With Microsoft’s release of Application Gateway Web Application Firewall (or WAF), you now have an additional layer of defense built into your Application Gateway against network-based attacks.
When you’re looking to secure your workloads, you should build your defenses in layers to avoid any single weak point. The goal is to stop any attacks as far from your data as possible. This approach lowers your risk as it provides multiple controls the opportunity to detect and prevent an attack.
Protection for WAF is applied at each Application Gateway meaning that these attacks never reach your Azure VMs.
This is a great first line of defense for your web applications. It includes protection against malicious sessions, HTTP DoS sessions, and covers the majority of the OWASP Top 10.
Check out the Microsoft Azure Website for more information about WAF capabilities.
For more complex attacks, Deep Security’s intrusion prevention capabilities fit the bill. Deep Security monitors all network traffic to your instances and can detect and stop attacks before they reach your applications. Deep Security can also do protocol enforcement and drop unknown or non-conforming traffic which can help protect your workloads from new attacks. Not just for web apps, your operating system is also protected from exploit and vulnerabilities as well.
Working together, Microsoft Azure’s Application Gateway WAF and Deep Security provide your web applications a strong, layered defense.
To learn more about how Deep Security can help solve your security needs within Azure, contact us at firstname.lastname@example.org