Not too long after Amazon launched their cloud protection WAF the Microsoft Azure Web Application Firewall (WAF) has been made generally available in all public Azure DCs.
It’s a good move with the majority of websites and services moving into one of the big 3 cloud providers (AWS, Google or Azure) and the vast majority of attacks coming from the same few patterns (SQL Injection, XSS etc). A WAF can mitigate against a lot of that without too much worry of false positives.
Microsoft is making it harder for cyber-attackers to target web applications hosted on its Azure cloud computing platform.
Azure Web Application Firewall (WAF), a component of the company’s Azure Application Gateway offering, is now generally available in all public Azure data center regions. Azure Application Gateway is a cloud-based HTTP (Hypertext Transfer Protocol) load-balancing and SSL (Secure Sockets Layer) offloading system that enables businesses to build and deliver scalable and secure web applications.
With the addition of the Web Application Firewall, customers can now fortify their applications, making them less susceptible to cross-site scripting attacks, SQL injection and other methods of exploiting or disrupting web applications. The firewall provides protection for up to 20 websites per gateway.
In its analysis of web security landscape for the fourth quarter of 2016, Akamai found that SQL injection was responsible for 51 percent of all web application attacks. As the term suggests, SQL injection involves inserting or “injecting” code into database-driven applications for the purposes of tampering with data, extracting information and other activities that pose a risk to sensitive or critical business data.
The Azure WAF is part of their Application Gateway and is now available across all public data center regions.
As with most things Microsoft it seems to be a bit more automated and a bit less manual than the AWS option which is basically just a glorified regex engine you have to configure yourself.
In addition to blocking SQL injection and cross-site scripting attempts, Azure Web Application Firewall can stop other common attack methods like remote file inclusion, command injection and HTTP request smuggling and response splitting, explained Yousef Khalidi, corporate vice president of Azure Networking at Microsoft, in a March 30 blog post.
It can also thwart attacks that depend on HTTP protocol anomalies and violations, along with misconfigured Apache and Internet Information Services (IIS) deployments, among other servers and applications involved in delivering a web application.
Automated tools like bots and crawlers are similarly blocked. Finally, the firewall helps customers stand up to debilitating HTTP denial-of-service attacks, added Khalidi.
Packing a big punch, courtesy of vast armies of compromised PCs and Internet of Things (IoT) devices, denial-of-service attacks have emerged into one of the leading threats affecting today’s web-facing businesses.
Last September, a website belonging to renowned security blogger Brian Krebs was hit with a massive distributed denial-of-service (DDoS) attack that overwhelmed his site with 665 Gbps of disruptive traffic.
The scale of the attack forced Akamai, the content delivery network who provided DDoS protection to the blog, to drop its support Krebs. Around the same time, French cloud computing company OVH reported a DDoS attack approaching 1 Tbps.
It also by default mitigates against more types of attacks, and some common misconfigurations – which you see a lot of in the cloud space (hello MongoDB).
Now we’ll have to wait and see if Google Cloud Platform comes out with a similar offering, then they will all be on par again.