Azure already supports a large number of these controls—those dealing with physical access to data storage facilities, network security, and the security of servers. Under the shared responsibility security model, departments and agencies are required to implement measures to satisfy the remaining controls relevant to data and application security.
Trend Micro Deep Security—a leading solution for securing physical, virtual, and hybrid data centers—includes host-based capabilities that support compliance with many of these controls.
Read about Deep Security for FedRAMP Compliance
All or nothing is a really bad strategy for securing your Microsoft Azure workloads. You need to know exactly what it is that you must secure. But you can’t do it alone. Microsoft provides robust physical security, network infrastructure, and virtualization layer. Ideally, you will match their excellence with equally robust security for your workloads, including operating system, applications, and data.
But there’s a small catch. If you try to use traditional security to protect your applications and data in the cloud, you risk slowing your Azure project with needless complexity. There’s a simpler and more effective solution: Security that is built for the cloud is easier to deploy in the cloud and works better to secure the cloud. But even then, the way you deploy it can impact your entire project. You have to be careful not to do anything that makes security stand between you and your success in the cloud.
Bake security into your project from the get goFirst, start thinking about security very early in the game. The earlier the better. Baking security into your strategy from the get go is the best way to ensure full coverage when your deployment is complete. That includes thinking about implementing the proper controls, such as who has access to the Azure Management Portal, how designated administrators will access cloud resources, and what you need to do to maintain restrictive network policies.
Monitor traffic in and out of your cloudNow that’s a great start. But you’ll still need to be sure that your applications remain secure during day-to-day usage. That’s where host-based IPS systems come in. They’ll help you ward off unauthorized access by monitoring incoming traffic to make sure it’s legitimate. Plus, vulnerability shielding functionality will help you keep all workloads up to date. Implementing virtual patches on templates helps you avoid the hassles of patching live workloads.
Detect threats early in the gameBut your job is never really done. You still need to find ways to monitor your security posture to uphold continuous integrity of critical system files, application configuration files, and application logs. Sure Azure provides monitoring. But you need every advantage in getting a jump on the attackers. And host-based integrity monitoring will provide an earlier indication of compromised systems.
Be prepared to act fast if you have toAnd in the unlikely event that you reveal an attack, you need to be prepared to act quickly to isolate the infected server, identify the cause, and begin repair. Only then can you restore service as quickly as possible. Azure is built to help you improve your incident response. To speed your time to protect, you’ll also want to take advantage of vulnerability assessments and penetration testing to discover as many vulnerabilities as possible before an attacker can use them against you.
Get started nowWant to dive deeper? Get more specifics on the ways you can get the security you need for your Azure project without slowing you down. Trend Micro has created a new white paper that outlines the top 10 security actions you can take to accelerate your application protection within Azure.
Disable Monitor Responses from Web Server
To improve performance on your Web Servers, the ‘Monitor responses from Web Server’ setting may be disabled. When disabled, the DPI engine will not inspect web server response traffic. This would typically result in improved performance, especially for large responses.
Web client requests incoming to the server are still inspected by the DPI engine when this option is unchecked, and DPI rules which protect the web server and web application from malicious attacks are not affected by setting.
- Open up any Policy
- Click on Intrusion Prevention (on the left)
- Click on “Assign/Unassign…” button
- From the top dropdown menus select the following options:
- Web Application Protection
- By Application Type
- Find the “Web Server Common” section (I believe it should be second on the list and reference 22 rules)
- You now have to click on where it says “Web Server Common” (it will highlight all of the rules) à Then right click (again, you must right click where it says “Web Server Common”
- Select the “Application Type Properties…” option
- Click on the Configuration tab
- Uncheck the “Default” checkbox
- Uncheck “Monitor responses from Web Server” checkbox:
Congratulations you’ve successfully disabled the monitor responses from Web Server!