1
00:00:00,000 --> 00:00:06,200
Welcome to the Azure Security Podcast,

2
00:00:06,200 --> 00:00:09,380
where we discuss topics relating to security, privacy,

3
00:00:09,380 --> 00:00:13,600
reliability, and compliance on the Microsoft Cloud Platform.

4
00:00:13,600 --> 00:00:19,080
Hey everybody, welcome to episode number 19 and welcome to 2021.

5
00:00:19,080 --> 00:00:22,780
This week, we have Mark, and Gladys, and myself.

6
00:00:22,780 --> 00:00:24,280
We also have a special guest,

7
00:00:24,280 --> 00:00:29,220
Siren Gemiana, who will talk to us this week about Azure Firewall.

8
00:00:29,220 --> 00:00:30,920
But before we get to Siren,

9
00:00:30,920 --> 00:00:34,520
let's talk to Mark about what's new in the news this week.

10
00:00:34,520 --> 00:00:36,400
For those in the InfoSec world,

11
00:00:36,400 --> 00:00:38,140
this won't be news that it exists,

12
00:00:38,140 --> 00:00:41,240
but the SolarWinds Attack,

13
00:00:41,240 --> 00:00:42,460
as Microsoft calls it,

14
00:00:42,460 --> 00:00:46,760
Solarugate is definitely something that is top of mind for

15
00:00:46,760 --> 00:00:50,000
a lot of security teams at the company.

16
00:00:50,000 --> 00:00:55,640
Microsoft has put out a Solarugate Resource Center with

17
00:00:55,640 --> 00:00:57,840
all sorts of threat hunting guidance,

18
00:00:57,840 --> 00:01:04,400
links to blogs on the geopolitical nation-state aspects of

19
00:01:04,400 --> 00:01:08,080
the concerns that we have with the attacks on

20
00:01:08,080 --> 00:01:12,160
the supply chain of so many governments and organizations,

21
00:01:12,160 --> 00:01:14,360
and commercial enterprises.

22
00:01:14,360 --> 00:01:20,040
Pretty much everything Microsoft has on that particular topic is there.

23
00:01:20,040 --> 00:01:22,240
So highly recommend you check that out.

24
00:01:22,240 --> 00:01:23,920
We'll put the URL on the notes,

25
00:01:23,920 --> 00:01:26,960
it's just akms.solarugate.

26
00:01:26,960 --> 00:01:29,680
So quite a bit going on there,

27
00:01:29,680 --> 00:01:34,560
definitely taking up a lot of attention and a lot of oxygen,

28
00:01:34,560 --> 00:01:37,760
the room with regards to information security right now.

29
00:01:37,760 --> 00:01:41,120
The other one that we're still monitoring very closely,

30
00:01:41,120 --> 00:01:45,200
that we don't expect to go away even though we might be distracted from it for

31
00:01:45,200 --> 00:01:46,980
a little bit with the Solarugate piece,

32
00:01:46,980 --> 00:01:49,560
is the human operator ransomware threat.

33
00:01:49,560 --> 00:01:53,360
We are continuing to see the economic indicators on this show,

34
00:01:53,360 --> 00:01:57,640
no sign of the growth of this particular tax stopping.

35
00:01:57,640 --> 00:02:01,560
So that is definitely an area that we're keeping in our sites and

36
00:02:01,560 --> 00:02:03,440
something that we're concerned about.

37
00:02:03,440 --> 00:02:08,920
We will have some further information coming out on that very shortly,

38
00:02:08,920 --> 00:02:11,920
targeting mid-month hoping it stays on track.

39
00:02:11,920 --> 00:02:15,880
The one thing that a lot of these attacks of

40
00:02:15,880 --> 00:02:20,960
significant impact do have in common is that they are going after privileged access.

41
00:02:20,960 --> 00:02:23,720
So accounts, credentials, keys,

42
00:02:23,720 --> 00:02:25,440
in case of the SAML stuff,

43
00:02:25,440 --> 00:02:29,440
the signing key within a SAML authority.

44
00:02:29,440 --> 00:02:32,600
So that's definitely very top of mind for us.

45
00:02:32,600 --> 00:02:37,360
We actually just released some updated evidence on privileged access,

46
00:02:37,360 --> 00:02:44,520
but the approach of taking zero trust to defend against these is definitely covered in there.

