Every organization needs collaboration and teamwork to move the cogs of its daily operations, especially when it comes to organizations with a large workforce, numerous technologies and multiple lines of business. In the new world of remote work, this is now more important than ever.
The importance of improved cybersecurity for organizations has never been more apparent in our modern business world. Many businesses have felt the disruptive impact of an unforeseen cyberattack on their daily operations and customer base.
Last month, Go-Ahead, one of the UK’s biggest transport companies was hit with a cyber-attack that affected its scheduling employee software and the impact of the cybersecurity incident affected a number of its back-end systems including their payroll software. On the southeastern side of the world, Optus, an Australian telecommunications company experienced a cyberattack which allowed hackers to potentially access the personal information (i.e. passport info, email addresses, dates of birth) of up to 2.8 million Australians.
These cybersecurity incidents can truly be costly (both in money and time). According to Norton, those who experienced cybercrime globally in the past year spent an average of 6.7 hours resolving it for an estimated 2.7 billion hours lost in total.
No company wants this sort of news (and its consequences) at their doorsteps. To help its global customers, Microsoft invests more than $1 billion annually on cybersecurity research and development as well as employs more than 3,500 security experts dedicated to data security and privacy. By partnering with Microsoft for their cybersecurity needs, organizations can spend less time worrying about their security and more time achieving their business goals.
In this blog post, we will discuss how the Policy Analytics feature for Microsoft Azure Firewall helps organizations enhance their existing cybersecurity stance.
Here you will find:
What is Microsoft Azure Firewall?
How does the Policy Analytics feature work within Microsoft Azure Firewall?
Learn more about Microsoft Azure
What is Microsoft Azure Firewall?
Microsoft Azure Firewall is a cloud-based cybersecurity solution that helps organizations protect their data and resources from online threats. It uses a variety of techniques to defend against attacks, including firewalls, intrusion detection and prevention systems, and malware protection. Azure Firewall is available as a standalone service or as part of the Azure Security Center.
Organizations can use Azure Firewall to control traffic between different clouds and on-premises networks, as well as between different regions and subnets within a cloud. It can also be used to control traffic to and from specific services, such as Azure Storage or SQL Database. Azure Firewall provides granular control over inbound and outbound traffic, making it an effective defense against cybersecurity threats.
This cloud-based solution is designed to help organizations with their cybersecurity by using the following features:
🧰 Ability to deploy and scale within minutes: Facilitate turnkey firewall security capabilities in Azure Virtual Network to control and log access to apps and resources. Azure Firewall supports filtering for both inbound and outbound traffic, internal spoke-to-spoke connections, and hybrid connections through Azure VPN and ExpressRoute gateways.
➡️ Benefit: Streamline implementation and management of your network security with a scalable and highly available cloud native firewall.
⚙️ Integrated management: Get advanced threat protection that meets the needs of highly sensitive and regulated environments. Azure Firewall taps into real-time security signals from a comprehensive range of sources using Microsoft threat intelligence to protect against evolving threats and zero-day vulnerabilities.
➡️ Benefit: Central hub to manage security across all virtual networks with a uniform set of network and application rules.
⚠️ Threat intelligence–based filtering: The intrusion detection and prevention system (IDPS) capability utilizes signatures to constantly monitor activities, create alerts, log information, and optionally attempt to block the attack. It can detect attacks in all ports and protocols for non-encrypted traffic. Encrypted traffic utilizes the TLS inspection capability for decryption.
➡️ Benefit: Facilitate real-time alerts and reject traffic from/to known malicious IP addresses and domains.
🔒Full visibility and security: Azure Firewall deciphers outbound traffic, performs required security checks, and then encrypts the traffic to the destination. It works together with web categories and URL filtering by empowering administrators to allow or deny user access to website categories such as social media or gambling.
➡️ Benefit: Transport Layer Security (TLS) inspection inhibits malware from being spread through encrypted connections.
Microsoft Azure Firewall comes in two different versions: Standard & Premium
Azure Firewall Standard delivers L3-L7 filtering and threat intelligence feeds directly from Microsoft Cyber Security. Threat intelligence-based filtering can alert and deny traffic from/to known malicious IP addresses and domains which are updated in real time to protect against new and emerging attacks.
*Infographic showing the capabilities of Microsoft Azure Firewall (Standard)
Here are a few of its features:
• Unrestricted cloud scalability
• Built-in high availability
• Availability Zones
• Application FQDN filtering rules
• Network traffic filtering rules
Click here to learn more about these features for the Azure Firewall Standard version.
Azure Firewall Premium provides advanced capabilities include signature-based IDPS to allow rapid detection of attacks by looking for specific patterns. These patterns can include byte sequences in network traffic, or known malicious instruction sequences used by malware. There are more than 58,000 signatures in over 50 categories which are updated in real time to protect against new and emerging exploits. The exploit categories include malware, phishing, coin mining, and Trojan attacks.
*Infographic showing the capabilities of Microsoft Azure Firewall (Premium)
Here are a few of its features:
• TLS inspection - decrypts outbound traffic, processes the data, then encrypts the data and sends it to the destination.
• IDPS - A network intrusion detection and prevention system (IDPS) allows you to monitor network activities for malicious activity, log information about this activity, report it, and optionally attempt to block it.
• URL filtering - extends Azure Firewall’s FQDN filtering capability to consider an entire URL. For example, www.contoso.com/a/c instead of www.contoso.com.
