We are excited to announce that this week we have made Threat Detection available for preview on Azure SQL Database. Azure SQL Database Threat Detection provides a new layer of security to your database by detecting anomalous database activities which may indicate a common threat like SQL injection attacks.
The introduction of this feature helps customers detect and respond to potential threats as they occur. Users can immediately explore the potential threat by using SQL database auditing to determine if the event is the result of an attempt to access, breach or exploit data in the database.
The benefits of Azure SQL Database Threat Detection include:
- Simple configuration of SQL threat detection policy via Azure portal.
- Clear email alerts upon detection of suspicious databases queries indicating potential SQL injection events.
- Ability to explore the audit log around the time of the event using the Azure portal or pre-configured excel template.
- No need to modify database procedures or application code.
Steven Berkovitz, CTO at OrderDynamics said:
“We were really impressed when Azure SQL Database Threat Detection identified a vulnerability during a penetration test that was missed by the pen-tester. Automatic features like this help us build and operate a PCI-compliant product in Azure with confidence. SQL Database Threat Detection allows us to exceed the minimum PCI requirements with next to no extra effort on our side. We can now detect and respond to potential threats without the need for expensive third party tools.”
Threat Detection is one of several security features for Azure SQL Database, which serve to protect data, control access and monitor database activity. Collectively, these features provide a comprehensive security solution for your applications and data in Azure.
How to set up Threat Detection
You need to start with the latest service version of SQL Database (V12) and configure Threat Detection for your database with a few simple steps in the Azure management portal.
- Launch the Azure portal.
- Navigate to the configuration blade of the SQL Database you want to monitor. In the Settings blade, select Auditing & Threat Detection.
- Turn ON auditing, which will display the Threat detection settings.
- Turn ON Threat detection and configure the list of emails that will receive security alerts upon detection of anomalous database activities.
- Click Save to save the new or updated auditing and threat detection policy.
Note: Enabling Threat Detection requires that Auditing be turned on and at least one configured email address to receive notifications.
Threat Detection Demo
Check out our Threat Detection demo, which demonstrates a walkthrough of the setup, detection and investigation experience of a SQL injection attack. SQL injection is one of the most common database threats, which exploits data-driven application vulnerabilities by injecting malicious SQL statements into application entry fields.
We’re interested in learning how this feature is serving your security requirements. Please leave any feedback or questions in the comments below.