Microsoft Adds Threat Intelligence to Azure Firewall
Microsoft added a few improvements to Azure Firewall, its firewall-as-a-service security offering for organizations using Azure virtual machines.
Azure Firewall, which became generally available back in September, uses filtering rules for things like "source and destination IP address, port and protocol," which get used to protect Azure virtual network resources, according to a Microsoft document description. In a Monday announcement, Microsoft indicated that it has also added a new capability to Azure Firewall. It can now screen network traffic based on "malicious IP addresses and domains" as assessed by feeds from the Microsoft Threat Intelligence service.
The Microsoft Threat Intelligence service is powered by signals from the Microsoft Intelligent Security Graph, as well as assessments by security researchers. Microsoft has now turned on its Threat Intelligence service feeds by default "for all Azure Firewall deployments," according to the announcement, although IT pros can adjust its behavior.
Azure Firewall is integrated with Azure Monitor, Microsoft's management solution. Consequently, the added Microsoft Threat Intelligence information can be viewed in Azure Monitor dashboards, showing things like compromised virtual machines and blocked port scans, according to Microsoft's announcement.
A second addition to Azure Firewall is support for "service tags" to simplify the creation of network rules. Microsoft described a service tag as "a group of IP address prefixes for specific Microsoft services, such as SQL Azure, Azure Key Vault and Azure Service Bus." Microsoft lists the service tags that are currently supported in Azure Firewall in this document.
Lastly, Microsoft noted that a REST-based API for Azure Firewall can be tapped by non-Microsoft ("third party") software security management tools. The API can be used by those tools to manage "Azure Firewalls, Network Security Groups and network virtual appliances." Currently, the AlgoSec CloudFlow management product supports the API at the public beta stage. Security management products from Barracuda and Tufin also support the Azure Firewall API, but the support is currently at the private beta stage.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.