• Web categories - administrators can allow or deny user access to website categories such as gambling websites, social media websites, and others.
Click here to learn more about these features for the Azure Firewall Premium version.
Take a look below to learn more about the importance of using the Policy Analytics feature within Microsoft Azure Firewall.
How does the Policy Analytics feature work within Microsoft Azure Firewall?
Due to the constant evolution in network security policies (which are updated as much as several times a day), Azure Firewall network and application rules can grow over time and its management quality can drop, impacting the firewall performance and security. For example, high volume and frequently hit rules can be unintentionally prioritized lower by the system. In certain cases, applications are hosted in a network that has been migrated to a different network without any update to the firewall rules that reference older networks.
It can be a daunting tasking for any IT team to keep optimizing its Firewall rules. Especially for large, geographically dispersed organizations, optimizing Azure Firewall policy can be manual, complex, and involve multiple teams across the world. Updates can be risky and potentially have a negative impact on a critical production workload which can cause serious downtime for your IT team.
To help address this issue, the Policy Analytics feature was created to assist IT teams with managing their Azure Firewall rules over time. It provides critical insights and recommendations for optimizing Azure Firewall rules with the goal of strengthening your security posture. This feature for Azure Firewall is now in preview.
The Policy Analytics feature helps IT teams address these challenges by providing visibility into traffic flowing through the Azure Firewall. Key capabilities available in the Azure Portal include:
🔘 Policy insight panel: Aggregates policy insights and highlights policy recommendations to optimize your Azure Firewall policies.
🔘 Rule analytics: Displays traffic flows mapped to destination network address translation (DNAT), network, and application rules. This provides enhanced visibility of all the flows matching a rule over time. You can analyze rules across both parent and child policies.
🔘 Single-rule analysis: The single-rule analysis experience analyzes traffic flows matching the selected rule and recommends optimizations based on those observed traffic flows.
🔘 Firewall flow logs: Displays all traffic flowing through the Azure Firewall alongside hit rate and network and application rule match. This view helps identify top flows across all rules. You can filter flows matching specific sources, destinations, ports, and protocols.
Want to learn more about the Policy Analytics feature? Watch this video for a detailed walkthrough.
Learn more about how Microsoft Azure can improve your organization’s cybersecurity
Not sure how Microsoft Azure can aid your organization in improving its digital security? Check out our free course on Microsoft Azure brought to you by our new ProServeIT Academy.
This course has 4 informative classes, delivered online by our in-house Microsoft Azure expert and is designed for IT leaders and professionals. See our list of classes below:
Class 01: Plan Your Azure Environment with the Cloud Adoption Framework ☁️
There’s an adage that goes, “measure twice, cut once” when talking about building and construction. The same principle applies to planning your Azure cloud environment. By building a solid foundation, you can structure it to easily support your business in the future.
In this class, we’ll explore:
• The importance of landing zones
• Operational best practices
• Governance considerations and principles
Learn how you can use the cloud adoption framework to create an Azure foundation that will meet all your identity, security, and networking requirements. Remember, it’s easier to renovate an empty house than one with furniture.
The recording for this class is now available online. Register for this course to access the video today!
Class 02: Migrating to the Cloud with Azure ⚙️
This class will help you to complete your first migration to Azure and ensure that your critical business operations continue to run during the process.
In this class, we’ll discuss:
• Leveraging Azure tools
• The migration process
• Testing and validating the Azure experience
Join Bill to start your Azure migration journey on a solid footing.
The recording for this class is now available online. Register for this course to access the video today!
Class 03: Desktop Experiences - Azure Virtual Desktop & Windows 365 🖥️
With hybrid work, remote work, and the use of employees’ personal devices commonplace for many businesses, achieving a consistent online desktop experience can be a challenge.
In this class, we’ll explore how Azure Virtual Desktop and Windows 365 can provide great user performance experiences while safeguarding your organization’s intellectual property and confidential data.
- When: Wednesday, November 2nd, 2022
- Duration: 2:00PM - 3:00PM ET (1 hour)
- Course Delivered: Online
Class 04: Azure Management with Azure Arc 🗄️
We’ll delve into use cases for both scenarios so you can decide if you would like to use one or both in your organization.
Microsoft’s Azure Arc is an inexpensive way to manage all your hybrid and multi-cloud environments no matter where they reside.
In this class, we’ll discuss:
• How Azure Arc can help you build applications and services to run across data centres and in multi-cloud environments
• How Azure Arc can help you manage a consistent operations and security model
• How you can use the latest cloud innovations to manage your data workloads
Join Bill to learn how your organization can free up time from day-to-day activities and focus on value-add and strategic projects.
- When: Wednesday, December 7th, 2022
- Duration: 2:00PM - 3:00PM ET (1 hour)
- Course Delivered: Online
Click here to register for the Azure Course!
Conclusion
Dedicated vigilance is important to an organization’s continued cybersecurity. Microsoft Azure Firewall, part of the Azure Security Center suite, is a cloud-based security service that helps protect your applications and resources from malicious attacks. The Policy Analytics feature in particular can help you gain insights into how your traffic flows through Azure, so you can identify and address any potential vulnerabilities.
Interested in getting started with Microsoft Azure for your cybersecurity? Discover how our ProServeIT team of experts can help by clicking this link today.
