Today when talking about the Azure blob storage and the levels of protection that you have available, there are two main categories - authentication and authorization-based protections using storage account access keys and SAS tokens AND the newly released Service Endpoints that provides network-based access control allowing customers to define which networks can access the blob storage BUT while these two levels of protection are great, there’s still no threat protection. In other words, depending on how your Azure services use the blob storage, there’s nothing stopping a malicious entity from uploading malicious content like malware or ransomware and then spreading it to other services using the blob storage as long as they can gain access to it.
From a security perspective, this is not great as it means that as long as you have access from an authentication or network access level, you can upload and spread malware or ransomware. What we want instead is to add an additional layer of security using the Sophos XG firewall to ensure the integrity of content that are being uploaded to or downloaded from our Azure blob storage. This video shows you how.
This thread was automatically locked due to age.