This publish was co-authored by Henry Yan, Product Advertising Supervisor.
Elevated cloud adoption and the shift to hybrid work has resulted in elevated utilization of digital belongings. Whereas transferring internet functions and APIs to the cloud supplies many benefits for organizations, together with reworking enterprise fashions and enhancing the client expertise, it additionally presents new safety challenges. Now we have seen that attackers provide you with new refined assault patterns and we see new vulnerabilities (for instance, Log4J, SpringShell, and Text4Shell) rising continuously. Vulnerabilities in these functions may result in breaches and permit cybercriminals to realize entry to helpful and delicate information.
At Microsoft, we’re dedicated to creating Microsoft Azure probably the most safe and trusted cloud for all workloads. We’re constantly innovating and searching for methods to reinforce our merchandise to assist our prospects defend in opposition to evolving threats. This consists of supporting organizations and communities that share a standard dedication as ours. We’re happy to announce the sponsorship for the Open Net Software Safety Challenge (OWASP) ModSecurity Core Rule Set (CRS) undertaking. We worth the contributions of the CRS group and are trying ahead to contributing to the success of the group and OWASP ModSecurity CRS open supply undertaking.
Clever safety from edge to cloud
Azure Net Software Firewall (Azure WAF) is our cloud-native service for shielding your functions and APIs in Azure or wherever else from internet assaults and vulnerabilities. Azure WAF supplies built-in managed guidelines, primarily based off the OWASP ModSecurity CRS, that provide utility safety from a variety of assaults, together with the OWASP Prime Ten, with minimal false positives. These managed guidelines present safety in opposition to many frequent assault classes, together with SQL injection, cross web site scripting, native file inclusion, and far more.
Azure WAF affords Microsoft Managed Rule Units, proprietary rulesets, which extends the safety of OWASP ModSecurity CRS three.x, and consists of further proprietary guidelines and up to date signatures developed by the Microsoft Menace Intelligence Middle to offer elevated safety protection, patches for particular vulnerabilities, and diminished false optimistic. Azure WAF consists of richer set of options together with IP fame, bot safety, fee limiting, IP restriction, and geo-filtering that additional strengthens the safety posture in your internet utility and APIs. Native integration with Azure Monitor, Microsoft Sentinel, and Azure Firewall Supervisor supplies ease of administration and superior analytics capabilities to detect and reply to safety threats well timed.
Microsoft has invested closely in constructing security-focused merchandise and making certain safety is constructed into our core applied sciences. As a gold sponsor for the OWASP ModSecurity CRS undertaking, we’re furthering our dedication in contributing to a robust and vibrant safety group. We’re excited to hitch efforts to assist advance the CRS open supply undertaking that serves as a primary line of protection for a lot of functions. The collaboration between Microsoft and OWASP CRS groups will assist enhance signature patterns, cut back false positives, and deal with important zero-day vulnerabilities rapidly. This is a vital step in making certain we offer the perfect safety doable for all.
Learn extra about this announcement from OWASP ModSecurity CRS undertaking.