How to Detect Unauthorized Queries Against Sensitive SQL Databases without all the Noise of the Trusted Application

Webinar Registration

The master copy of your most sensitive databases is probably in SQL Server. Your business application enforces all the business rules, validation, user roles, etc. To circumvent all that security all you have to do is logon to SQL directly via ODBC or another connection method. Update account balances, change transaction times or amounts, insert bogus transactions, query credit card numbers, etc, etc. To be fair some applications have reports that will show balances being off unless the attacker really understands the ramifications of their tampering and carefully manages their efforts. But theft of confidential information from databases leaves no trace in the application and very little, if any, in Windows.

You must catch it at the database layer because that’s where it's occurring.

The good news is SQL Server's native auditing rocks and the most recent versions of SQL Server address one of the most vexing issues with tracking access to sensitive tables, stored procedures and other objects in SQL: How do you audit every access to a given table or other object without getting the massive glut of events generated by the trusted application server itself?

You can do this by setting up a filter on the Audit object in SQL Server.

In this real training for free ™ webinar. I'll show you how to audit access to sensitive tables, store procedures and other objects in SQL Server while safely filtering out the noise.

We can enable auditing SELECT for specific tables in SQL Server and explicitly filter out access by the application. This results in a 99% reduction in noise.

We can audit execution of important stored procedures or Update/Insert/Delete commands that bypass stored procedures executed by the application.

But like all good paranoid security professionals you probably worry about someone fraduently using the trusted application account. I'll show you how to detect indicators that a privileged user is misusing the account of the trusted application server to hide their tracks.

I'll finish up briefly showing you how our sponsor, LOGbinder, enables you to get this treasure trove of audit data into your SIEM without ever touching your production SQL Servers. You DB admins will love you for that.

Please join me for this real training for free ™ event.

 
First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
Do you have SQL Server 2008 or later deployed or planned as an upgrade?:
Do you have a log management solution in place?:
What is your LOG Management/SIEM?:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.

 

 

Additional Resources