SlideShare a Scribd company logo

Securing your cloud perimeter with azure network security brk3185

Download as PPTX, PDF
J
jtaylor707

Securing your cloud perimeter with azure network security

Technology
1 of 33
Securing your cloud perimeter with Azure Network Security​
Zero Trust Architecture Devices Security Policy Enforcement Identities Visibility and Analytics Automation Data Apps Infrastructure Network 1 2 3 https://www.Microsoft.com/en- us/security/
Zero Trust Networking Maturity Model Security Enforcement ty and Analytics utomation Data Apps Infrastructure Network Network
Segment Prevent lateral movement and data exfiltration Protect Secure network with threat intelligence Deploy securely across DevOps process Azure Network Security Connect Embrace distributed connectivity
Achieving Zero Trust with Azure Networking Cloud-Native Network Security Services Networking Partner Solutions Defense-in-Depth + Software Defined Network (SDN) Virtual Networks Network Security Groups User Defined Routes Load Balancer Azure Firewall Azure DDoS Protection Azure Web Application Firewall Azure PrivateLink
Photo of main entrance at the Orange County Convention Center.
Network Segmentation Web Application Firewall Virtual Network Network Security Group Azure Firewall Subscription
Multi-level Segmentation Network Security Group Subscriptions Virtual Network Azure Firewall Application Security Group or FQDN or Service Tag Kubernetes Services Container Networking Interface Web Application Firewall Private Link Vnet Peering Virtual WAN VPN Gateway
Azure Firewall Manager Central network security policy and route management for globally distributed, software-defined perimeters Central deployment and configuration Automated routing Advanced security with 3rd party SECaaS [Roadmap] Split routing PREVIEW 3rd party SecSaaS 3rd party Sec SaaS
Internet Corpnet Customer VNet Subnet 10.3.0.0/25 Cloud Native Firewall Central VNet Gateway VNet CSEO Infra L3 – L7 Connectivity Policies VNet Peering VNet Peering Subnet 10.1.0.0/27 Spoke 1 VNet Subnet 10.2.0.0/27 Spoke 2 Public Azure Source Destination Ports/Protocols LAB Internet HTTP - 80, HTTPS - 443 , KMS - 1688 Internet LAB Not available Source Destination Ports/Protocols LAB Azure Public HTTP - 80, HTTPS - 443 , KMS - 1688 Azure Public LAB Not available Source Destination Ports/Protocols LAB "CorpNet" HTTPS-443,HTTP-80, RDP, SSH, WinRM,445,ICMP "CorpNet" LAB HTTPS-443,HTTP-80, RDP, SSH, WinRM,445,ICMP Microsoft Core Services Engineering Labs @ Microsoft Goals Migrate 100’s of labs to Cloud Network Segmentation (From Corpnet and each other) Enable engineering agility and time to market Solution: Leverage cloud native Scalable Infrastructure Central Edge Controls Learnings : Scalability Improved Performance Improved (lack of Force Tunnel)
Photo of main entrance at the Orange County Convention Center.
Azure Web Application Firewall BRK3171 | 11/08 (9:15 - 10 AM) | Using Azure Web Application Firewall to protect your web applications and web APIs Azure Global WAF (Front Door) Azure Regional WAF (Application Gateway) Uniform policy WAF policy PaaS, IaaS, AKS, serverless and on-premises backends OWASP rules Bot management Custom rules Microsoft threat intelligence • Protect apps against automated attacks • Manage good/bad bots with Azure BotManager RuleSet Site and URI path specific WAF policies  Customize WAF policies at regional WAF for finer grained protection at each host/listener or URI path level Geo filtering on regional WAF  Enhanced custom rule matching criterion PREVIEW Unified WAF policy Protect your apps at network edge or in Azure regions
Cloud scale DDoS protection for Azure Azure DDoS Protection Standard Azure Spoke VNET Central VNET Azure Firewall Spoke VNET Azure WAF Azure DDoS Public Internet Inbound Inbound / Outbound Internet Public IP 1 Public IP 2 DDoS Protection Standard Adaptive Tuning Engine Web Application 1 Web Application 2 Azure global network 1 2 Adaptive tuning 3 Attack analytics and metrics 4 DDoS Rapid Response (DRR) 5 SLA guarantee and cost protection