47
00:02:44,520 --> 00:02:46,560
That is heavily part of the ransomware piece.

48
00:02:46,560 --> 00:02:49,160
So that will be coming quite shortly.

49
00:02:49,160 --> 00:02:52,400
That's been what I've been monitoring top of mind.

50
00:02:52,400 --> 00:02:58,720
Hi everyone. Actually, I wanted to comment a little bit about the Soloric Regate.

51
00:02:58,720 --> 00:03:00,920
I cannot pronounce it.

52
00:03:00,920 --> 00:03:10,840
I was really surprised of the speed and the actions that were done in a quick manner.

53
00:03:10,840 --> 00:03:18,080
It actually brought into perspective some compromise because it's a matter of how fast

54
00:03:18,080 --> 00:03:21,480
we respond to the problem.

55
00:03:21,480 --> 00:03:28,920
The speed and scope of the actions that were taken in basically a week,

56
00:03:28,920 --> 00:03:37,120
two weeks can be seen under that aka.ms.slash.soloricate article,

57
00:03:37,120 --> 00:03:42,080
where we are discussing all the actions that we have done,

58
00:03:42,080 --> 00:03:45,800
including updating our services,

59
00:03:45,800 --> 00:03:52,120
legal taking control of the DNS domain, use for the malware.

60
00:03:52,120 --> 00:03:55,080
There was a lot of things done.

61
00:03:55,080 --> 00:04:04,000
So what I wanted to bring up is that purchasing all these cloud services is more than just

62
00:04:04,000 --> 00:04:06,480
gaining a technology capability.

63
00:04:06,480 --> 00:04:15,760
It's a partnership with Microsoft and all the capabilities and the power of Microsoft resources available.

64
00:04:15,760 --> 00:04:20,920
So I was really, really surprised about all this.

65
00:04:20,920 --> 00:04:25,960
Now for my news, I took a nice break for the holidays a couple of weeks.

66
00:04:25,960 --> 00:04:32,120
So I haven't been keeping up as much as I would otherwise have.

67
00:04:32,120 --> 00:04:39,600
However, I got really excited about the continuous exports of regulation compliance.

68
00:04:39,600 --> 00:04:44,120
Addition that was done to Azure Security Center.

69
00:04:44,120 --> 00:04:51,800
The reason that I was really excited about this is because I have been working with several customers

70
00:04:51,800 --> 00:04:58,520
that wanted to have all the compliance handled by different groups other than security.

71
00:04:58,520 --> 00:05:02,040
Usually compliance is done by information assurance.

72
00:05:02,040 --> 00:05:09,800
So now we have the capability of exporting that data into a SIEM or other third party tools

73
00:05:09,800 --> 00:05:13,720
and provide more information to the customer.

74
00:05:13,720 --> 00:05:15,880
And it's a real time.

75
00:05:15,880 --> 00:05:19,040
So I was really excited about that.

76
00:05:19,040 --> 00:05:26,680
In another news, I wanted to mention the upcoming webinars that the Microsoft Security Community

77
00:05:26,680 --> 00:05:30,160
will be publishing in the next two months.

78
00:05:30,160 --> 00:05:34,200
Basically in January 7th, there's some Azure Security Center.

79
00:05:34,200 --> 00:05:39,240
It basically talking about the service ledger protection on the 12th.

80
00:05:39,240 --> 00:05:44,440
In the 19th, there will be some about Azure Sentinel.

81
00:05:44,440 --> 00:05:51,160
And on the 20th, it's Azure Defender for IoT, which was formerly known as CyberX,

82
00:05:51,160 --> 00:05:53,760
it's a company that we purchase.

83
00:05:53,760 --> 00:05:59,000
So there's a lot of awesome and free webinars that are coming up.

84
00:05:59,000 --> 00:06:06,560
You can see more information by going to aka.ms.com slash security webinars.

85
00:06:06,560 --> 00:06:10,240
So I have a few things that sort of piqued my interest the last couple of weeks.

86
00:06:10,240 --> 00:06:18,040
The first one is Power BI has now added support for service principles and new admin APIs.

87
00:06:18,040 --> 00:06:26,000
Essentially what this lets you do is create applications that can be, say, a read-only scanner

88
00:06:26,000 --> 00:06:29,760
against the administration interfaces into Power BI.

