Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/18/2021
02:46 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Microsoft Azure Front Door Gets a Security Upgrade

New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.

Microsoft today is launching Azure Front Door Standard and Premium in preview with two new SKUs that add threat detection, application security, and additional security protections to the content delivery network (CDN).

Related Content:

How to Better Secure Your Microsoft 365 Environment

Special Report: Understanding Your Cyber Attackers

New From The Edge: Breach Etiquette: How to Mind Your Manners When It Matters

Azure already offers two edge networking tools: Azure Front Door, which focuses on global load-balancing and site acceleration, and Azure CDN Standard, which offers static content caching and acceleration. The new Azure Front Door brings together security with CDN technology for a cloud-based CDN with threat protection and additional capabilities. 

These updates stem from Microsoft's efforts to bring zero-trust principles to businesses using Azure network security tools, says Ann Johnson, Microsoft's corporate vice president of Security, Compliance, and Identity (SCI) Business Development. Its zero-trust strategy has underpinned several initiatives as it believes this is how companies will become more secure.

Johnson uses three principles to describe zero trust, the first of which involves adopting explicit verification for every transaction during a session: "So not just verifying the human, but the device, the data, the location, if it's an IoT device, the application – everything that happens in the session should be verified and anomalous behavior should be flagged," she explains.

The second principle is ensuring least privilege access. Many organizations still provide too much privileged access to employees, Johnson says. One of the steps Microsoft is taking with its content and application delivery is implementing more controls around access. 

The third principle: "Then, finally, assume you've been breached," she says. Assumed breach is a topic the security industry has discussed for years, but with zero trust, they have to assume they have been breached, and that anything within the organization could potentially be breached.

These principles have grown essential as application-delivery networks undergo a massive transformation to the cloud, Johnson explains. The new capabilities in Azure Front Door aim to provide organizations with one platform that meets availability, scalability, and security needs.

The new Azure Front Door SKU offers both static and dynamic content acceleration, global load-balancing, SSL offload, domain and certificate management, improved traffic analytics, and basic security capabilities, Microsoft writes in a blog post. The Azure Front Door Premium SKU builds on these with more security capabilities: Web application firewall (WAF), bot protection, private link support, and integration with Microsoft threat intelligence and security analytics.

In addition to supporting all the features available via Azure CDN Standard, Azure Front Door, and Azure Web Application Firewall, the new standard and premium SKUs bring a few new capabilities, Microsoft officials write in a blog post. These include a simplified user experience, simplified management experience, and TLS certificate management: both standard and premium SKUs offer Azure managed TLS certificates by default for all custom domains at no additional cost. More details on the capabilities of standard and premium can be found here

"I'm encouraging our customers to encrypt all their communication channels across the cloud and hybrid networks," says Johnson. "This means they would need to secure user to app, and site to site, and we have leading encryption capabilities such as TLS within our VPN." 

A Proactive Approach

She notes today's updates are not a reaction to attacker activity, but a proactive step given how businesses have transitioned to the cloud in recent years; especially in 2020. As Microsoft CEO Satya Nadella said last April, "We've seen two years' worth of digital transformation in two months."

"They're moving a ton of apps … and they need to deliver them globally, at scale, and we want to make sure we can do that from an app delivery standpoint, and an API standpoint, or even a website standpoint in a secure manner." The ability of Azure Front Door to combine security and CDN creates an opportunity to improve the way businesses deploy and secure content. 

While there are cloud network security vendors with "a range of maturity in their solutions," Johnson notes that everyone is playing "just a little bit of catchup" because businesses are moving to the cloud faster than many network security capabilities can be built. Some Microsoft customers say that even after the pandemic slows, they will keep roughly half of their employees at home, Johnson says.

"That just means they're going to continue to operate in the way that they do," she continues. "And that need to move so many applications so quickly to the cloud … really drove the need to improve solutioning in this space."

Businesses that already subscribe to Microsoft's network security capabilities, depending on which they have, will automatically be able to try the SKUs in preview. Those who don't use Microsoft for CDN and some of these capabilities will need to subscribe, Johnson says.

This week Microsoft also announced Azure Firewall Premium is now available in preview, which is designed to provide next-gen firewall capabilities required for sensitive and regulated environments. This release brings capabilities including TLS inspection, a signature-based intrusion detection and prevention system (IDPS), URL filtering, and the ability for admins to filter outbound user access to the Internet based on specific Web categories. More details here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.