New Partner WAF-as-a-Service Offerings in Azure • Advanced Security Stack with Bot Manager, Analytics & Threat Detection • Application Specific Rule Sets with positive / negative rules and auto policy generation Leverages the scale & reach of Azure Defended against DDoS attacks by Azure DDoS Protection Standard Consumption based pricing model & available on Azure Marketplace • Web application security, simplified • All the advanced WAF functionality with the ease of SaaS – deployed in minutes
Photo of main entrance at the Orange County Convention Center.
Clouds Business SaaS Consumer SaaS Azure Networking Connectivity Transforming your network approach Azure
Azure Virtual WAN Region 2 Region 1 Region 3 Datacenter Point-to-site VPN ExpressRoute VNet VNet VNet Corp HQ Branch Branch Branch Branch VNet • ExpressRoute Integration • Point to site VPN Integration • Path selection from branch GA PREVIEW • Hub/Any-to-any connectivity • Azure Firewall integration Provides optimized and automated branch connectivity to, and through Azure
On-premises VNet Azure Firewall VNet Other PaaS Consumer SaaS Business SaaS HQ/Branch Datacenter Virtual WAN Direct Internet Breakout for O365 Secure Internet access via Azure, based on IPs/FQDNs/Tags PaaS User-aware Internet access via 3rd Party Azure Firewall Manager Multiple Secured Virtuals Secured vHub Azure Firewall Manager Extend your Security Edge to Azure PREVIEW
21 Securing your cloud transformation ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Microsoft Azure Firewall Manager and Zscaler Internet Access Azure Region 1 Azure Region n “The Zscaler and Microsoft joint solution ensures best-in-class internet/web security and low-latency performance to empower enterprise users and applications to securely access any internet destination." Dhawal Sharma Sr. Director Product Management, Zscaler
Checkpoint CloudGuard Connect
Microsoft Core Service Engineering Quantum Computing Private Network Need: Quickly create an isolated network for collaboration between Microsoft employees embedded at Universities around the world. Solution: Azure Virtual WAN Azure Firewall Azure VPN Full Deployment in less than a Day Azure 3rd Party Site1 University S1 University S2 University S3 Azure Virtual WAN Azure Firewall 3rd Party Site1 Remote User University S1 University S2 VNET VNET VNET VNET VNET 3rd Party Site1 University S3 3rd Party Site1 Remote User VPN Appliance HUB
Azure Private Link Highly secure and private connectivity solution for Azure Platform Private endpoint Storage 10.0.0.5 SQL DW SQL Private Link Service Deny Internet Deny Internet ER Gateway On-premises Private Link Customer owned services Azure PaaS services Marketplace services Virtual Network (10.0.0.0/16) ER Private Peering Private access from Virtual Network resources, peered networks and on-premise networks In-built Data Exfiltration Protection Predictable private IP addresses for PaaS resources Unified experience across PaaS, Customer Owned and marketplace Services BRK3168 | 11/07 (9:15 - 10 AM) | Delivering services privately in your VNet with Azure Private Link
Azure Bastion Secure and seamless RDP and SSH access to your virtual machines using zero trust GA RDP/SSH to your workload using HTML5 standards- based web-browser, directly in Azure Portal Resources can be accessed without public IP addresses Supported Azure resources include VMs, VM Scale Sets, Dev-Test Labs No agent required Azure Portal Remote Protocol (RDP, SSH, et al) SSL 443, Internet AzureBastionSubnet Port: 3389/22 “AzureBastionSubnet” Target VM Subnet(s) Private IP Azure VM Azure VM Azure VM Customer’s Virtual Network SSL Azure Bastion
Azure Bastion Demo
How it all works together Azure Hub VNET Public Internet Express Route VPN Gateway & Virtual WAN On-Premises Data Center, Branch Offices, Mobile Workers Azure Firewall Azure Regional WAF Azure DDoS Inbound Inbound / Outbound Azure Global WAF Private Link PaaS Services IaaS/PaaS Spoke VNET App on IaaS App on PaaS = Network Service Group + Private Link PRIVATE PaaS IaaS/PaaS Spoke VNET App on IaaS App on PaaS = Public PaaS Services Network Service Group Service Endpoints + PUBLIC PaaS
Key takeaways
Please evaluate this session Your feedback is important to us! https://aka.ms/ignite.mobileapp https://myignite.techcommunity.microsoft.com/evaluations
Find this session in Microsoft Tech Community
Securing your cloud perimeter with azure network security brk3185