89
00:06:29,760 --> 00:06:31,960
This is something that customers often do.

90
00:06:31,960 --> 00:06:34,560
They often build their own little admin tools.

91
00:06:34,560 --> 00:06:37,600
In this case, it's a read-only API.

92
00:06:37,600 --> 00:06:42,120
And again, using service principles means you don't have to embed, use principles for

93
00:06:42,120 --> 00:06:47,640
that particular application in code or any kind of configuration information.

94
00:06:47,640 --> 00:06:49,920
Don't go embedding in code, whatever you do.

95
00:06:49,920 --> 00:06:57,640
Next one is Google has deprecated the WebView sign-in support, which means that if you're

96
00:06:57,640 --> 00:07:04,240
using Azure Active Directory, you may have an issue here with B2B collaboration with Google

97
00:07:04,240 --> 00:07:05,240
accounts.

98
00:07:05,240 --> 00:07:09,880
There's going to be a link in the show notes that gives you some ideas about how you can

99
00:07:09,880 --> 00:07:14,360
essentially work around this or change your application so that it continues to work correctly

100
00:07:14,360 --> 00:07:16,360
for your customers.

101
00:07:16,360 --> 00:07:21,720
We've also added support for managed identities in Azure Stream Analytics.

102
00:07:21,720 --> 00:07:22,920
That is now in public preview.

103
00:07:22,920 --> 00:07:25,160
This is actually pretty cool.

104
00:07:25,160 --> 00:07:30,480
Again, I think, you know, I've mentioned this a few times, sort of some waves of technologies

105
00:07:30,480 --> 00:07:36,520
that are coming to multiple platform as a service offerings across Azure.

106
00:07:36,520 --> 00:07:40,520
Things like Private Link, Private Endpoint, which we've talked to at length.

107
00:07:40,520 --> 00:07:44,400
The other one is customer managed keys for persistent data.

108
00:07:44,400 --> 00:07:50,480
Well, another one that we're seeing a lot of traction of is the use of managed identities

109
00:07:50,480 --> 00:07:52,600
for PAS offerings as well.

110
00:07:52,600 --> 00:07:57,160
The nice thing about this is that it allows you to execute that particular application

111
00:07:57,160 --> 00:08:02,360
or that offering under a specific identity, and then you can provide access control to

112
00:08:02,360 --> 00:08:03,360
that specific identity.

113
00:08:03,360 --> 00:08:08,360
Again, this is nice to see another PAS offering supporting managed identities.

114
00:08:08,360 --> 00:08:12,360
If you're confused about managed identities, a managed identity is essentially a service

115
00:08:12,360 --> 00:08:15,240
principle, but it's managed by Azure.

116
00:08:15,240 --> 00:08:17,200
The lifetime is managed by Azure.

117
00:08:17,200 --> 00:08:23,160
The last one I want to bring up really quickly, we've made some announcements around the

118
00:08:23,160 --> 00:08:27,360
border gateway protocol in Azure and how it's used.

119
00:08:27,360 --> 00:08:33,400
Basically, Microsoft back in 2019 joined a group called the Mutually Agreed Norms for

120
00:08:33,400 --> 00:08:35,280
Routing Security.

121
00:08:35,280 --> 00:08:41,160
And this is essentially a group of people trying to solve this problem of improving

122
00:08:41,160 --> 00:08:42,160
routing security.

123
00:08:42,160 --> 00:08:44,080
There's a lot to go through.

124
00:08:44,080 --> 00:08:46,040
There is a blog post on this.

125
00:08:46,040 --> 00:08:50,840
If you're interested in BGP and its impact on cloud security and networking security

126
00:08:50,840 --> 00:08:54,200
in general, then take a look.

127
00:08:54,200 --> 00:09:01,600
That happens to be a somewhat beautiful segue into talking about networking with our guest

128
00:09:01,600 --> 00:09:05,440
this week, most notably Azure Firewall.

129
00:09:05,440 --> 00:09:09,920
This week our special guest is Suren Jamiyanna.

130
00:09:09,920 --> 00:09:13,120
She's going to talk to us this week about Azure Firewall.

131
00:09:13,120 --> 00:09:16,520
First of all, Suren, thank you so much for joining us this week.

