This submit was co-authored by Henry Yan, Product Marketing Manager.
Increased cloud adoption and the shift to hybrid work has resulted in elevated utilization of digital belongings. While shifting net purposes and APIs to the cloud offers many benefits for organizations, together with remodeling enterprise fashions and enhancing the client expertise, it additionally presents new safety challenges. We have seen that attackers provide you with new refined assault patterns and we see new vulnerabilities (for instance, Log4J, SpringShell, and Text4Shell) rising consistently. Vulnerabilities in these purposes might result in breaches and permit cybercriminals to achieve entry to beneficial and delicate knowledge.
At Microsoft, we’re dedicated to creating Microsoft Azure essentially the most safe and trusted cloud for all workloads. We are constantly innovating and in search of methods to reinforce our merchandise to assist our clients defend in opposition to evolving threats. This contains supporting organizations and communities that share a standard dedication as ours. We are happy to announce the sponsorship for the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set (CRS) venture. We worth the contributions of the CRS group and are trying ahead to contributing to the success of the group and OWASP ModSecurity CRS open supply venture.
Intelligent safety from edge to cloud
Azure Web Application Firewall (Azure WAF) is our cloud-native service for safeguarding your purposes and APIs in Azure or wherever else from net assaults and vulnerabilities. Azure WAF offers built-in managed guidelines, based mostly off the OWASP ModSecurity CRS, that provide utility safety from a variety of assaults, together with the OWASP Top Ten, with minimal false positives. These managed guidelines present safety in opposition to many frequent assault classes, together with SQL injection, cross web site scripting, native file inclusion, and way more.
Azure WAF gives Microsoft Managed Rule Sets, proprietary rulesets, which extends the safety of OWASP ModSecurity CRS 3.x, and contains extra proprietary guidelines and up to date signatures developed by the Microsoft Threat Intelligence Center to offer elevated safety protection, patches for particular vulnerabilities, and diminished false optimistic. Azure WAF contains richer set of options together with IP fame, bot safety, charge limiting, IP restriction, and geo-filtering that additional strengthens the safety posture on your net utility and APIs. Native integration with Azure Monitor, Microsoft Sentinel, and Azure Firewall Manager offers ease of administration and superior analytics capabilities to detect and reply to safety threats well timed.
Better collectively
Microsoft has invested closely in constructing security-focused merchandise and making certain safety is constructed into our core applied sciences. As a gold sponsor for the OWASP ModSecurity CRS venture, we’re furthering our dedication in contributing to a powerful and vibrant safety group. We are excited to hitch efforts to assist advance the CRS open supply venture that serves as a primary line of protection for a lot of purposes. The collaboration between Microsoft and OWASP CRS groups will assist enhance signature patterns, cut back false positives, and deal with important zero-day vulnerabilities shortly. This is a crucial step in making certain we offer the perfect safety attainable for all.
Read extra about this announcement from OWASP ModSecurity CRS venture.