Microsoft Adds Threat Intelligence to Azure Firewall -- Redmondmag.com

Microsoft Adds Threat Intelligence to Azure Firewall

By Kurt Mackie
03/04/2019

Microsoft added a few improvements to Azure Firewall, its firewall-as-a-service security offering for organizations using Azure virtual machines.

Azure Firewall, which became generally available back in September, uses filtering rules for things like "source and destination IP address, port and protocol," which get used to protect Azure virtual network resources, according to a Microsoft document description. In a Monday announcement, Microsoft indicated that it has also added a new capability to Azure Firewall. It can now screen network traffic based on "malicious IP addresses and domains" as assessed by feeds from the Microsoft Threat Intelligence service.

The Microsoft Threat Intelligence service is powered by signals from the Microsoft Intelligent Security Graph, as well as assessments by security researchers. Microsoft has now turned on its Threat Intelligence service feeds by default "for all Azure Firewall deployments," according to the announcement, although IT pros can adjust its behavior.

Azure Firewall is integrated with Azure Monitor, Microsoft's management solution. Consequently, the added Microsoft Threat Intelligence information can be viewed in Azure Monitor dashboards, showing things like compromised virtual machines and blocked port scans, according to Microsoft's announcement.

A second addition to Azure Firewall is support for "service tags" to simplify the creation of network rules. Microsoft described a service tag as "a group of IP address prefixes for specific Microsoft services, such as SQL Azure, Azure Key Vault and Azure Service Bus." Microsoft lists the service tags that are currently supported in Azure Firewall in this document.

Lastly, Microsoft noted that a REST-based API for Azure Firewall can be tapped by non-Microsoft ("third party") software security management tools. The API can be used by those tools to manage "Azure Firewalls, Network Security Groups and network virtual appliances." Currently, the AlgoSec CloudFlow management product supports the API at the public beta stage. Security management products from Barracuda and Tufin also support the Azure Firewall API, but the support is currently at the private beta stage.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.