132
00:09:16,520 --> 00:09:19,520
Would you care to give us a quick background and how long have you been at Microsoft and

133
00:09:19,520 --> 00:09:20,520
what you do?

134
00:09:20,520 --> 00:09:25,040
Yes, thanks, Michael, for having me on the podcast.

135
00:09:25,040 --> 00:09:28,280
Hi, everyone, listening to the podcast.

136
00:09:28,280 --> 00:09:35,080
My name is Suren Jamiyanna and I am a program manager on the Azure Firewall team.

137
00:09:35,080 --> 00:09:40,280
And before the Azure Firewall team, I also intern at the Azure Stack team.

138
00:09:40,280 --> 00:09:46,720
So that's also a neat product that can help extend your Azure services to the environment

139
00:09:46,720 --> 00:09:48,600
of your choice.

140
00:09:48,600 --> 00:09:56,320
So first question and possibly the most obvious question is what is Azure Firewall, essentially

141
00:09:56,320 --> 00:10:01,280
what are the moving parts, what are its benefits, why would people use this?

142
00:10:01,280 --> 00:10:03,440
Yes, so great question.

143
00:10:03,440 --> 00:10:10,640
So Azure Firewall is a cloud native fully managed firewall as a service.

144
00:10:10,640 --> 00:10:19,280
And so at the core of Azure Firewall is that it is built on Azure, meaning that you can

145
00:10:19,280 --> 00:10:27,800
take advantage of the cloud technology of the fact that you can autoscale Azure Firewall

146
00:10:27,800 --> 00:10:30,880
based on CPU and throughput.

147
00:10:30,880 --> 00:10:36,400
And it is fully and highly available so that at any case if Azure Firewall goes down in

148
00:10:36,400 --> 00:10:42,520
an region, there will always be a backup with zero downtime.

149
00:10:42,520 --> 00:10:50,200
Now with Azure Firewall, the core function of it is to really help you protect your virtual

150
00:10:50,200 --> 00:10:57,320
networks with the ability to govern the traffic that is going in and out of your network.

151
00:10:57,320 --> 00:11:03,000
So we support layer three to layer seven traffic filtering.

152
00:11:03,000 --> 00:11:10,360
In other words, we support filtering on the network, NAT and application layers.

153
00:11:10,360 --> 00:11:18,400
So for example, on the network layer, you can add and manage rules using IP addresses.

154
00:11:18,400 --> 00:11:26,200
And another example for the application layer, you can allow traffic that is going outbound

155
00:11:26,200 --> 00:11:34,000
using based on the protocols of HTTP, HTTPS and MSSQL traffic.

156
00:11:34,000 --> 00:11:41,320
And ultimately, Azure Firewall could be used as a central place to provide complete virtual

157
00:11:41,320 --> 00:11:49,120
network protection that is going in and out of your network to the internet, between Azure

158
00:11:49,120 --> 00:11:51,480
and between your on-premises traffic.

159
00:11:51,480 --> 00:11:52,480
Nice.

160
00:11:52,480 --> 00:11:53,880
So I have a question for you.

161
00:11:53,880 --> 00:12:01,880
So if you look at most cloud environments, you really have one of three possible common

162
00:12:01,880 --> 00:12:03,520
architectures or designs.

163
00:12:03,520 --> 00:12:08,720
So you have platform as a service, you have infrastructure as a service and software as

164
00:12:08,720 --> 00:12:09,720
a service.

165
00:12:09,720 --> 00:12:10,720
Actually, they really should be the other way around.

166
00:12:10,720 --> 00:12:15,720
Infrastructure as a service, platform as a service and software as a service.

167
00:12:15,720 --> 00:12:19,200
One of the beauties of IaaS where you're running essentially a virtual machine of VM is you

168
00:12:19,200 --> 00:12:25,600
can have your own IP addresses, you can determine how traffic goes to that particular IP address,

169
00:12:25,600 --> 00:12:27,320
both in and out.

170
00:12:27,320 --> 00:12:31,080
PaaS services have historically not done that, right?

171
00:12:31,080 --> 00:12:36,080
Because it's a shared resource, they normally have public endpoints.

172
00:12:36,080 --> 00:12:41,320
We over time in Azure have been adding support for things like private link, private endpoints

173
00:12:41,320 --> 00:12:44,400
to specific PaaS offerings.