Recommended

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Event Hub & Azure Stream Analytics
Event Hub & Azure Stream AnalyticsEvent Hub & Azure Stream Analytics
Event Hub & Azure Stream AnalyticsDavide Mauri
 
Azure purview
Azure purviewAzure purview
Azure purviewShafqat Turza
 
Présentation AzureAD ( Identité hybrides et securité)
Présentation AzureAD ( Identité hybrides et securité)Présentation AzureAD ( Identité hybrides et securité)
Présentation AzureAD ( Identité hybrides et securité)☁️Seyfallah Tagrerout☁ [MVP]
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 

Recommended

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Event Hub & Azure Stream Analytics
Event Hub & Azure Stream AnalyticsEvent Hub & Azure Stream Analytics
Event Hub & Azure Stream AnalyticsDavide Mauri
 
Azure purview
Azure purviewAzure purview
Azure purviewShafqat Turza
 
Présentation AzureAD ( Identité hybrides et securité)
Présentation AzureAD ( Identité hybrides et securité)Présentation AzureAD ( Identité hybrides et securité)
Présentation AzureAD ( Identité hybrides et securité)☁️Seyfallah Tagrerout☁ [MVP]
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security ChecklistAmazon Web Services
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use CasesNetskope
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Azure vnet
Azure vnetAzure vnet
Azure vnetzekeLabs Technologies
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best PracticesCommunity IT Innovators
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
CCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure NetworkingCCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure Networkingwalk2talk srl
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureAbou CONDE
 

More Related Content

What's hot

Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use CasesNetskope
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 

What's hot (20)

Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Hunting
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud Services
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Azure vnet
Azure vnetAzure vnet
Azure vnet
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best Practices
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 

Similar to Securing your cloud perimeter with azure network security brk3185

CCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure NetworkingCCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure Networkingwalk2talk srl
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureAbou CONDE
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practiceswalk2talk srl
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaPlain Concepts
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-securityober64
 
azure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfazure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfBenAissaTaher1
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS WorkloadsAmazon Web Services
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityScott Hoag
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityRobb Boyd
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0Marcos Oikawa
 

Similar to Securing your cloud perimeter with azure network security brk3185 (20)

CCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure NetworkingCCI2019 - Architecting and Implementing Azure Networking
CCI2019 - Architecting and Implementing Azure Networking
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azure
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
 
azure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfazure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdf
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network Security
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
 
zscaler-aws-zero-trust.pdf
zscaler-aws-zero-trust.pdfzscaler-aws-zero-trust.pdf
zscaler-aws-zero-trust.pdf
 
Staying Secure in the Cloud
Staying Secure in the CloudStaying Secure in the Cloud
Staying Secure in the Cloud
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN Security
 
Azure 10 major services
Azure 10 major servicesAzure 10 major services
Azure 10 major services
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
 

Recently uploaded

How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 

Recently uploaded (20)

