Home
computing

Defend against DDoS attacks with Azure DDoS IP Protection | Azure blog and updates

Wireless

Distributed Denial of Service (DDoS) attacks continue to rise as new attack technologies and threats emerge. With DDoS attacks becoming more frequent, it is important for organizations of all sizes to be proactive and stay protected all year long. Small and Medium Enterprises (SMBs) face the same risks as large organizations although they are more vulnerable because they often lack specialized resources and expertise.

We are committed to providing security solutions to all of our customers. We’re announcing the general availability of the Azure DDoS IP Protection SKU, a new Azure DDoS Protection SKU designed to meet the needs of small and medium businesses.

Enterprise-grade DDoS protection at an affordable price

Azure DDoS IP Protection provides enterprise-grade DDoS protection at an affordable price. It provides the same core capabilities as Azure DDoS Network Protection (formerly Azure DDoS Protection Standard) to protect your resources and applications from sophisticated DDoS attacks. Customers also have the flexibility to enable protection on individual public IP addresses.

DDoS protection is a must today for critical websites. Azure DDoS Protection provides comprehensive protection even though the current SKU for network DDoS protection is out of the question for a small business. We are pleased that our IP DDoS Protection SKU provides the same level of protection as our network protection SKU at an affordable price and the flexibility to protect individual public IP addresses.Derk van der Woude, CTO, Nedscaper.

We are excited that the DDoS IP Protection SKU provides cost-effective, enterprise-grade DDoS protection for customers who have smaller cloud environments with only a few public IP endpoints in the cloud.Markus Lentoala, Senior Technical Advisor, Elisa.

Key features of Azure DDoS IP Protection

  • Tremendous mitigation ability and range- Defend your workloads against the largest and most sophisticated attacks with cloud-scale DDoS protection powered by the global Azure network. This ensures that we can mitigate the largest reported attacks in history and thousands of daily attacks.
  • Protection from attack vectors DDoS IP protection mitigates volumetric attacks that flood the network with a large amount of seemingly legitimate traffic. They include UDP floods, inflationary floods, and other spoofed packet floods. DDoS IP Protection mitigates these potential multi-gigabyte attacks by absorbing and filtering them, with the scale of Azure’s global network, automatically. It also protects against protocol attacks that might render a target unreachable, by exploiting a weakness in the Layer 3 and Layer 4 protocol stack. They include SYN flood attacks, reflection attacks, and other protocol attacks. DDoS IP protection mitigates these attacks, and differentiates between malicious and legitimate traffic, by interacting with the client, and blocking malicious traffic. Resource (application) layer attacks target web applications and include HTTP/S flooding, downstream and slow attacks. Use Azure Web Application Firewall to defend against these attacks.
  • Native integration in Azure portal- DDoS IP Protection is natively integrated into Azure Gateway for easy setup and deployment. This level of integration enables IP DDoS Protection to automatically identify and configure Azure resources.
  • seamless protection- DDoS IP protection keeps your resources running smoothly. There is no need to deploy anything in the Azure Virtual Network (VNet), or to change the existing network architecture. DDoS is deployed as an overlay on top of existing network services.
  • Adaptive Adjust- Protect your applications and resources while minimizing false negatives with adaptive policing that adjusts based on your application’s actual traffic metric and patterns. Applications running in Azure are inherently protected by DDoS protection at the virtual infrastructure level. However, the protection that protects the infrastructure has a much higher threshold than most applications can handle, so while that amount of traffic might be seen as harmless by the Azure platform, it could be devastating to the application that receives it. Adaptive tuning ensures that your applications are protected when application-targeted attacks go undetected with Azure DDoS infrastructure-level protection offered to all Azure customers.
  • Attack analytics, metrics, and logging- Monitor DDoS attacks in near real time and quickly respond to attacks with visibility into the attack lifecycle, vectors, and mitigation. With DDoS IP Protection, customers can monitor when an attack occurred, gather statistics on mitigation, and view detection thresholds set by the adaptive tuning engine to ensure they are consistent with predicted traffic baselines. Diagnostic logs provide deep insight into attack insights, allowing customers to investigate attack vectors, traffic flows, and mitigations to support their DDoS response strategy.
  • Integration with Microsoft Sentinel and Microsoft Defender for Cloud– Strengthen your security posture with rich attack analytics and telemetry integrated with Microsoft Sentinel. We offer a Sentinel solution that includes comprehensive analytics and alert rules to support customers in their Security, Automation, and Response (SOAR) orchestration strategy. Customers can set up and view security alerts and recommendations from Defender for Cloud.

Virtual network with Azure Firewall and WAF protected by new DDoS IP Protection SKU

Choose the right Azure DDoS Protection SKU for your needs

Azure DDoS Protection is available in two SKUs:

  • DDoS IP protection Recommended for SMB customers with few public IP resources who need a comprehensive DDoS protection solution that is fully managed, easy to deploy, and monitor.
  • DDoS Network protection Recommended for larger enterprises and organizations looking to protect their entire deployment that spans multiple virtual networks and includes many public IP addresses. It also provides additional features such as cost protection, fast DDoS response, and discounts on Azure Web Application Firewall.

Let’s see a detailed comparison of these two SKUs:

Table comparing DDoS Network Protection features against DDoS IP Protection SKUs

start

DDoS IP Protection can be enabled from the public IP address resource overview code.

Figure showing how to enable a DDoS IP Protection SKU on a public IP resource via Azure Gateway

Protection status on the Properties tab shows whether the resource is protected against DDoS, and what type of protection it is (either network protection or IP protection).

Figure showing how to view the DDoS protection status and type for a public IP resource via Azure Gateway

For more information about DDoS IP protection, see the Azure DDoS IP Protection documentation.

Azure DDoS IP Protection pricing

With DDoS IP Protection, you only pay to protect public IP resources. The cost is a fixed monthly amount per protected public IP resource with no additional variable costs. For more details on pricing, visit the Azure DDoS Protection pricing page.

next steps

Source link

#computing

Post a Comment

© Techspiro1 ‧ All rights reserved. Theme ByPremium Blogger Templates
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.