174
00:12:44,400 --> 00:12:50,720
So with Azure Firewall, does that mean that I can put like a real bonafide packet filtering

175
00:12:50,720 --> 00:12:57,720
stateful firewall in front of say Azure SQL and storage accounts?

176
00:12:57,720 --> 00:13:00,400
Yes, absolutely.

177
00:13:00,400 --> 00:13:05,520
In fact, we see that as a common scenario and benefit.

178
00:13:05,520 --> 00:13:12,280
So we see customers as we see a growing trend toward moving your applications or standing

179
00:13:12,280 --> 00:13:16,400
up Azure SQL server in the cloud.

180
00:13:16,400 --> 00:13:23,920
We really see Azure Firewall as a great tool to lock down and protect your PaaS services

181
00:13:23,920 --> 00:13:26,720
in the cloud.

182
00:13:26,720 --> 00:13:33,760
And so you can place your PaaS services in a virtual network and you can filter traffic

183
00:13:33,760 --> 00:13:39,440
that is going to that virtual network using Azure Firewall.

184
00:13:39,440 --> 00:13:42,800
So we see that as a common scenario.

185
00:13:42,800 --> 00:13:46,320
Does that include egress as well, so ingress and egress?

186
00:13:46,320 --> 00:13:48,600
Yes, that's right.

187
00:13:48,600 --> 00:13:49,600
Nice.

188
00:13:49,600 --> 00:13:55,520
So all channel, my favorite customer questions.

189
00:13:55,520 --> 00:13:56,520
What's new?

190
00:13:56,520 --> 00:14:01,200
What are you all working on that recently released or is stuff that's getting ready to go in

191
00:14:01,200 --> 00:14:03,360
preview and preview?

192
00:14:03,360 --> 00:14:05,880
What kind of stuff is the team focusing on now?

193
00:14:05,880 --> 00:14:14,600
With our most recent set of new features back in November, I want to say, we recently

194
00:14:14,600 --> 00:14:19,240
released custom DNS and DNS proxy.

195
00:14:19,240 --> 00:14:26,560
So what this allows you to do with Azure Firewall is Azure Firewall historically uses Azure

196
00:14:26,560 --> 00:14:31,040
DNS to resolve domain names.

197
00:14:31,040 --> 00:14:38,400
But now with custom DNS, you can use any DNS server that you want to use for your DNS

198
00:14:38,400 --> 00:14:43,880
resolution and have Azure Firewall resolve to that instead of using the default provided

199
00:14:43,880 --> 00:14:48,280
Azure DNS, if that is your security need.

200
00:14:48,280 --> 00:14:54,000
And then DNS proxy with this essentially allows you to lock down is Azure Firewall can now

201
00:14:54,000 --> 00:15:01,960
serve as a DNS proxy between your client all the way to your specified DNS server.

202
00:15:01,960 --> 00:15:09,800
So Azure Firewall can also perform and call to that DNS server that you need.

203
00:15:09,800 --> 00:15:16,760
And what DNS proxy actually also allows you to open up to do with Azure Firewall is now

204
00:15:16,760 --> 00:15:22,960
on the network layer, we have a new feature or a new traffic filtering capability using

205
00:15:22,960 --> 00:15:24,920
FQDNs on the network layer.

206
00:15:24,920 --> 00:15:26,360
So what does that mean?

207
00:15:26,360 --> 00:15:32,520
Instead of typing individual IP addresses on only on the network layer, you can now

208
00:15:32,520 --> 00:15:36,760
specify FQDNs there based on DNS resolution.

209
00:15:36,760 --> 00:15:44,200
So let's say you might have a server that you want to allow access to on the network layer,

210
00:15:44,200 --> 00:15:50,000
if that server has a domain name, and it can resolve to a DNS or excuse me, that server

211
00:15:50,000 --> 00:15:57,000
has a domain name, and it has a resolvable IP address, you can now place Azure Firewall

212
00:15:57,000 --> 00:16:02,760
to perform that DNS resolution and allow that traffic if needed.

213
00:16:02,760 --> 00:16:09,200
In addition, Azure Firewall also added a capability where we can protect your Windows

214
00:16:09,200 --> 00:16:12,560
Virtual Desktop deployments using our new FQDN tag.

