This is Part#9 of our series of articles about best security practices that you can apply to an Azure environment. Please note that all the articles have been compiled from various official Microsoft sources.
Enable DDoS protection beyond the default free tier
What : Enable DDoS Mitigations for all business-critical web applications, and services
Why : DDoS attacks are prevalent and are very inexpensive to access on the dark markets
How : Evaluate and select the best option for protecting your critical applications and services
- Azure DDoS standard
- 3rd party service
Azure includes basic Distributed Denial of Service (DDoS) protection, which can be upgraded to the Standard offering
The basic capabilities apply to all workloads in Azure as this protection is applied to all Microsoft properties on our network (which also include services like Office 365, Windows Update, Xbox Live, etc.)
The standard offering adds local visibility and control for your workloads with:
- Advanced protection for your virtual network resources
- Automatic mitigation for 60+ network layer attacks
- Adaptive tuning via application traffic profiling and machine learning algorithm
- Real time monitoring and alerting in Azure Monitor
- Integration with WAF application layer protection
