For example, applications might migrate to a new network, but rules referencing the former network remain. Or teams could unknowingly duplicate rules throughout a policy hierarchy.<\/p>\n
At an organization like Microsoft with more than 80 firewalls in operation, those kinds of problems can scale rapidly. As a result, MDEE engineers need to keep a close eye on policies.<\/p>\n
Policy analytics was one of the most sought-after features in Microsoft Azure Firewall Manager. What out-of-the-box experience could give us a sense of what happens with our policies or how we\u2019re using rules? How can I improve my security posture or the performance of the firewall?<\/p>\n
\u2014Mark Gakman, senior product manager, Microsoft Azure Firewall product team<\/p>\n<\/blockquote>\n
\u201cPolicy management is a very process-heavy operation in general,\u201d McCleery says. \u201cAcross the several thousand virtual networks we oversee, managing rules is our top volume.”<\/p>\n
To streamline MDEE\u2019s efforts and combat vulnerabilities, the logical next step was providing visibility into policy management over time to generate actionable insights.<\/p>\n
\u201cPolicy analytics was one of the most sought-after features in Microsoft Azure Firewall Manager,\u201d says Mark Gakman, senior product manager on the Azure Firewall product team. \u201cWhat out-of-the-box experience could give us a sense of what happens with our policies or how we\u2019re using rules? How can I improve my security posture or the performance of the firewall?\u201d<\/p>\n
A collaboration between Microsoft Azure engineers and MDEE led to Policy Analytics for Microsoft Azure Firewall Manager.<\/p>\n
Policy Analytics with Microsoft Azure Firewall Manager<\/h2>\n Our Policy Analytics feature focuses on providing oversight on all rules in operation across an enterprise\u2019s entire firewall ecosystem.<\/p>\nThe Policy Analytics feature for Microsoft Azure Firewall Manager provides insights into network rules across a consolidated firewall ecosystem.<\/figcaption><\/figure>\nFour key Policy Analytics features deliver insights for network engineers:<\/p>\n
\nFirewall flow logs<\/strong> display the traffic flowing through Microsoft Azure Firewall, hit rates, and network and application rule matches. This view helps identify top flows across all rules, filtered by specific sources, destinations, ports, and protocols.<\/li>\nRule analytics<\/strong> present traffic flows mapped to destination network address translation (DNAT), network, and application rules. This provides enhanced visibility into all flows matching a rule over time. As a result, users can analyze rules across both parent and child policies.<\/li>\nThe policy insight panel<\/strong> aggregates insights and highlights recommendations to optimize Microsoft Azure Firewall policies.<\/li>\nSingle-rule analysis<\/strong> analyzes traffic flows matching the selected rule, then recommends optimizations based on intelligent insights.<\/li>\n<\/ul>\nThese features help MDEE cloud network engineers identify patterns associated with different kinds of vulnerabilities including fat flows, top talkers, underutilized rules, and duplicate policies.<\/p>\n
For the MDEE engineers supporting our internal corporate network, the top priority was eliminating duplicate rules. These introduce risk into networks by creating backdoor entry points, which complicate rule management and slow firewall performance among other problems.<\/p>\n
We get weekly tickets saying users can\u2019t connect from a particular source to a particular destination. But we just type in a source IP and we can see what\u2019s happening at a pretty high level\u2014very quickly. So from an on-call perspective for direct-response individuals like me, it’s been a huge help.<\/p>\n
\u2014Beth Garrison, principal cloud network engineer, Microsoft Digital Employee Experience<\/p>\n<\/blockquote>\n
With the added visibility that Policy Analytics provides, the team managed to discover 1,400 duplicate rules and eliminate more than 1,200 of them. Clearing these duplicates has both significantly improved our security posture and paved the way for automated ACL updates to run more smoothly.<\/p>\n
An improved security posture is a massive win for our corporate networks as a whole. But for Garrison and her team of cloud network engineers, the biggest impact has been time savings, especially in their troubleshooting work.<\/p>\n
\u201cWe get weekly tickets saying users can\u2019t connect from a particular source to a particular destination,\u201d Garrison says. \u201cBut we just type in a source IP and we can see what\u2019s happening at a pretty high level very quickly. So from an on-call perspective for direct-response individuals like me, it’s been a huge help.\u201d<\/p>\n
By Garrison\u2019s estimate, analytics queries that used to take five or 10 minutes now clock in at around 30 seconds. Those time savings translate to better service and more flexibility for her team.<\/p>\n
The emerging possibilities of Policy Analytics<\/h2>\n Policy Analytics for Microsoft Azure Firewall Manager is currently in public preview. Even at this early stage, the response from customers has been incredible.<\/p>\n
\u201cThis solves a big pain point for large organizations with tens or hundreds of firewall deployments,\u201d Gakman says. \u201cAfter only six months in preview, more than 1,000 enterprise customers have activated Policy Analytics. From the conversations I\u2019m having, the demand for these capabilities is strong.\u201d<\/p>\n
The team continues to add more analysis and features as Policy Analytics matures. One of the most exciting developments is the ongoing growth of intelligent recommendations for single-rule analysis.<\/p>\n
That kind of support is especially helpful for organizations who don\u2019t have cloud network engineers in their IT organizations. By following AI-driven, automated recommendations when a user zooms in on a particular rule, even teams who lack network expertise will be able to increase their security posture.<\/p>\n
For our support teams and our customers\u2019 IT professionals, Policy Analytics for Microsoft Azure Firewall Manager is one more step toward a truly cloud-driven business world.<\/p>\n
\u201cIt\u2019s a feature, but it\u2019s really the underpinning for a whole discipline within my team,\u201d McCleery says. \u201cOur biggest goal is helping people and processes work at the pace of the cloud.\u201d<\/p>\n
<\/p>\n
\nThe tech is the easy part: Focus on people and process as you\u2019re developing solutions.<\/li>\n If it’s not measured, it’s not valued. Do everything you can to get the data on the table.<\/li>\n Deploy to your most underutilized firewalls first to build confidence and comfort.<\/li>\n Get in the habit of looking into your rules periodically and adjustments will become simpler over time.<\/li>\n<\/ul>\n <\/p>\n
\nWatch how Microsoft\u2019s IT teams manage our corporate firewalls with Microsoft Azure Firewall Manager.<\/a><\/li>\nLearn about the ways that Microsoft Azure AD MFA enhances remote security at Microsoft.<\/a><\/li>\nSee how next-generation connectivity is transforming our enterprise network.<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"Imagine an enterprise company with dozens or hundreds of firewalls, each with its own set of policies for keeping corporate networks secure. That was the situation here at Microsoft until our IT teams started using Microsoft Azure Firewall Manager. This platform helped streamline and centralize their control over our large firewall ecosystems. It also cleared…<\/p>\n","protected":false},"author":115,"featured_media":9481,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1],"tags":[115,95],"coauthors":[622],"jetpack_publicize_connections":[],"yoast_head":"\n
Enhancing Microsoft\u2019s security posture with Microsoft Azure Firewall Manager - Inside Track Blog<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n \n\t \n\t \n\t \n