215
00:16:12,560 --> 00:16:16,280
So this is also really helpful for your work from home scenarios.

216
00:16:16,280 --> 00:16:22,280
So not only can you use Azure Firewall as a way to protect your servers, you can also

217
00:16:22,280 --> 00:16:27,560
use it to protect your end users on the network.

218
00:16:27,560 --> 00:16:34,520
So that's really helpful, especially if you find that as a greater need in your organization.

219
00:16:34,520 --> 00:16:39,920
What are the common architectures that you have seen these apply to?

220
00:16:39,920 --> 00:16:46,200
Yes, so we see two common architectures using Azure Firewall.

221
00:16:46,200 --> 00:16:54,480
So the first one I want to say is Azure Firewall, you can utilize and place an Azure Firewall

222
00:16:54,480 --> 00:17:01,280
for protecting your virtual networks, either a single virtual network or a hub and spoke

223
00:17:01,280 --> 00:17:04,120
model that we see customers tend to use.

224
00:17:04,120 --> 00:17:09,800
So that means you can have Firewall be placed in a hub, a central hub, and that can be used

225
00:17:09,800 --> 00:17:15,840
to protect multiple spokes or in other words, multiple virtual networks that might represent

226
00:17:15,840 --> 00:17:18,040
a different part of your organization.

227
00:17:18,040 --> 00:17:24,080
Maybe for example, your IT department is one spoke, your marketing department is another

228
00:17:24,080 --> 00:17:29,360
spoke and your sales department is another spoke.

229
00:17:29,360 --> 00:17:35,040
So that's a very common architecture that we see.

230
00:17:35,040 --> 00:17:42,680
And then also a second architecture that we're noticing an increase is deploying an Azure

231
00:17:42,680 --> 00:17:46,280
Firewall within a virtual wide area network.

232
00:17:46,280 --> 00:17:54,360
So this is also helpful if you see your organization really growing and you have more departments,

233
00:17:54,360 --> 00:18:01,800
you have more and an expanded network, Azure Firewall can be deployed in a VWAN or virtual

234
00:18:01,800 --> 00:18:03,360
wide area network.

235
00:18:03,360 --> 00:18:10,240
And that can be done automatically through our new service called Azure Firewall Manager.

236
00:18:10,240 --> 00:18:17,440
And to also kind of share more on the direction of Azure Firewall Manager, we see a lot of

237
00:18:17,440 --> 00:18:21,840
benefits and kind of the future direction of Azure Firewall is this new concept that

238
00:18:21,840 --> 00:18:25,440
we recently released called the Firewall Policy.

239
00:18:25,440 --> 00:18:31,880
So now let's say that your organization is growing even more and you want to maybe add

240
00:18:31,880 --> 00:18:37,360
additional firewalls so that you can provide better protection in different regions.

241
00:18:37,360 --> 00:18:43,800
And instead of manually going and updating all the same rules and configurations in each

242
00:18:43,800 --> 00:18:51,440
individual firewall, well, you can now create a firewall policy one time and simply attach

243
00:18:51,440 --> 00:18:54,160
it to each of those firewalls.

244
00:18:54,160 --> 00:18:58,840
So that really simplifies your firewall configuration.

245
00:18:58,840 --> 00:19:04,920
And let's say that one region maybe in New York, your firewall is a little different than

246
00:19:04,920 --> 00:19:07,400
your firewall in LA.

247
00:19:07,400 --> 00:19:15,920
So we also have the support for a parent policy and a child policy for additional granularity.

248
00:19:15,920 --> 00:19:23,840
One of the issues that I have seen with customers is the ability to integrate with security tools.

249
00:19:23,840 --> 00:19:28,720
Is Azure Firewall has capability to integrate with Azure Sentinel?

250
00:19:28,720 --> 00:19:29,720
Yes.

251
00:19:29,720 --> 00:19:36,960
So Azure Sentinel has a connector that can now ingest Azure Firewall logs.

252
00:19:36,960 --> 00:19:41,800
So this enables you to view log data in the Azure Sentinel workbooks.

253
00:19:41,800 --> 00:19:47,440
You can now create custom alerts and incorporate it to improve your investigation.

