Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/18/2021
02:46 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Microsoft Azure Front Door Gets a Security Upgrade

New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.

Microsoft today is launching Azure Front Door Standard and Premium in preview with two new SKUs that add threat detection, application security, and additional security protections to the content delivery network (CDN).

Related Content:

How to Better Secure Your Microsoft 365 Environment

Special Report: Understanding Your Cyber Attackers

New From The Edge: Breach Etiquette: How to Mind Your Manners When It Matters

Azure already offers two edge networking tools: Azure Front Door, which focuses on global load-balancing and site acceleration, and Azure CDN Standard, which offers static content caching and acceleration. The new Azure Front Door brings together security with CDN technology for a cloud-based CDN with threat protection and additional capabilities. 

These updates stem from Microsoft's efforts to bring zero-trust principles to businesses using Azure network security tools, says Ann Johnson, Microsoft's corporate vice president of Security, Compliance, and Identity (SCI) Business Development. Its zero-trust strategy has underpinned several initiatives as it believes this is how companies will become more secure.

Johnson uses three principles to describe zero trust, the first of which involves adopting explicit verification for every transaction during a session: "So not just verifying the human, but the device, the data, the location, if it's an IoT device, the application – everything that happens in the session should be verified and anomalous behavior should be flagged," she explains.

The second principle is ensuring least privilege access. Many organizations still provide too much privileged access to employees, Johnson says. One of the steps Microsoft is taking with its content and application delivery is implementing more controls around access. 

The third principle: "Then, finally, assume you've been breached," she says. Assumed breach is a topic the security industry has discussed for years, but with zero trust, they have to assume they have been breached, and that anything within the organization could potentially be breached.

These principles have grown essential as application-delivery networks undergo a massive transformation to the cloud, Johnson explains. The new capabilities in Azure Front Door aim to provide organizations with one platform that meets availability, scalability, and security needs.

The new Azure Front Door SKU offers both static and dynamic content acceleration, global load-balancing, SSL offload, domain and certificate management, improved traffic analytics, and basic security capabilities, Microsoft writes in a blog post. The Azure Front Door Premium SKU builds on these with more security capabilities: Web application firewall (WAF), bot protection, private link support, and integration with Microsoft threat intelligence and security analytics.

In addition to supporting all the features available via Azure CDN Standard, Azure Front Door, and Azure Web Application Firewall, the new standard and premium SKUs bring a few new capabilities, Microsoft officials write in a blog post. These include a simplified user experience, simplified management experience, and TLS certificate management: both standard and premium SKUs offer Azure managed TLS certificates by default for all custom domains at no additional cost. More details on the capabilities of standard and premium can be found here

"I'm encouraging our customers to encrypt all their communication channels across the cloud and hybrid networks," says Johnson. "This means they would need to secure user to app, and site to site, and we have leading encryption capabilities such as TLS within our VPN." 

A Proactive Approach

She notes today's updates are not a reaction to attacker activity, but a proactive step given how businesses have transitioned to the cloud in recent years; especially in 2020. As Microsoft CEO Satya Nadella said last April, "We've seen two years' worth of digital transformation in two months."

"They're moving a ton of apps … and they need to deliver them globally, at scale, and we want to make sure we can do that from an app delivery standpoint, and an API standpoint, or even a website standpoint in a secure manner." The ability of Azure Front Door to combine security and CDN creates an opportunity to improve the way businesses deploy and secure content. 

While there are cloud network security vendors with "a range of maturity in their solutions," Johnson notes that everyone is playing "just a little bit of catchup" because businesses are moving to the cloud faster than many network security capabilities can be built. Some Microsoft customers say that even after the pandemic slows, they will keep roughly half of their employees at home, Johnson says.

"That just means they're going to continue to operate in the way that they do," she continues. "And that need to move so many applications so quickly to the cloud … really drove the need to improve solutioning in this space."

Businesses that already subscribe to Microsoft's network security capabilities, depending on which they have, will automatically be able to try the SKUs in preview. Those who don't use Microsoft for CDN and some of these capabilities will need to subscribe, Johnson says.

This week Microsoft also announced Azure Firewall Premium is now available in preview, which is designed to provide next-gen firewall capabilities required for sensitive and regulated environments. This release brings capabilities including TLS inspection, a signature-based intrusion detection and prevention system (IDPS), URL filtering, and the ability for admins to filter outbound user access to the Internet based on specific Web categories. More details here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...