Skip to content

Azure Security best practice: Mitigate DDoS Attacks

Azure DDoS protection

This is Part#9 of our series of articles about best security practices that you can apply to an Azure environment. Please note that all the articles have been compiled from various official Microsoft sources.

Enable DDoS protection beyond the default free tier

What : Enable DDoS Mitigations for all business-critical web applications, and services

Why : DDoS attacks are prevalent and are very inexpensive to access on the dark markets

How : Evaluate and select the best option for protecting your critical applications and services

  • Azure DDoS standard
  • 3rd party service

Azure includes basic Distributed Denial of Service (DDoS) protection, which can be upgraded to the Standard offering

The basic capabilities apply to all workloads in Azure as this protection is applied to all Microsoft properties on our network (which also include services like Office 365, Windows Update, Xbox Live, etc.)

The standard offering adds local visibility and control for your workloads with:

  • Advanced protection for your virtual network resources
  • Automatic mitigation for 60+ network layer attacks
  • Adaptive tuning via application traffic profiling and machine learning algorithm
  • Real time monitoring and alerting in Azure Monitor
  • Integration with WAF application layer protection
Azure DDoS protection
Exit mobile version