Protect against cyberattacks with the new Azure Firewall Basic

15

Mar

Protect against cyberattacks with the new Azure Firewall Basic

https://azure.microsoft.com/blog/protect-against-cyberattacks-with-the-new-azure-firewall-basic/

Cyberattacks continue to rise across businesses of all sizes as attackers are adapting their techniques and increasing the complexity of their operations.1 The risk of these attacks is significant for small and medium businesses (SMBs) as they usually don’t have the specialized knowledge or resources to protect against emerging threats and face more challenges when recovering from an attack. In a recent Microsoft survey,2 70 percent of SMBs think cyberthreats are becoming more of a business risk and nearly one in four SMBs stated that they had a security breach in the last year.

SMBs need solutions that are tailored to their unique needs and challenges. Microsoft is committed to delivering security solutions to meet the needs of all our customers. We are excited to announce the general availability of Azure Firewall Basic, a new SKU of Azure Firewall built for SMBs.

Since public preview, we have seen a wide adoption of the Azure Firewall Basic. Customers stated the simplicity and ease of use of the Azure Firewall as one of the key benefits for choosing Azure Firewall Basic.  We have also added the capability to deploy Azure Firewall inside a virtual hub in addition to a virtual network. This gives businesses the flexibility to choose the deployment option that best meets their needs.

Deploying Azure Firewall in a virtual network is recommended for customers who plan to use traditional hub-and-spoke network topology with a Firewall on the hub. Whereas, deploying on a virtual hub is recommended for customers with large or global network deployments in Azure where global transit connectivity across Azure regions and on-premises locations is needed.

Providing SMBs with a highly available Firewall at an affordable price point

Azure Firewall Basic brings the simplicity & security of Azure Firewall to SMBs at a cost-effective price point

It offers Layer 3–Layer 7 filtering and alerts on malicious traffic with built-in threat intelligence from Microsoft threat intelligence. As a cloud-native service, Azure Firewall Basic is simple to deploy with a few clicks and seamlessly integrates with other Azure services, including Microsoft Azure Firewall Manager, Azure Monitor, Azure Events Hub, Microsoft Sentinel, and Microsoft Defender for Cloud.

Key features of Azure Firewall Basic

Comprehensive, cloud-native network firewall security

  • Network and application traffic filtering—Centrally create, allow, or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful, so it can distinguish legitimate packets for different types of connections. Rules are enforced and logged across multiple subscriptions and virtual networks.
  • Threat intelligence to alert on malicious traffic—Enable threat intelligence-based filtering to alert on traffic from or to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft threat intelligence feed.
  • Built-in high availability—Azure Firewall Basic provides built-in high availability to ensure that your network traffic is always protected. Azure Firewall Basic can replicate your firewall instance across two availability zones, ensuring that your traffic is always filtered even if one of the zones goes down.

Simple setup and easy to use

  • Set up in just a few minutes—Use the Quickstart deployment Azure Resource Manager (ARM) templates to easily deploy Azure Firewall Basic directly to your Azure environment.
  • Automate deployment (deploy as code)—Azure Firewall Basic provides native support for Infrastructure as Code (IaC). Teams can define declarative ARM templates that specify the infrastructure required to deploy solutions. Third-party platforms like Terraform also support IaC to manage automated infrastructure.
  • Zero maintenance with automatic updates—Azure Firewall is automatically updated with the latest threat intelligence and security updates to ensure that it stays up-to-date and protected against the latest threats.
  • Centralized management via Azure Firewall Manager—Azure Firewall Manager is a central management solution that allows you to manage multiple Azure Firewall instances and policies across your organization from a single location, ensuring that your security policies are consistent and up to date across your organization.

Cost-effective

Designed to deliver essential, cost-effective protection of your Azure resources within your virtual networks.

Azure firewall Basic serves as the hub and connects to spoke 1 and spoke 2. It includes the L3-L7 connectivity policies, Microsoft threat intelligence feature, NAT, network and application traffic filtering that allows outbound and inbound connections. Without a rule, the traffic is denied by default.

Choose the right Azure Firewall SKU for your business

Azure Firewall is offered in three SKUs to meet a wide range of use cases and needs:

  1. Azure Firewall Premium is recommended for customers looking to secure highly sensitive applications, such as payment processing. In addition to all features of the Azure Firewall standard, it also supports advanced threat protection capabilities like malware and Transport Layer System (TLS) inspection.
  2. Azure Firewall Standard is recommended for customers looking for Layer 3–Layer 7 firewall and require auto-scaling to handle peak traffic periods of up to 30 gigabits per second (Gbps). It supports enterprise features like threat intelligence, Domain Name System (DNS) proxy, custom DNS, and web categories.
  3. Azure Firewall Basic is recommended for SMB customers with throughput needs of less than 250 megabits per second (Mbps).

Let’s take a closer look at the features across the three Azure Firewall SKUs.

Feature comparison between Azure Firewall Basic, Standard and Premium. Azure Firewall Basic has 250Mbps fixed scale and threat intelligence on alert. Standard adds the FQDN in network rules, can scale up to 30Gpbs, FAT flow of 1Gbps, web categorization, DNS proxy + custom DNS, and Threat Intelligence on alert and deny. Azure Firewall Premium adds can scale up to 100Gbps with FAT flow of 10Gbps, TLS termination with IDPS and URL filtering.

Azure Firewall Basic pricing

 

Azure Firewall Basic pricing includes both deployment and data processing charges for both virtual network and virtual hub scenarios. Pricing and billing for Azure Firewall Basic with virtual hub will be effective starting May 1, 2023.

For more details, visit the Azure Firewall pricing page.

Next steps

For more information on everything we covered in this blog post, see the following resources:


1Microsoft Digital Defense Report 2022

2April 2022: Microsoft Small and Medium Business quantitative survey research: Security in the new environment

Share