Azure Security Center and Microsoft Web Application Firewall Integration

Inlägg på 9 januari, 2018

Senior Program Manager

Web applications are increasingly becoming targets of attacks such as cross-site scripting, SQL injection, and application DDoS. While OWASP provides guidance on writing applications that can make them more resistant to such attacks, it requires rigorous maintenance and patching at multiple layers of application topology. Microsoft Web Application Firewall (WAF) and Azure Security Center (ASC) can help secure web applications against such vulnerabilities.

Microsoft WAF is a feature of Azure Application Gateway (layer 7 load balancer) that protects web applications against common web exploits using OWASP core rule sets. Azure Security Center scans Azure resources for vulnerabilities and recommends mitigation steps for those issues. One such vulnerability is the presence of web applications that are not protected by WAF. Currently, Azure Security Center recommends a WAF deployment for public facing IPs that have an associated network security group with open inbound web ports (80 and 443). Azure Security Center offers provisioning of application gateway WAF to an existing Azure resource as well as adding a new resource to an existing web application firewall. By integrating with WAF, Azure Security Center can analyze its logs and surface important security alerts.

In some cases, the security admin may not have resource permissions to provision WAF from Azure Security Center or the application owner has already configured WAF as part of the app deployment. To accommodate these scenarios, we are pleased to announce that Security Center will soon automatically discover WAF instances in the subscription that were not provisioned using Security Center. Previously provisioned WAF instances will be displayed in Security Center security solutions pane under discovered solutions where the security admin can integrate them with Azure Security Center. Connecting existing Microsoft WAF deployments will allow customers to take advantage of Security Center detections regardless of how WAF was provisioned. Additional configuration settings such as custom firewall rules sets are available in the WAF console which is linked directly from Security Center. This article on configuring Microsoft WAF can provide more guidance on provisioning process.

ASC_WAF_Blog_picture

We would love to hear your feedback! If you have suggestions or questions, please leave a comment at the bottom of the post or reach out to ascpartnerssupport@microsoft.com.

Interested in learning more about Azure Security Center?

Intro to Azure Security Center

Azure Security Center FAQ