Azure DDoS protection

Intégration

Permet de lutter contre les DDoS, pour protéger les ressource groupe et les Azure Network security groups et Network segmentation.
Alertes de sécurité sur : Azure Monitor à remplir

Fontionnment

Az DDoS prot protège au couches 3 et 4, il monitore le traffic entrant 24/24, analyse le traffic normal pour détecter les attaques (IA) et renvoies des données sur les alertes etc...
Ces données peuvent ensuite être utilisées dans Az Monitor, Az Events Hub, Az Monitor Logs, Az monitor diagnostics inferface
Il existe deux tiers pour la la protection DDoS :

DDos Network protection : ca fait bcp de trucs
DDoS IP protection : tu payes par IP protégées, mais tu as pas DDoS rapid response support, cost protection et pas de discount sur WAF
Il y a une application basiques intégrées dans Azure pour gérer les DDoS mais elle ne donne pas de logs, ne permet pas de gérer autant de données.

Az DDoS protection peut être utilisé sur de multiples subscription à travers un tenant.

Pour améliorer la protection en analysant la couche 7 il faut ajouter un WAF

La protection DDoS fonctionne par tenants il n'y a donc pas besoin d'en mettre en place sur chaque subscription.

Bonus

Key Features

Always-on traffic monitoring: Your application traffic patterns are monitored 24 hours a day, 7 days a week, looking for indicators of DDoS attacks. Azure DDoS Protection instantly and automatically mitigates the attack, once it's detected.
Adaptive real time tuning: Intelligent traffic profiling learns your application's traffic over time, and selects and updates the profile that is the most suitable for your service. The profile adjusts as traffic changes over time.
DDoS Protection analytics, metrics, and alerting: Azure DDoS Protection applies three auto-tuned mitigation policies (TCP SYN, TCP, and UDP) for each public IP of the protected resource, in the virtual network that has DDoS enabled. The policy thresholds are auto-configured via machine learning-based network traffic profiling. DDoS mitigation occurs for an IP address under attack only when the policy threshold is exceeded.
- Attack analytics: Get detailed reports in five-minute increments during an attack, and a complete summary after the attack ends. Stream mitigation flow logs to Microsoft Sentinel or an offline security information and event management (SIEM) system for near real-time monitoring during an attack. See View and configure DDoS diagnostic logging to learn more.
- Attack metrics: Summarized metrics from each attack are accessible through Azure Monitor. See View and configure DDoS protection telemetry to learn more.
- Attack alerting: Alerts can be configured at the start and stop of an attack, and over the attack's duration, using built-in attack metrics. Alerts integrate into your operational software like Microsoft Azure Monitor logs, Splunk, Azure Storage, Email, and the Azure portal. See View and configure DDoS protection alerts to learn more.
Azure DDoS Rapid Response: During an active attack, customers have access to the DDoS Rapid Response (DRR) team, who can help with attack investigation during an attack and post-attack analysis. For more information, see Azure DDoS Rapid Response.
Native platform integration: Natively integrated into Azure. Includes configuration through the Azure portal. Azure DDoS Protection understands your resources and resource configuration.
Turnkey protection: Simplified configuration immediately protects all resources on a virtual network as soon as DDoS Network Protection is enabled. No intervention or user definition is required. Similarly, simplified configuration immediately protects a public IP resource when DDoS IP Protection is enabled for it.
Multi-Layered protection: When deployed with a web application firewall (WAF), Azure DDoS Protection protects both at the network layer (Layer 3 and 4, offered by Azure DDoS Protection) and at the application layer (Layer 7, offered by a WAF). WAF offerings include Azure Application Gateway WAF SKU and third-party web application firewall offerings available in the Azure Marketplace.
Extensive mitigation scale: All L3/L4 attack vectors can be mitigated, with global capacity, to protect against the largest known DDoS attacks.
Cost guarantee: Receive data-transfer and application scale-out service credit for resource costs incurred as a result of documented DDoS attacks.