Azure DDoS Protection For Virtual Networks is now Available!

Azure DDoS Protection for Virtual Networks is now available for the public!

This feature has been introduced by Microsoft to help defend customers azure networks against DDoS attacks. DDoS attacks were designed to disrupt networks by exhausting their resources by sending information requests constantly and a lot of them. Customers have said that DDoS attacks are one of their biggest concerns about moving their applications to the cloud, DDoS attacks have been constantly increasing in scale and are one of the most common attacks due to how cheap and easy it is to do.

Statistics show that DDoS attacks have gone up over 360% in the last quarter of 2017, this includes an attack on the website GitHub which is the biggest recorded DDoS attack so far. As the attacks start to become more sophisticated Microsoft have started to commit a lot more in order to stop them.

What Azure DDoS Protection Services offerings are there?

Azure has two main service offerings that provide protection against layer 3 and 4 attacks, these services include:

Azure DDoS Protection Service basic

This is the basic layer of protection that is integrated into Azure for all customers at no cost. Due to the scale and capability of the Azure network they can provide protection against attacks using always on traffic monitoring and real time mitigation. No configuration or set up is required for this feature. Microsoft have also said this protects against the most common layer 7 DNS floods and  volumetric attacks, this service also has a track record of protecting Microsoft’s enterprise against attacks.

Azure DDoS Standard Protection Service

This service provides enhanced DDoS mitigation capabilities for applications deployed in customers virtual networks. This layer of protection is easy to enable on customer environments and requires no changes to applications. DDoS protection standard uses machine learning to configure DDoS protection policies. Attack telemetry is available through Azure Monitor, enabling alerting when their applications are under attack. Integrated Layer 7 application protection is also enabled by default. Some of the Standard Protection Service features include:

Native platform integration and turn-key protection

DDoS Protection Standard is natively integrated into the Azure platform, this includes integration with the Azure Portal and PowerShell when customers create a DDoS protection plan and then proceed to enable the feature. Simplified provisioning immediately protects all resources in a virtual network again with no charge.

Always-on Monitoring and Adaptive Tuning

When this feature is enabled the application traffic patterns are continuously monitored for any signs of attacks. DDoS learns your resources and configuration customises the protection policy to tailor to the network it is on. Machine learning means that the policy changes itself to adapt to the changes as traffic patterns change over time.

About the author