DDoS, or ‘Distributed Denial of Service’ attacks are one of the biggest security concerns for cloud applications and are increasing in complexity and frequency, so organisations need to ensure they have measures in place to mitigate these threats.
However, before we dive into Azure DDoS protection, let’s take a step back and explain what a ‘Distributed Denial of Service’ (DDoS) attack is.
A DDoS is a type of attack where an attacker sends more requests to an application than the application is capable of handling. This depletes resources, affecting the application's availability and its ability to service customers. The attack targets endpoints that are publicly reachable through the internet.
So, how do you protect against it?
Microsoft provides Azure DDoS protection, which, along with application design best practices, helps administrators defend against this form of attack. Real time monitoring is in place to predict network usage and automatically makes the required changes to defend network resources. It is easy to enable the protection on an existing or brand-new virtual network and does not require any application or resource changes.
However, DDoS protection has always been far too expensive for most IT teams to utilise. That’s why we’re pleased to share that Microsoft have now launched a new SKU that allows more organisations to gain the benefits of DDoS protection at a much more affordable price.
The new tier of DDoS protection – called IP Protection is now in preview and will be available from February 2023. The second more expensive tier has been renamed Network Protection:
- IP Protection will be a fixed price of £160 per Public IP. This allows organisations to enable protection on resources that are publicly accessible.
- Network Protection will cost £2446/ month as you do not have the flexibility to purchase individual IPs, instead this is a set bundle to cover 100 IP
Benefits of Azure IP Protection:
Active traffic monitoring & always-on detection
Active traffic and always-on detection protect against DDoS attacks by continuously monitoring the network for traffic patterns that may indicate an attack, and automatically implementing measures to mitigate the attack and keep the service available to users. This includes routing traffic through Azure's global network of data centres, which can help absorb the attack and prevent it from reaching the targeted service.
Adaptive real time tuning
Intelligent traffic profiling chooses and maintains the profile that is best for your service based on the traffic your application delivers over time. The profile is modified as traffic patterns evolve over time.
DDoS protection telemetry, monitoring and alerting
In the virtual network with DDoS enabled, Azure DDoS Protection applies three auto-tuned mitigation policies (TCP SYN, TCP, and UDP) to each public IP of the protected resource. Through network traffic profiling based on machine learning, the policy thresholds are automatically configured. Only when the policy threshold is surpassed does DDoS mitigation take place for an IP address that is being attacked.
Attack analytics
While the organisation is under an attack, you can receive in-depth reports every five minutes, and you can also get a thorough overview at the end of the attack. For nearly real-time monitoring during an attack, connect mitigation flow logs to Microsoft Sentinel or to an offline event management and security information system.
Attack alerting
Administrators can setup attach alerts from the start to the end of an attack via the attack metrics that are provided with the DDoS Protection. Alerts integrate into your operational software like Microsoft Azure Monitor logs, Azure storage and the Azure portal.
For a comprehensive breakdown of the key differences between IP Protection and Network Protection please see the table below:
Conclusion
With cyber-threats on the rise, DDoS protection is a great way of mitigating the risk of attack, which is hugely costly and damaging for any organisation. The introduction of the lower priced IP Protection has made this a much more accessible option for businesses, and well-worth the monthly cost for the benefits it provides. If you’d like more information or to discuss DDoS implementation, please do not hesitate to contact us.
Next steps
Need support? As a longstanding Microsoft Partner with an Infrastructure (Azure) Designation and an AVD Advanced Specialisation, Advanced are best placed to help your business make the most out of your technology investments and achieve your objectives. Simply get in touch today if you’d like advice or help getting started.
Want to learn more about what else is coming from Microsoft in 2023? Join our upcoming virtual event - the IT Pioneer Summit, to learn about the Microsoft roadmap, alongside topics including MFA Fatigue, Windows 11 and much more. View the agenda here.
Written by Daniel Bereczki, Cloud Solutions Architect, Advanced.