How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 

Securing your cloud perimeter with azure network security brk3185

  • 1.
  • 2. Securing your cloud perimeter with Azure Network Security​
  • 3. Zero Trust Architecture Devices Security Policy Enforcement Identities Visibility and Analytics Automation Data Apps Infrastructure Network 1 2 3 https://www.Microsoft.com/en- us/security/
  • 4. Zero Trust Networking Maturity Model Security Enforcement ty and Analytics utomation Data Apps Infrastructure Network Network
  • 5. Segment Prevent lateral movement and data exfiltration Protect Secure network with threat intelligence Deploy securely across DevOps process Azure Network Security Connect Embrace distributed connectivity
  • 6. Achieving Zero Trust with Azure Networking Cloud-Native Network Security Services Networking Partner Solutions Defense-in-Depth + Software Defined Network (SDN) Virtual Networks Network Security Groups User Defined Routes Load Balancer Azure Firewall Azure DDoS Protection Azure Web Application Firewall Azure PrivateLink
  • 7. Photo of main entrance at the Orange County Convention Center.
  • 8. Network Segmentation Web Application Firewall Virtual Network Network Security Group Azure Firewall Subscription
  • 9. Multi-level Segmentation Network Security Group Subscriptions Virtual Network Azure Firewall Application Security Group or FQDN or Service Tag Kubernetes Services Container Networking Interface Web Application Firewall Private Link Vnet Peering Virtual WAN VPN Gateway
  • 10. Azure Firewall Manager Central network security policy and route management for globally distributed, software-defined perimeters Central deployment and configuration Automated routing Advanced security with 3rd party SECaaS [Roadmap] Split routing PREVIEW 3rd party SecSaaS 3rd party Sec SaaS
  • 11.
  • 12. Internet Corpnet Customer VNet Subnet 10.3.0.0/25 Cloud Native Firewall Central VNet Gateway VNet CSEO Infra L3 – L7 Connectivity Policies VNet Peering VNet Peering Subnet 10.1.0.0/27 Spoke 1 VNet Subnet 10.2.0.0/27 Spoke 2 Public Azure Source Destination Ports/Protocols LAB Internet HTTP - 80, HTTPS - 443 , KMS - 1688 Internet LAB Not available Source Destination Ports/Protocols LAB Azure Public HTTP - 80, HTTPS - 443 , KMS - 1688 Azure Public LAB Not available Source Destination Ports/Protocols LAB "CorpNet" HTTPS-443,HTTP-80, RDP, SSH, WinRM,445,ICMP "CorpNet" LAB HTTPS-443,HTTP-80, RDP, SSH, WinRM,445,ICMP Microsoft Core Services Engineering Labs @ Microsoft Goals Migrate 100’s of labs to Cloud Network Segmentation (From Corpnet and each other) Enable engineering agility and time to market Solution: Leverage cloud native Scalable Infrastructure Central Edge Controls Learnings : Scalability Improved Performance Improved (lack of Force Tunnel)
  • 13. Photo of main entrance at the Orange County Convention Center.
  • 14. Azure Web Application Firewall BRK3171 | 11/08 (9:15 - 10 AM) | Using Azure Web Application Firewall to protect your web applications and web APIs Azure Global WAF (Front Door) Azure Regional WAF (Application Gateway) Uniform policy WAF policy PaaS, IaaS, AKS, serverless and on-premises backends OWASP rules Bot management Custom rules Microsoft threat intelligence • Protect apps against automated attacks • Manage good/bad bots with Azure BotManager RuleSet Site and URI path specific WAF policies  Customize WAF policies at regional WAF for finer grained protection at each host/listener or URI path level Geo filtering on regional WAF  Enhanced custom rule matching criterion PREVIEW Unified WAF policy Protect your apps at network edge or in Azure regions
  • 15. Cloud scale DDoS protection for Azure Azure DDoS Protection Standard Azure Spoke VNET Central VNET Azure Firewall Spoke VNET Azure WAF Azure DDoS Public Internet Inbound Inbound / Outbound Internet Public IP 1 Public IP 2 DDoS Protection Standard Adaptive Tuning Engine Web Application 1 Web Application 2 Azure global network 1 2 Adaptive tuning 3 Attack analytics and metrics 4 DDoS Rapid Response (DRR) 5 SLA guarantee and cost protection