254
00:19:47,440 --> 00:19:57,960
So you can see new logs and trends with Azure Firewall, including your throughput utilization,

255
00:19:57,960 --> 00:20:05,000
your network and application hit count, your snap port utilization, and even specific or

256
00:20:05,000 --> 00:20:09,320
top allowed denied FQDNs by count and much more.

257
00:20:09,320 --> 00:20:15,440
So that's a recent integration that we have with the Azure Sentinel team on top of our

258
00:20:15,440 --> 00:20:21,720
existing Azure monitoring and logging tools with Azure Firewall.

259
00:20:21,720 --> 00:20:28,680
So from a customer perspective, what does the cost look like of Azure Firewall?

260
00:20:28,680 --> 00:20:30,760
Are customers seeing cost savings?

261
00:20:30,760 --> 00:20:37,600
Are they using this in place of existing next gen firewalls?

262
00:20:37,600 --> 00:20:40,640
Where are you seeing customers approaching this from a cost perspective?

263
00:20:40,640 --> 00:20:41,880
Yeah.

264
00:20:41,880 --> 00:20:50,520
From a cost perspective, with Azure Firewall, we have a fixed cost when you deploy a firewall,

265
00:20:50,520 --> 00:20:52,200
and we also have a variable cost.

266
00:20:52,200 --> 00:20:58,360
So that's based on your traffic patterns of processing by the firewall.

267
00:20:58,360 --> 00:21:05,360
And typically we see the variable cost is kind of negligible for our larger customers.

268
00:21:05,360 --> 00:21:12,360
And so with the upfront costs, it might be a bigger number than people might expect,

269
00:21:12,360 --> 00:21:17,800
but I also want to encourage listeners when they're looking at deploying an Azure Firewall

270
00:21:17,800 --> 00:21:19,960
in the cloud.

271
00:21:19,960 --> 00:21:27,400
Most customers what we see tend to save about 30 to 50% in terms of cost savings compared

272
00:21:27,400 --> 00:21:29,440
to NBAs.

273
00:21:29,440 --> 00:21:35,760
And the benefit and kind of why that is is actually instead of having to traditionally

274
00:21:35,760 --> 00:21:44,040
stand up your own VMs, invest in licensing, standing up standard load balancers and maintaining

275
00:21:44,040 --> 00:21:47,760
it, the Azure Firewall service does that for you.

276
00:21:47,760 --> 00:21:51,400
So it really abstracts away from it.

277
00:21:51,400 --> 00:21:57,640
And I also want to highlight that the fact that it is, once again, based on the cloud.

278
00:21:57,640 --> 00:22:02,640
So we support a great throughput limit of 30 GBBS.

279
00:22:02,640 --> 00:22:08,800
And you can also reliably account on our high availability so that you don't have to worry

280
00:22:08,800 --> 00:22:13,440
about scaling the virtual machine instances on your own.

281
00:22:13,440 --> 00:22:18,520
We do that for you based on your traffic patterns and your throughput.

282
00:22:18,520 --> 00:22:23,160
So something just dawned on me about this hub and spoke model and cost.

283
00:22:23,160 --> 00:22:28,360
Is this the prime or one of the prime reasons why people go for the hub and spoke model?

284
00:22:28,360 --> 00:22:34,400
Because now I can have one hub with an Azure Firewall and that can take all the traffic

285
00:22:34,400 --> 00:22:35,560
in and all the traffic out.

286
00:22:35,560 --> 00:22:38,400
And I can scale it essentially infinitely, right?

287
00:22:38,400 --> 00:22:40,160
Because you know, cloud scale.

288
00:22:40,160 --> 00:22:45,600
And then all the individual spokes don't have to worry about having to deploy their own

289
00:22:45,600 --> 00:22:48,200
private version of Azure Firewall.

290
00:22:48,200 --> 00:22:52,320
Everything's essentially amortized by having this one firewall in the hub.

291
00:22:52,320 --> 00:22:53,800
Is that a fair comment?

292
00:22:53,800 --> 00:22:55,800
And then obviously the cost savings that come with that.

293
00:22:55,800 --> 00:22:59,160
Yeah, that's a totally fair comment.

294
00:22:59,160 --> 00:23:05,120
Azure Firewall, we see customers use that hub and spoke model for that reason.

295
00:23:05,120 --> 00:23:10,720
It really makes things easier by having a central place to manage and secure your traffic

296
00:23:10,720 --> 00:23:15,280
patterns going into individual virtual networks or individual spokes.

