Microsoft announced last week that it was integrating Azure Security Center with its Web Application Firewall (WAF) to give its business customers better security.
Shalini Pasupneti, senior program manager, Microsoft, wrote in a blog post that web applications are under increasing threat of attacks such as application DDoS, cross-site scripting and SQL injection. Guarding against them requires rigorous maintenance and patching at numerous layers of application topology.
“Microsoft Web Application Firewall and Azure Security Center can help secure web applications against such vulnerabilities”, Pasupneti wrote.
Azure Security Center continually scans Azure resource for vulnerabilities and suggests mitigation procedures, while Microsoft WAF is part of the Azure Application Gateway, which protects web applications against common security exploits that deploy OWASP core rule sets. A centralized WAF simplifies security management and can react faster to a security threat by patching a known vulnerability at a central location instead of securing each individual web application. Existing application gateways can be easily converted to a WAF enabled application gateway.
In Pasupneti’s post, she discussed the vulnerabilities possible in web applications that are not protected by WAF. She said, “Currently, Azure Security Center recommends a WAF deployment for public-facing IPs that have an associated network security group with open inbound web ports. Azure Security Center offers provisioning of application gateway WAF to an existing Azure resource as well as adding a new resource to an existing web application firewall. By integrating with WAF, Azure Security Center can analyse its logs and surface important security alerts”.
Pasupneti, however, did point out that there might be exceptions to the rule such as the application owner already configuring WAF as part of the app deployment, or the security admin not having permission to provision WAF from ASC. In order to also protect devices in these instances, Azure Security Center now also automatically discovers non-ASC provisioned Microsoft WAF instances. Connecting existing Microsoft WAF deployments is intended to let customers take advantage of ASC detections irrespective of how WAF was provisioned.
Various additional configuration settings are also now available in the WAF console, for instance, custom firewall rules.
Microsoft issued a set of guidelines for configuring the new set-up of Microsoft WAF.