Top 6 Security Events to Monitor in SQL Server


SQL Server is everywhere and holds so much of a typical organizations sensitive data. But very few organizations are monitoring key security events in SQL Server like:
  • Admin authority changes
  • Permission changes
  • Role membership
  • Security setting changes
  • Failed logons
  • Data exports by privileged users
Regulators and auditors are increasingly recognizing the gap in controls that currently exists with regard to database monitoring.
Ideally, we’d like the same ability for SQL Server as we have for the Windows security log which includes the ability to monitor user account and group maintenance, permission changes and security policy modifications. We need these same events from SQL Server and we need to get them into our SIEM or log management solution.
In the old days, the few native SQL audit capabilities were an all or nothing proposition – meaning that absolutely each and every operation, including all queries, were logged. This created an untenable performance and storage burden.
The good news is that in SQL Server 2008 and 2012 we finally have a true security log capability that allows you to create a very flexible audit policy ensuring that only sensitive operations are tracked.
In this webinar, I will show you:
  • The top security events to monitor in SQL Server
  • How to enable SQL auditing for those high security operations without bogging everything down with other activity
  • Where to find those events and how to interpret them
Then, I’ll finish up with discussing your options for getting these valuable security events into your SIEM/log management solution. I’ll briefly show how LOGbinder, this webinar’s sponsor, allows you to connect SQL Server’s new audit capability to your SIEM without touching or impacting production SQL Servers in anyway.
Don’t miss this real training for free™! Please register now!


Additional Resources