  • 16. New Partner WAF-as-a-Service Offerings in Azure • Advanced Security Stack with Bot Manager, Analytics & Threat Detection • Application Specific Rule Sets with positive / negative rules and auto policy generation Leverages the scale & reach of Azure Defended against DDoS attacks by Azure DDoS Protection Standard Consumption based pricing model & available on Azure Marketplace • Web application security, simplified • All the advanced WAF functionality with the ease of SaaS – deployed in minutes
  • 17. Photo of main entrance at the Orange County Convention Center.
  • 18. Clouds Business SaaS Consumer SaaS Azure Networking Connectivity Transforming your network approach Azure
  • 19. Azure Virtual WAN Region 2 Region 1 Region 3 Datacenter Point-to-site VPN ExpressRoute VNet VNet VNet Corp HQ Branch Branch Branch Branch VNet • ExpressRoute Integration • Point to site VPN Integration • Path selection from branch GA PREVIEW • Hub/Any-to-any connectivity • Azure Firewall integration Provides optimized and automated branch connectivity to, and through Azure
  • 20. On-premises VNet Azure Firewall VNet Other PaaS Consumer SaaS Business SaaS HQ/Branch Datacenter Virtual WAN Direct Internet Breakout for O365 Secure Internet access via Azure, based on IPs/FQDNs/Tags PaaS User-aware Internet access via 3rd Party Azure Firewall Manager Multiple Secured Virtuals Secured vHub Azure Firewall Manager Extend your Security Edge to Azure PREVIEW
  • 21. 21 Securing your cloud transformation ©2019 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION Microsoft Azure Firewall Manager and Zscaler Internet Access Azure Region 1 Azure Region n “The Zscaler and Microsoft joint solution ensures best-in-class internet/web security and low-latency performance to empower enterprise users and applications to securely access any internet destination." Dhawal Sharma Sr. Director Product Management, Zscaler
  • 23.
  • 24.
  • 25. Microsoft Core Service Engineering Quantum Computing Private Network Need: Quickly create an isolated network for collaboration between Microsoft employees embedded at Universities around the world. Solution: Azure Virtual WAN Azure Firewall Azure VPN Full Deployment in less than a Day Azure 3rd Party Site1 University S1 University S2 University S3 Azure Virtual WAN Azure Firewall 3rd Party Site1 Remote User University S1 University S2 VNET VNET VNET VNET VNET 3rd Party Site1 University S3 3rd Party Site1 Remote User VPN Appliance HUB
  • 26. Azure Private Link Highly secure and private connectivity solution for Azure Platform Private endpoint Storage 10.0.0.5 SQL DW SQL Private Link Service Deny Internet Deny Internet ER Gateway On-premises Private Link Customer owned services Azure PaaS services Marketplace services Virtual Network (10.0.0.0/16) ER Private Peering Private access from Virtual Network resources, peered networks and on-premise networks In-built Data Exfiltration Protection Predictable private IP addresses for PaaS resources Unified experience across PaaS, Customer Owned and marketplace Services BRK3168 | 11/07 (9:15 - 10 AM) | Delivering services privately in your VNet with Azure Private Link
  • 27. Azure Bastion Secure and seamless RDP and SSH access to your virtual machines using zero trust GA RDP/SSH to your workload using HTML5 standards- based web-browser, directly in Azure Portal Resources can be accessed without public IP addresses Supported Azure resources include VMs, VM Scale Sets, Dev-Test Labs No agent required Azure Portal Remote Protocol (RDP, SSH, et al) SSL 443, Internet AzureBastionSubnet Port: 3389/22 “AzureBastionSubnet” Target VM Subnet(s) Private IP Azure VM Azure VM Azure VM Customer’s Virtual Network SSL Azure Bastion
  • 29. How it all works together Azure Hub VNET Public Internet Express Route VPN Gateway & Virtual WAN On-Premises Data Center, Branch Offices, Mobile Workers Azure Firewall Azure Regional WAF Azure DDoS Inbound Inbound / Outbound Azure Global WAF Private Link PaaS Services IaaS/PaaS Spoke VNET App on IaaS App on PaaS = Network Service Group + Private Link PRIVATE PaaS IaaS/PaaS Spoke VNET App on IaaS App on PaaS = Public PaaS Services Network Service Group Service Endpoints + PUBLIC PaaS
  • 31. Please evaluate this session Your feedback is important to us! https://aka.ms/ignite.mobileapp https://myignite.techcommunity.microsoft.com/evaluations
  • 32. Find this session in Microsoft Tech Community