Azure Firewall Gets Threat Intelligence Perks
Azure Firewall, Microsoft's firewall-as-a-service security offering for organizations using Azure virtual machines, is getting several improvements that tap the company's Threat Intelligence service.
Specifically, Azure Firewall can now screen network traffic based on "malicious IP addresses and domains" as assessed by Threat Intelligence feeds, Microsoft announced Monday.
Azure Firewall, which became generally available back in September, is described in this Microsoft document as using filtering rules for things like "source and destination IP address, port and protocol," which get used to protect Azure virtual network resources. The Threat Intelligence service, meanwhile, is powered by signals from the Microsoft Intelligent Security Graph, as well as assessments by security researchers.
Microsoft has now turned on its Threat Intelligence service feeds by default "for all Azure Firewall deployments," according to the announcement, although IT pros can adjust its behavior.
Azure Firewall is integrated with Azure Monitor, Microsoft's management solution. Consequently, the added Microsoft Threat Intelligence information can be viewed in Azure Monitor dashboards, showing things like compromised virtual machines and blocked port scans, according to Microsoft's announcement.
A second addition to Azure Firewall is support for "service tags" to simplify the creation of network rules. Microsoft described a service tag as "a group of IP address prefixes for specific Microsoft services, such as SQL Azure, Azure Key Vault and Azure Service Bus." Microsoft lists the service tags that are currently supported in Azure Firewall in this document.
Lastly, Microsoft noted that a REST-based API for Azure Firewall can be tapped by non-Microsoft ("third party") software security management tools. The API can be used by those tools to manage "Azure Firewalls, Network Security Groups and network virtual appliances." Currently, the AlgoSec CloudFlow management product supports the API at the public beta stage. Security management products from Barracuda and Tufin also support the Azure Firewall API, but the support is currently at the private beta stage.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.