How to Detect Unauthorized Queries Against Sensitive SQL Databases without all the Noise of the Trusted Application

Webinar Registration

The master copy of your most sensitive databases is probably in SQL Server. Your business application enforces all the business rules, validation, user roles, etc. To circumvent all that security all you have to do is logon to SQL directly via ODBC or another connection method. Update account balances, change transaction times or amounts, insert bogus transactions, query credit card numbers, etc, etc. To be fair some applications have reports that will show balances being off unless the attacker really understands the ramifications of their tampering and carefully manages their efforts. But theft of confidential information from databases leaves no trace in the application and very little, if any, in Windows.

You must catch it at the database layer because that’s where it's occurring.

The good news is SQL Server's native auditing rocks and the most recent versions of SQL Server address one of the most vexing issues with tracking access to sensitive tables, stored procedures and other objects in SQL: How do you audit every access to a given table or other object without getting the massive glut of events generated by the trusted application server itself?

You can do this by setting up a filter on the Audit object in SQL Server.

In this real training for free ™ webinar. I'll show you how to audit access to sensitive tables, store procedures and other objects in SQL Server while safely filtering out the noise.

We can enable auditing SELECT for specific tables in SQL Server and explicitly filter out access by the application. This results in a 99% reduction in noise.

We can audit execution of important stored procedures or Update/Insert/Delete commands that bypass stored procedures executed by the application.

But like all good paranoid security professionals you probably worry about someone fraduently using the trusted application account. I'll show you how to detect indicators that a privileged user is misusing the account of the trusted application server to hide their tracks.

I'll finish up briefly showing you how our sponsor, LOGbinder, enables you to get this treasure trove of audit data into your SIEM without ever touching your production SQL Servers. You DB admins will love you for that.

Please join me for this real training for free ™ event.

Required

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
Do you have SQL Server 2008 or later deployed or planned as an upgrade?:	RequiredRequired
Do you have a log management solution in place?:	RequiredRequired
What is your LOG Management/SIEM?:	RequiredRequired
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.