News Blog /

Intelligent application protection for ISVs with Azure Web Application Firewall 

by Spanish Point - May 5, 2022

Changes to how we work and operate have driven digital transformation. This acceleration in digital transformation has led to an increase in security risks. Cyberattacks are becoming more advanced & commonplace. These attacks are paralleled with growing attack surfaces due to the proliferation of mobile and IoT devices and increasing cloud adoption. Simple protective measures are no longer sufficient. To help ISVs address these security challenges, Microsoft have been evolving Azure Web Application Firewall (Azure WAF), a cloud-native, self-managed security service protecting your applications and APIs running in Azure or anywhere else—from the network edge to the cloud. 

Application and API protection 

Microsoft have improved security around their Application and API protection by implementing new rulesets which increase coverage for web vulnerabilities, reduce false positives, and protect against specific vulnerabilities. They have also increased size limits with CRS 3.2, regional WAF (which can now support request body size inspection up to 2MB and file upload size up to 4GB.) 

Azure WAF on Azure Front Door and Azure Application Gateway also now seamlessly integrate with Azure API Management to provide advanced API management and security features. 

Bot protection 

Bot protection with Bot Manager 1.0 ruleset is available through integration with the Azure Front Door Premium tier. Microsoft’s bot detection and protection rules are based on Microsoft Threat Intelligence, supporting bot classification for good, bad, and unknown bots. Bad bots include bots from malicious IP addresses/bots that have falsified identities. Malicious IPs are provided by Microsoft’s Threat Intelligence feed, based on feeds from external providers and internal threat intel. For good bots, WAF uses reverse DNS lookups to validate if the user-agent and IP address range match what the agent claims it to be. 

Performance and scale with the next generation of WAF engine 

The general availability WAF engine on Azure Application Gateway has been announced. The new WAF engine, released with CRS 3.2, is a high-performance, scalable Microsoft proprietary engine and has many improvements over the previous WAF engine. 

Benefits of the new Azure WAF engine include: 

  • An improved performance with a reduction in WAF latencies.  
  • Increased scale with up to 8 times more RPS with identical compute power, ability to process 16 times larger requests 
  • New engine redisgn with regex processing offering better protection from RegEx DoS attacks 
  • New features will be available through the new engine & later versions of CRS 3.2. 
  • New features and future enhancements will be available through the new engine and the later versions of CRS. Customers are encouraged to move to CRS 3.2 version 

Management and monitoring 

Now, you can access new Azure Monitor metrics on regional WAF for more effective monitoring.  Microsoft Sentinel integration allows security analysts to analyze and correlate data from other sources, detect threats, and automate incidence response. Security reports on Azure Front Door also provide powerful visualization of WAF patterns, trends by action, and events by rule types and rule groups.  

With Azure WAF integration with Azure Firewall Manager integration, customers will be able to manage WAF policies at scale for applications hosted on Azure Front Door and Azure Application Gateway platforms. 

Get started and share your feedback 

SMART AIM is a set of tools and processes to accelerate ISVs migration to the Cloud. It allows ISVs achieve more with Azure. SMART AIM (Application Innovation & Migration) starts with a cloud migration roadmap that produces a prioritised list of phased work packages for an Azure cloud migration and/or deployment. If you may be interested, click here to find out more.