This blog has been co-authored by Anupam Vij, Principal PDM Manager.
Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. While cyber-attacks are on the rise, they typically make the news only when a large organization has fallen victim to an attack. However, contrary to what many may think, small and medium businesses (SMBs) are just as enticing to cybercriminals.1 While large organizations have the resources needed to protect themselves, small businesses often lack the budget and qualified staff to defend against DDoS attacks.
At Microsoft, we continuously enhance our product offerings to meet the needs of all organizations, including helping SMBs on their digital transformation journey by ensuring that they are protected against the latest DDoS attack vectors. As we shared at Microsoft Ignite, Azure DDoS IP Protection SKU, a new SKU of Azure DDoS Protection built for SMBs, is now available in preview.
Cost-effective, enterprise-grade DDoS protection for small businesses
DDoS IP Protection is designed to meet the needs of SMBs, providing enterprise-grade DDoS protection at an affordable price point. It offers the same essential capabilities as Azure DDoS Network Protection (previously known as Azure DDoS Protection Standard) to protect your resources and applications against evolving DDoS attacks, including L3/L4 automatic attack detection and mitigation, metrics and alerts, mitigation flow logs, mitigation policies tuned to customer applications, and tight integration with Azure Firewall Manager, Microsoft Sentinel, and Microsoft Defender for Cloud.
With the DDoS IP Protection SKU, customers now have the flexibility to enable DDoS protection on individual public IP addresses. SMB customers who have a few public IP addresses to protect will benefit from this cost-effective DDoS protection option.
Key features of Azure DDoS IP Protection
- Massive mitigation capacity and scale: Defend your workloads against the largest and most sophisticated attacks with cloud-scale DDoS protection backed by Azure’s global network.
- Adaptive tuning: Protect your apps and resources while minimizing false positives with adaptive tuning tuned to the scale and actual traffic patterns of your application.
- Attack analytics, metrics, and logging: Monitor DDoS attacks near real-time and respond quickly to attacks with visibility into the attack lifecycle, vectors, and mitigation.
- Integration with Azure Firewall Manager: Centrally manage your DDoS protection across your environment alongside other network security services.
- Integration with Microsoft Sentinel and Microsoft Defender for Cloud: Strengthen your security posture with rich attack analytics and telemetry integrated with Microsoft Sentinel and security alerts and recommendations provided by Microsoft Defender for Cloud.
Choosing the right DDoS protection SKU for your needs
Azure DDoS protection now offers two SKUs:
- DDoS IP Protection is recommended for SMB customers with a few public IP resources who need a comprehensive DDoS protection solution that is fully managed, and easy to deploy and monitor.
- DDoS Network Protection (previously known as Azure DDoS Protection Standard) is recommended for larger enterprises and organizations looking to protect their entire deployment that spans multiple virtual networks and includes many public IP addresses. It also offers value-added features like cost protection, DDoS Rapid Response, and discounts on Azure Web Application Firewall.
Let’s see a detailed comparison of these two SKUs:
Azure DDoS IP Protection pricing
With DDoS IP Protection SKU, you only pay for the public IP resources protected. The monthly cost is fixed for each public IP resource protected with no additional variable costs. Prices may vary by region. Billing for IP Protection will be effective starting on February 1, 2023. For more details on pricing, visit the Azure DDoS Protection pricing page.
DDoS IP Protection is currently available in preview in select regions and can only be enabled on Public IP Standard SKU. DDoS IP Protection is currently only available in the Azure Preview Portal and will be made available on the Azure Portal soon.
For more information on DDoS IP Protection, see the following:
1Diving back into SMB breaches, Data Breach Investigation Report, 2021, Verizon.com.