Monitoring Privileged Access on SQL Server

Webinar

It's all about protecting data these days and one of the main places that data resides is of course on databases. But there are a lot of people with privileged access to that data once you add up:

Application admins
Database admins
Operating system admins

Unless you are taking advantage of some rather rarefied technology you have no preventive controls over anyone with legitimate privileged access – much less an attacker that follows a horizontal kill chain through your network until he manages to get privileged access to your database.

The only solution is a high integrity audit trail of privileged access. The Windows Security Log alone won’t do the job since it only tracks what's happening at the OS layer. You need to track what's happening at the database level and you need to get those logs off the database where they are exposed to tampering by the very privileged users for whom we are trying to mitigate risk.

In this real training for free ™ webinar I will show you how to leverage the native auditing capability of Microsoft SQL Server 2008 and later to track privileged users. Here are some of the types of activity I’ll show you how to audit:

Administrator initiated backups and database exports
Ad hoc queries on confidential tables by admins
Manual updates on tables that require integrity for financial reporting or other reasons
Creation of new principals
Changes to roles and permissions

That's just a few examples. SQL Server 2008 and later give you the ability to audit

Just the actions you care about
For just objects you care about
For just the users you care about

Microsoft has done a great job with SQL Server's audit specification design. But there are some challenges with getting that audit data off the database server and into your SIEM without installing agents or causing other security, performance or stability problems. That's where our sponsor, LOGbinder, comes in. LOGbinder for SQL Server installs in 5 minutes and translates the binary SQL Server audit log into intelligible events it then send to you SIEM – without touching SQL Server with one byte of code or a single packet! I'll briefly show you how that's possible.

Join me for this technical and practical session. Please register now!

Click here to watch the webinar now

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.