no automated Attack signature update or dynamic update heuristically solution from Azure that can update the Threat signature dynamically, is there any 3rd party vendor WAF+IPS&IDS or Firewall appliances/service that can do it automatically?

I'm open to any suggestion or ideas that you may have.

Thank you.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
564 questions
Azure Web Application Firewall
Azure Firewall Manager
Azure Firewall Manager
An Azure service that provides central network security policy and route management for globally distributed, software-defined perimeters.
83 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,192 questions
Accepted answer
  1. GitaraniSharma-MSFT 47,316 Reputation points Microsoft Employee
    2020-09-30T09:32:50.637+00:00

    Hello @EnterpriseArchitect ,

    You can use Azure DDoS Protection Standard which is simple to enable, and requires no application changes. Azure DDoS protection, combined with application design best practices, provide defense against DDoS attacks. The protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are applied to public IP addresses associated to resources deployed in virtual networks, such as Azure Load Balancer, Azure Application Gateway, and Azure Service Fabric instances, but this protection does not apply to App Service Environments.

    Application layer protection can be added through the Azure Application Gateway Web Application Firewall or by installing a 3rd party firewall from Azure Marketplace. When coupled with the Application Gateway web application firewall, or a third-party web application firewall deployed in a virtual network with a public IP, DDoS Protection Standard can provide full layer 3 to layer 7 mitigation capability.

    Microsoft has also partnered with BreakingPoint Cloud to build an interface where you can generate traffic against DDoS Protection-enabled public IP addresses for simulations.

    Please refer : https://learn.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest