Azure extends DDoS attack protection to SMBs • The Register

A new Azure service aimed at protecting smaller businesses from the growing threat of distributed denial-of-service (DDoS) attacks is now in public preview, Microsoft says.

DDoS IP Protection is a new SKU for the Azure DDoS Protection service, designed to provide enterprise-level protection down to the single public IP layer for a monthly fee, providing essentially the same services larger enterprises use, according to Saleem Bseeu. Product Manager for Cloud Security Engineering at Microsoft.

“We now have a DDoS-per-IP SKU that can help SMBs mitigate Layer 3 and Layer 4 DDoS attacks on their public IPs, which include firewalls, application gateways and load balancers,” Bseeu wrote in a blog post on Monday. “This also ensures that all customers using public IPs on Azure are protected.”

Microsoft’s Azure DDoS Protection program now has two SKUs: DDoS IP Protection for SMBs and DDoS Network Protection (nee DDoS Protection Standard) for Enterprises.

DDoS is a longstanding and growing threat in which attackers use a botnet to render networks inaccessible by overloading them with fake traffic, and sometimes demanding a ransom. Cloudflare, which stopped what was reportedly the largest HTTPS DDoS attack in June, said such application layer attacks grew 111 percent year over year in the third quarter, with layer 3 and 4 network DDoS attacks growing 97 percent.

“DDoS attacks are one of the top security concerns for applications in the cloud and are increasing in complexity and frequency due to evolving challenges in the cybersecurity landscape,” Bseeu wrote. “All customers, including small and medium-sized ones, have been impacted by the recent surge in DDoS attacks.”

In an October blog post announcing the preview of DDoS IP Protection, Amir Dahan, Senior Product Manager for Azure Networks, wrote that cyberattacks tend to attract attention when they hit larger organizations.

“However, contrary to what many might think, small and medium-sized enterprises (SMEs) are just as tempting to cybercriminals,” Dahan wrote. “While large organizations have the resources to protect themselves, small businesses often lack the budget and skilled staff to defend against DDoS attacks.”

Microsoft isn’t the only technology vendor offering DDoS protection for SMBs. Others include Amazon Web Services (with Shield), Google Cloud (Armor), Cloudflare, Elastic Security, Webroot, and Imperva.

Microsoft previewed the DDoS IP protection SKU in October and talked about it at the Ignite 2022 show before moving it to public preview this month, saying it will integrate with other Azure services for real-time alerts, Integrate metrics and security insights.

Features range from traffic monitoring, automatic attack mitigation, integration with Firewall Manager, mitigation reports and data flow logs to the Azure Sentinel data connector and workbooks. Three features not included—but intended for the enterprise-level DDoS Network Protection SKU—are cost protection, a web application firewall discount, and fast DDoS response support.

Another difference is the price. Businesses pay $2,944 per month for each DDoS protection plan and a $30 overage fee for each additional public IP over 100. For SMBs, the monthly cost is $199 for each protected IP.

SMBs can enable IP protection through the Azure preview portal or through PowerShell.

Also at Ignite, Microsoft introduced a new Azure Firewall offering aimed at smaller businesses. Azure Firewall Basic offers SMBs a cost-effective cloud-native firewall-as-a-service option for traffic flow control and logging.

Businesses can use it for L3-L7 filtering of east-west and north-south traffic and threat intelligence to block traffic threats, Bseeu wrote. Azure Firewall Basic went into public preview last week. ®