297
00:23:15,280 --> 00:23:19,920
So and it's also an additional added layer of security.

298
00:23:19,920 --> 00:23:27,520
So let's say that you do have a network security group and NSG in each spoke that can be more

299
00:23:27,520 --> 00:23:33,840
granular traffic management that is going between subnets or maybe in your local databases.

300
00:23:33,840 --> 00:23:38,000
You might have a local firewall or excuse me, in your local virtual machines, you might

301
00:23:38,000 --> 00:23:41,320
have a local firewall.

302
00:23:41,320 --> 00:23:46,760
But with Azure Firewall, as you pointed out and noticed, Michael, yeah, you can really

303
00:23:46,760 --> 00:23:52,680
put that outside of that virtual network and protect multiple virtual networks with only

304
00:23:52,680 --> 00:23:54,480
a single firewall.

305
00:23:54,480 --> 00:24:00,480
So it really makes things much more simple and easier to manage.

306
00:24:00,480 --> 00:24:05,240
Yeah, that sounds kind of silly, but it just kind of dawned on me just as you guys are

307
00:24:05,240 --> 00:24:07,240
talking about it.

308
00:24:07,240 --> 00:24:14,240
Anyway, I think again, I'm an application security guy, so don't go really cool on

309
00:24:14,240 --> 00:24:15,240
me.

310
00:24:15,240 --> 00:24:20,040
Anyway, with that, one thing we'd like to ask our guests is, do you have a final thought,

311
00:24:20,040 --> 00:24:22,320
something you'd like to leave our listeners with?

312
00:24:22,320 --> 00:24:32,880
Yeah, so some final takeaways that I would love to share to our listeners are that, so

313
00:24:32,880 --> 00:24:38,920
Azure Firewall, I want to go back and kind of go back to the beauty of Azure Firewall,

314
00:24:38,920 --> 00:24:44,880
which is the fact that it is a cloud native, fully managed firewall as a service.

315
00:24:44,880 --> 00:24:51,760
So it has really deep functionalities and filtering traffic, really neat features to

316
00:24:51,760 --> 00:24:55,040
help you lock down your traffic patterns.

317
00:24:55,040 --> 00:25:06,440
And that really helps you take less focus on the manual upkeep and setting up your own

318
00:25:06,440 --> 00:25:13,000
infrastructure with network security, and we do that for you in a kind of a fully managed

319
00:25:13,000 --> 00:25:19,200
sense, and so that you can ultimately focus on what's most important, which is securing

320
00:25:19,200 --> 00:25:24,320
your applications, securing your workloads and your network.

321
00:25:24,320 --> 00:25:33,600
And Azure Firewall, we have a lot of new features and announcements coming up, so it's an awesome

322
00:25:33,600 --> 00:25:40,040
high technology that I encourage you to stay tuned and check out.

323
00:25:40,040 --> 00:25:42,400
Well, thank you so much for joining us this week, Sirene.

324
00:25:42,400 --> 00:25:45,600
I really appreciate it, and I learned a few things.

325
00:25:45,600 --> 00:25:49,040
Azure Firewall has been one of those features I've been meaning to sort of kick the tires

326
00:25:49,040 --> 00:25:52,840
on for some time now, so you've certainly filled in some of the gaps.

327
00:25:52,840 --> 00:25:54,440
Thank you to everyone out there for listening.

328
00:25:54,440 --> 00:25:56,880
We really appreciate you taking the time.

329
00:25:56,880 --> 00:26:01,480
If you haven't done it already, please feel free to go ahead and subscribe to this podcast

330
00:26:01,480 --> 00:26:03,400
in all the usual places.

331
00:26:03,400 --> 00:26:06,480
And with that, everyone out there, stay safe, and we'll see you next time.

332
00:26:06,480 --> 00:26:09,800
Thanks for listening to the Azure Security Podcast.

333
00:26:09,800 --> 00:26:16,600
You can find show notes and other resources at our website, azsecuritypodcast.net.

334
00:26:16,600 --> 00:26:21,760
If you have any questions, please find us on Twitter at azuresetpod.

335
00:26:21,760 --> 00:26:41,440
Music is from ccmixter.com, and licensed under the Creative Commons license.