To make sure clients working on Azure are protected in opposition to ransomware assaults, Microsoft has invested closely in Azure safety and has offered clients with the safety controls wanted to guard their Azure cloud workloads.
A complete overview of greatest practices and proposals might be discovered within the “Azure Defenses for Ransomware Assault” e-book.
Right here, we want to zoom into community safety and perceive how Azure Firewall can help you with defending in opposition to ransomware.
Ransomware is mainly a kind of malicious software program designed to dam entry to your laptop system till a sum of cash is paid. The attacker normally exploits an current vulnerability in your system to penetrate your community and execute the malicious software program on the goal host.
Ransomware is usually unfold via phishing emails that include malicious attachments or via drive-by downloading. Drive-by downloading happens when a person unknowingly visits an contaminated web site after which malware is downloaded and put in with out the person’s information.
Right here Azure Firewall Premium comes into assist. With its intrusion detection and prevention system (IDPS) functionality, each packet might be inspected totally, together with all its headers and payload to determine malicious exercise and to stop it from penetrating your community. IDPS lets you monitor your community for malicious exercise, log details about this exercise, report it, and optionally try to dam it.
The IDPS signatures are relevant for each utility and network-level visitors (Layers 4-7), they’re totally managed and include greater than 65,000 signatures in over 50 totally different classes to maintain them updated with the dynamic ever-changing assault panorama:
- Azure Firewall is getting early entry to vulnerability info from Microsoft Energetic Protections Program (MAPP) and Microsoft Safety Response Middle (MSRC).
- Azure Firewall is releasing 30 to 50 new signatures every day.
These days, trendy encryption, reminiscent of Safe Sockets Layer (SSL) or Transport Layer Safety (TLS), is used globally to safe web visitors. Attackers are utilizing encryption to hold their malicious software program into the sufferer community. Due to this fact, clients should examine their encrypted visitors similar to another visitors.
Azure Firewall Premium IDPS lets you detect assaults in all ports and protocols for non-encrypted visitors. Nevertheless, when HTTPS visitors must be inspected, Azure Firewall can use its TLS inspection functionality to decrypt the visitors and precisely detect malicious actions.
After the ransomware is put in on the goal machine, it might attempt to encrypt the machine’s knowledge, due to this fact it requires utilizing an encryption key and will use the Command and Management (C&C) to get the encryption key from the C&C server hosted by the attacker. CryptoLocker, WannaCry, TeslaCrypt, Cerber, and Locky are among the ransomware utilizing C&C to fetch the required encryption keys.
Azure Firewall Premium has a whole lot of signatures which might be designed to detect C&C connectivity and block it to stop the attacker from encrypting clients’ knowledge.
Determine 1: Firewall safety in opposition to ransomware assault utilizing command and management channel
Taking a complete strategy to fend off ransomware assaults
Taking a holistic strategy to fend off ransomware assaults is advisable. Azure Firewall operates in a default deny mode and can block entry except explicitly allowed by the administrator. Enabling Menace Intelligence (TI) characteristic in alert/deny mode will block entry to identified malicious IPs and domains. Microsoft Menace Intel feed is up to date repeatedly based mostly on new and rising threats.
Firewall coverage can be utilized for the centralized configuration of firewalls. This helps with responding to threats quickly. Prospects can allow Menace Intel and IDPS throughout a number of firewalls with just some clicks. Internet classes let directors permit or deny person entry to internet classes reminiscent of playing web sites, social media web sites, and others. URL filtering supplies scoped entry to exterior websites and may reduce down threat even additional. In different phrases, Azure Firewall has every part vital for firms to defend comprehensively in opposition to malware and ransomware.
Detection is equally vital as prevention. Azure Firewall resolution for Microsoft Sentinel will get you each detection and prevention within the type of an easy-to-deploy resolution. Combining prevention and detection lets you be sure that you each stop refined threats when you’ll be able to, whereas additionally sustaining an “assume breach mentality” to detect and shortly reply to cyberattacks.