We are announcing the general availability release of Microsoft Azure Firewall Premium.
Key features in this release include:
1. TLS inspection: Azure Firewall Premium terminates outbound and east-west transport layer security (TLS) connections. Inbound TLS inspection is supported in conjunction with Azure Application Gateway allowing end-to-end encryption. Azure Firewall performs the required value-added security functions and re-encrypts the traffic which is sent to the original destination.
2. IDPS: Azure Firewall Premium provides signature-based intrusion detection and prevention system (IDPS) to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic or known malicious instruction sequences used by malware.
3. Web categories: Allows administrators to filter outbound user access to the internet based on categories (for example, social networking, search engines, gambling, and so on), reducing the time spent on managing individual fully qualified domain names (FQDNs) and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
4. URL filtering: Allow administrators to filter outbound access to specific URLs, not just FQDNs. This capability works for both plain text and encrypted traffic if TLS inspection is enabled.
Azure Firewall Premium benefits
Azure Firewall Premium provides advanced threat protection that meets the needs of highly sensitive and regulated environments, such as the payment and healthcare industries. Organizations can leverage Premium stock-keeping unit (SKU) features like IDPS and TLS inspection to prevent malware and viruses from spreading across networks in both lateral and horizontal directions. To meet the increased performance demands of IDPS and TLS inspection, Azure Firewall Premium utilizes a more powerful Virtual Machine SKU. Like Standard SKU, the Premium SKU can seamlessly scale up to 30 Gbps and integrates with availability zones to support the service level agreement (SLA) of 99.99 percent. The Premium SKU complies with Payment Card Industry Data Security Standard (PCI DSS) environment needs.
To simplify migration for Standard SKU customers, we used a common configuration approach using Azure Firewall Policy. This approach allows reusing existing API integration with minimal changes and continues managing Azure Firewall using Firewall Manager. Customers using firewall rules (Classic) will take an additional step for the migration to Azure Firewall Policy first. Azure Firewall Policy offers several advantages such as sharing common configuration across multiple firewalls, grouping rules using rule collection groups, and managing rules over time using policy analytics (Private Preview).
The Azure Firewall Premium SKU is optimally priced to provide the best value for state-of-the-art cloud-native firewall service. Premium SKU, with its advanced threat protection capabilities, offers compelling reasons to migrate on-premise high-security perimeter networks to the cloud. This approach helps avoid latency incurred back-hauling internet traffic to on-premises perimeter networks.
0 comments:
Post a Comment