



Microsoft has released a new Azure DDoS Protection solution for Microsoft Sentinel. This new service leverages Azure DDoS Protection Logs to automatically track and block DDoS sources and mitigate sophisticated attacks.

Microsoft Sentinel is a cloud-based security solution that enables security teams to detect and mitigate threats, monitor security events, and analyze data in their environment. It also provides intelligent security analytics that help organizations improve their overall security posture. Additionally, Azure DDoS Protection is a security feature that protects against distributed denial of service (DDoS) attacks at the network level.

Rich integrations for Microsoft Sentinel and Azure DDoS Protection services to easily ingest DDoS Protection logs, view and analyze this data in Sentinel to create custom alerts, and improve security posture, investigation, and response processes provide. Specifically, customers can correlate DDoS smoke screen attacks with events from various sources to detect advanced attacks such as data theft and automatically block them, Microsoft said.

Microsoft explained that the new Azure DDoS Protection solution includes three main components. First, it includes an Azure DDoS Protection data connector and a workbook. Additionally, the solution provides alert rules to help security teams find source DDoS attackers. There is also a remediation IP playbook that allows IT admins to automatically create remediations in Azure Firewall to block remediation.

How to get started with Azure DDoS Protection

Overall, this release makes it easier for organizations to protect their apps and resources from advanced DDoS attacks, such as smoke screen attacks. If you’re interested, follow this step-by-step guide to deploy the new solution in your organization.

At launch, Microsoft Sentinels’ new Azure DDoS Protection is available for Azure Firewall and third-party firewall products. However, Microsoft plans to add support for Azure Web Application Firewall later this year.

