Monitoring Privileged Access on SQL Server


It's all about protecting data these days and one of the main places that data resides is of course on databases. But there are a lot of people with privileged access to that data once you add up:

  • Application admins
  • Database admins
  • Operating system admins

Unless you are taking advantage of some rather rarefied technology you have no preventive controls over anyone with legitimate privileged access – much less an attacker that follows a horizontal kill chain through your network until he manages to get privileged access to your database.

The only solution is a high integrity audit trail of privileged access. The Windows Security Log alone won’t do the job since it only tracks what's happening at the OS layer. You need to track what's happening at the database level and you need to get those logs off the database where they are exposed to tampering by the very privileged users for whom we are trying to mitigate risk.

In this real training for free ™ webinar I will show you how to leverage the native auditing capability of Microsoft SQL Server 2008 and later to track privileged users. Here are some of the types of activity I’ll show you how to audit:

  • Administrator initiated backups and database exports
  • Ad hoc queries on confidential tables by admins
  • Manual updates on tables that require integrity for financial reporting or other reasons
  • Creation of new principals
  • Changes to roles and permissions

That's just a few examples. SQL Server 2008 and later give you the ability to audit

  • Just the actions you care about
  • For just objects you care about
  • For just the users you care about

Microsoft has done a great job with SQL Server's audit specification design. But there are some challenges with getting that audit data off the database server and into your SIEM without installing agents or causing other security, performance or stability problems. That's where our sponsor, LOGbinder, comes in. LOGbinder for SQL Server installs in 5 minutes and translates the binary SQL Server audit log into intelligible events it then send to you SIEM – without touching SQL Server with one byte of code or a single packet! I'll briefly show you how that's possible.

Join me for this technical and practical session. Please register now!



Additional Resources