Azure Defender for SQL is now generally available for use with SQL Server on premises, in multicloud deployments on Amazon Web Services (AWS), and Google Cloud Platform (GCP), and in virtual machines on Azure. Azure Defender for SQL constantly monitors your SQL Server for known vulnerabilities and threats. Microsoft recommends that customers protect their production instances of SQL with Azure Defender for SQL as part of their overall security strategy.
See how Azure Defender for SQL can help you avoid, detect and respond to a popular attack
Attackers often laterally traverse within organizations to discover and exfiltrate data, making data sources including SQL Server popular targets. Customers should implement the standard security best practices for SQL Server including encryption and network security. Because threats are constantly evolving, it is also important to monitor your SQL Server for threats and that’s where Azure Defender for SQL plays an important role. Today’s new announcements coupled with the previously released support for Azure SQL Database means that Azure Defender can protect Microsoft SQL wherever you are running it.
Just a few examples of top security issues identified by Azure Defender for SQL include potential SQL injections, brute force attacks, anomalous database access, and suspicious activities based on threat intelligence enrichment. Here are just two cases discovered and resolved by customers during the preview of Azure Defender for SQL:
- A customer who was experiencing recurring ransomware attacks used Azure Defender for SQL to discover that the attacker’s access point was the SQL Server. The customer then mitigated the active ransomware attack which started by brute-forcing a weak password in SQL Server and then executing shell scripts.
- A securely configured SQL Server behind a firewall showed only known legitimate logins. Azure Defender for SQL detected that a machine behind a gateway with allowed access to the SQL Server was also communicating with a honeypot and had been breached.
Azure Defender for SQL Server also includes vulnerability assessment with baseline configuration to customize the service to your environment, benchmark information, and remediation scripts to help you mitigate identified risks.
The diagram below shows how Azure Defender for SQL works for Azure Arc enabled SQL Server. Azure Defender for SQL makes it easy to monitor on-premises and multicloud servers leveraging Azure Arc and you can view all of your protected SQL Servers regardless of where they are running in a single pane of glass in Azure.
Figure 1: Integration of Azure Arc enabled SQL Server and Azure Defender.
Azure Defender for SQL is just one component of the Azure Defender stack, which also protects virtual machines, storage, and containers. In addition, you will benefit from centralized management for security, integration with Azure Secure Score, and native integration with Azure Sentinel.
Get started today
We recommend that you protect your SQL Servers today, whether they are in Azure, on-premises, or in other clouds with Azure Defender for SQL. To learn more visit our documentation page.
To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
Thanks to Roy Levin and Andrey Karpovsky from Azure Security Center research team for their contributions to this article.