Microsoft Previewing Improvements to Azure Front Door and Azure Firewall
Microsoft this week announced advancements in two Azure services that are used to add security for applications and content that touch the Internet.
One of those services is Azure Front Door, which has been updated and comes with two new products (Standard and Premium) at the preview stage. The other service is Azure Firewall, which now has a Premium offering at the preview stage.
Microsoft talked about both products in a Feb. 18 Web presentation, "Modernize Your Network Security Strategy," which was said to be available on demand at this link.
The "Modernize Your Network Security Strategy" presentation was led by Ann Johnson, Microsoft's corporate vice president of security, compliance and identity for business development. The event included other Microsoft luminaries. Mostly, the speakers highlighted the conceptual aspects of the two products. There was also a thematic emphasis on the overall need for organizations to establish "zero-trust" security operations.
Azure Front Door Previews
Microsoft first introduced Azure Front Door more than two years ago at its Ignite conference as a security solution for overseeing global microservice-based Web applications. A more current definition, posted this week, described it as a secure cloud content delivery network (CDN) service for protecting apps and Web sites:
Azure Front Door is a secure cloud CDN service that cyber security teams can use to accelerate content delivery while protecting apps, APIs, and websites from cyberthreats. It combines intelligent threat protection and modern CDN technology in a tightly integrated service that's easy to setup, deploy and manage.
Microsoft explained in its Azure Front Door announcement that the Internet has scalable support for applications but it "has little cybersecurity protections in place" to secure those apps. In response, Microsoft is adding two products to its Azure Front Door service, namely Standard and Premium (at preview).
These new Azure Front Door products combine the "capabilities of Azure Front Door, Azure Content Delivery Network (CDN) standard, and Azure Web Application Firewall (WAF) into a single secure cloud CDN platform with intelligent threat protection and a simple to understand pricing model."
The pricing model consists of a fixed monthly fee, inbound and outbound data transfer costs, and costs based on "requests per seconds."
Differences between the two new Azure Front Door products in preview are shown in the following illustration:
The Standard and Premium previews both have some new functionality in common, namely:
- Simplified deployment and configuration
- Simplified management
- Reports and enhanced analytics for "better troubleshooting and debugging"
- A "health probe diagnostic log"
- Transport Layer Security (TLS) certificate management, where "you never have to worry about TLS certificate expiry"
The Premium offering includes specific security protections, namely Web Application Firewall (WAF) support, protection against distributed denial-of-service (DDoS) attacks, protection against malicious bots and Azure Private Link support.
Azure Private Link was described as removing the need to have "origins with public internet-accessible IP addresses." Organizations can instead link their platform-as-a-service-based apps and services with Azure Storage or Azure App Services as a "private origin," the announcement explained.
Azure Firewall Premium Preview
Microsoft commercially released its Azure Firewall product more than two years ago at Ignite. It's designed to protect Azure Virtual Network resources via "log access to apps and resources," plus "filtering for both inbound and outbound traffic," according to Microsoft's landing page description. It'll also automatically scale traffic during peak loads.
Microsoft devised its new Azure Firewall Premium product, currently at preview, for "highly sensitive and regulated environments."
Azure Firewall Premium supports TLS traffic inspection, and it "re-encrypts" that traffic after checking it. It also has an intrusion detection and prevention solution that checks for "specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware."
Users of Azure Firewall Premium can set filters for outbound traffic. The filters can be set for broad Web categories, such as checking for social network connections. There's also a URL filtering capability that lets organizations check "specific URLs, not just FQDNs [fully qualified domain names]."
Azure Firewall Premium also can be used with Azure Key Vault. It's a separate service that gives Microsoft's customers control over "secrets" [passwords], keys and TLS/SSL certificates."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.