This publish was co-authored by Henry Yan, Product Advertising and marketing Supervisor.
Elevated cloud adoption and the shift to hybrid work has resulted in elevated utilization of digital belongings. Whereas shifting internet purposes and APIs to the cloud gives many benefits for organizations, together with remodeling enterprise fashions and enhancing the shopper expertise, it additionally presents new safety challenges. We have now seen that attackers give you new refined assault patterns and we see new vulnerabilities (for instance, Log4J, SpringShell, and Text4Shell) rising continually. Vulnerabilities in these purposes may result in breaches and permit cybercriminals to realize entry to helpful and delicate information.
At Microsoft, we’re dedicated to creating Microsoft Azure essentially the most safe and trusted cloud for all workloads. We’re repeatedly innovating and searching for methods to boost our merchandise to assist our prospects defend towards evolving threats. This contains supporting organizations and communities that share a typical dedication as ours. We’re happy to announce the sponsorship for the Open Internet Utility Safety Mission (OWASP) ModSecurity Core Rule Set (CRS) undertaking. We worth the contributions of the CRS group and are trying ahead to contributing to the success of the group and OWASP ModSecurity CRS open supply undertaking.
Clever safety from edge to cloud
Azure Internet Utility Firewall (Azure WAF) is our cloud-native service for safeguarding your purposes and APIs in Azure or wherever else from internet assaults and vulnerabilities. Azure WAF gives built-in managed guidelines, based mostly off the OWASP ModSecurity CRS, that provide software safety from a variety of assaults, together with the OWASP High Ten, with minimal false positives. These managed guidelines present safety towards many widespread assault classes, together with SQL injection, cross website scripting, native file inclusion, and way more.
Azure WAF affords Microsoft Managed Rule Units, proprietary rulesets, which extends the safety of OWASP ModSecurity CRS 3.x, and contains extra proprietary guidelines and up to date signatures developed by the Microsoft Risk Intelligence Middle to supply elevated safety protection, patches for particular vulnerabilities, and diminished false optimistic. Azure WAF contains richer set of options together with IP status, bot safety, charge limiting, IP restriction, and geo-filtering that additional strengthens the safety posture to your internet software and APIs. Native integration with Azure Monitor, Microsoft Sentinel, and Azure Firewall Supervisor gives ease of administration and superior analytics capabilities to detect and reply to safety threats well timed.
Higher collectively
Microsoft has invested closely in constructing security-focused merchandise and making certain safety is constructed into our core applied sciences. As a gold sponsor for the OWASP ModSecurity CRS undertaking, we’re furthering our dedication in contributing to a robust and vibrant safety group. We’re excited to hitch efforts to assist advance the CRS open supply undertaking that serves as a primary line of protection for a lot of purposes. The collaboration between Microsoft and OWASP CRS groups will assist enhance signature patterns, cut back false positives, and tackle vital zero-day vulnerabilities rapidly. This is a vital step in making certain we offer the perfect safety doable for all.
Learn extra about this announcement from OWASP ModSecurity CRS undertaking.
