Microsoft Azure DDoS Protection


Serhat Sarı
Bulut Çözümleri


Distributed denial of service (DDoS) has been used for many years and its purpose is to cause excessive traffic to an application or service, causing disruption. When it comes to running an application in the cloud, the security concerns are increasing because people’s knowledge of the cloud is still low.

Many organizations are preventing DDoS attacks, but sometimes when they encounter many different types of attacks, the configurations of their existing systems may be insufficient. Azure DDoS protection provides protection for many different types of attacks. The most basic of these are; Volumetric, Protocol and Resource Layer. One of the biggest advantages of Azure DDoS is that it uses the power of artificial intelligence like other Azure services. Machine learning technology is used in the background against each new attack type. In case of a possible attack, 24/7 traffic is directed to the clean server, while the traffic under attack is stopped. Considering the size of Microsoft’s data center in terms of size, we can think that it is quite an easy task to direct the traffic to clean areas.

In 2019, a bank with a very large infrastructure and customer portfolio faced a DDoS attack and suffered a 4-hour service outage. The attackers determined mobile applications for themselves as targets. For a bank, security comes first. But what if the bank was in Azure and exposed to the same attack, what the result would be, and a simulation was carried out. As a result of the simulation, it was seen that even Azure can meet this attack up to 30,000 times the attack. So much so that many different attack methods are used nowadays. Now even a smart refrigerator or microwave can send requests to an application. Again, in an attack on an organization, it was understood that the requests coming to the application came from microwaves.

Azure DDoS can also provide us with very detailed reports. It provides you with detailed information, traffic statistics and other attack data about attacks that target your resources during an attack.

Of course, there are a certain cost to use these reports and many more advanced features. Azure has presented two different plans for this service, basic and standard. The basic plan is free, while the standard package is paid. The pricing here is determined by the monthly data density. For example, in Turkey, we believe we want to use this service, we select the options in West Europe Region it stands out as a cost table as follows.

We can see that pricing is per GB. In general, we can say that there is an expensive Azure service, but if we consider an international e-commerce company or banks, positioning such a service is necessary compared to the damage they can see.

DDoS attacks will come across for many more years by constantly changing forms. As even toasters become smart, malicious individuals will of course try to find a deficit. I hope it was a useful article.

Resource;

https://docs.microsoft.com/tr-tr/azure/virtual-network/ddos-protection-overview