Microsoft has released a new Azure DDoS Protection solution for Microsoft Sentinel. The new service leverages Azure DDoS Protection logs to automatically track and block DDoS sources to mitigate sophisticated attacks.
Microsoft Sentinel is a cloud-based security solution that allows security teams to detect and mitigate threats, monitor security events, and analyze data in their environments. It also offers intelligent security analytics to help organizations improve overall security posture. Moreover, Azure DDoS Protection is a security feature that protects against distributed denial of service (DDoS) attacks at the network level.
“Microsoft Sentinel and Azure DDoS Protection services offer rich integration to easily ingest DDoS Protection logs and view and analyze this data in Sentinel to create custom alerts and improve their security posture, investigation, and response processes. Specifically, customers can correlate DDoS smokescreen attacks with events from different sources to detect advanced attacks, such as data theft, and to automatically block them,” Microsoft explained.
Microsoft explained that its new Azure DDoS Protection solution comes with three major components. First up, it includes an Azure DDoS Protection data connector and workbook. Moreover, the solution provides alert rules to help security teams find the source DDoS attackers. There is also a Remediation IP Playbook that lets IT admins automatically create remediation in Azure Firewall for blocking them.
Overall, this release should make it easier for organizations to protect their apps and resources against sophisticated DDoS attacks (such as smokescreen attacks). If you’re interested, you can follow this step-by-step guide to deploy the new solution in your organization.
At launch, Microsoft Sentinel’s new Azure DDoS Protection is available for Azure Firewall and third-party firewall products. However, Microsoft plans to add support for Azure Web Application Firewall later this year.