Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Microsoft Adds New Tools to Azure DDoS Protection

Microsoft this week announced a new set of distributed denial of service (DDoS) mitigation tools for Azure, which the company says will provide customers with increased visibility and support when their computing resources are under attack.

Microsoft this week announced a new set of distributed denial of service (DDoS) mitigation tools for Azure, which the company says will provide customers with increased visibility and support when their computing resources are under attack.

Building on the capabilities of Azure DDoS Protection, new features such as DDoS Attack Analytics and DDoS Rapid Response can deliver attack insights that can be leveraged for compliance, security audits, and defense optimizations, and also help customers engage DDoS experts during an active attack for specialized support.

There are three new features that Azure DDoS Protection Standard customers can now take advantage of, namely Attack Mitigation Reports, Attack Mitigation Flow Logs and DDoS Rapid Response. Thus, organizations will get detailed visibility into attack traffic and mitigation actions in Azure Monitor, as well as custom mitigations and support for attack investigation, Microsoft notes.

Leveraging aggregated network flow data, the new Attack Mitigation Reports provide detailed information about attacks targeting an organization’s resources. Once enabled via the Diagnostic Settings in Azure Monitor, the Reports will be processed with Log Analytics, an Azure Storage account or Event Hub for downstream integration with SIEM systems like Splunk or Stream Analytics.

Attack data is generated every five minutes when a customer’s Public IP resource is the target of a DDoS siege, and a post-mitigation report is generated for the entire duration of the assault when it stops. The reports provide information on attack vectors, traffic statistics, involved protocols, attack sources, and reason for dropped packets.

Customers can use Attack Mitigation Flow Logs to review dropped traffic, forwarded traffic, and other attack data in near real-time during an assault. The data can be used in SIEM systems like Splunk or Stream Analytics for near-real-time monitoring, Microsoft claims.

Also enabled via Diagnostic Settings in Azure Monitor, the Logs can be integrated with log analytics, storage account or event hub. Information in generated Logs includes source and destination IPs, source and destination ports, protocol type, and actions taken during mitigation.

With DDoS Rapid Response (DRR), Microsoft provides customers with access to DDoS experts during an active attack, to help with attack investigation and the deployment of custom mitigations, and to engage in post-attack analysis.

To engage DRR during an active attack, customers need to create a new support request from Azure Portal, select Service as DDoS Protection, choose a resource in the resource drop down menu (a DDoS Plan linked to the virtual network being protected is required), then select the severity as A -Critical Impact and Problem Type as ‘Under attack’, and complete additional details before submitting the support request.

Planning and preparing for DDoS assaults can prove crucial for understanding the availability of an application during attack, Microsoft notes. To help organizations with planning, the tech giant published an end to end DDoS Protection – Best Practices and Reference Architecture guide and encourages all “customers to apply those practices while designing applications for resiliency against DDoS attacks in Azure.”


Microsoft also announced improved security features for Azure this week, with the addition of Microsoft Authenticator, Azure Firewall, and several other tools to the cloud computing platform.

Related: DDoS Attacks Less Frequent But Pack More Punch: Report

Related: You Can DDoS an Organization for Just $10 per Hour: Cybercrime Report

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.