BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Microsoft Announces New Capabilities in Azure Firewall: Threat Intelligence and Service Tags Filters

Microsoft Announces New Capabilities in Azure Firewall: Threat Intelligence and Service Tags Filters

This item in japanese

Recently Microsoft announced two new capabilities for the Azure Firewall cloud-native firewall-as-a-service offering: threat intelligence based filtering and service tags filtering.

Azure Firewall became generally available in September last year during the Ignite event, after its preview earlier. With this firewall service, Microsoft provides customers with a way to centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. The firewall service supports both applications (such as wildcard domain names *.github.com), and network level filtering rules.

Azure Firewall users today can configure the service to alert and deny traffic to and from known malicious IP addresses and domains in near real-time. Moreover, the firewall service receives a feed of Microsoft’s threat intelligence, which includes these addresses and domains. Yair Tor, principal program manager, Azure Networking, explains in a blog post on the announcement:

The Microsoft Intelligent Security Graph powers Microsoft Threat Intelligence and provides security in multiple Microsoft products and services, including Azure Security Center and Azure Sentinel.

By default, Microsoft enables the thread intelligence based filtering in alert-mode for any Azure Firewall deployment, and users can adjust the behaviour to alert and deny.
    
 
Source: https://azure.microsoft.com/en-us/blog/announcing-new-capabilities-in-azure-firewall/

With Azure Firewall customers can also benefit from its integration with Azure Monitor, Microsoft's management solution. Furthermore, customers can view the Microsoft Threat Intelligence information in Azure Monitor dashboards, showing things like compromised virtual machines and blocked port scans.

Source: https://azure.microsoft.com/en-us/blog/announcing-new-capabilities-in-azure-firewall/

Besides the threat intelligence based filtering, Microsoft also added support for service tags. With service tags customers can easily create network rules by simply using these tags in the network rules destination field. Furthermore, Microsoft will continue to add support for additional service tags over time.

An alternative for Azure Firewall is Barracuda which provides centralized management and highly secure, encrypted traffic to, from, and within Microsoft Azure deployments. Furthermore, customers can also obtain other third-party firewall services such as Sophos, Checkpoint, and WatchGuard, with rich feature sets at various prices. On a Reddit post about the new Azure Firewall capabilities, a participant commented on its price:

Currently, it's at an entry level of features, but at a premium service cost. Compare it to a service like Barracuda, and you can see why CSP's are not selling much in the way of Azure Firewall.

More details on Azure Firewall are available on the website and pricing details on the pricing page.

Rate this Article

Adoption
Style

BT