Azure SQL Database Threat Detection has been in preview for a few months now. We’ve onboarded many customers and received some great feedback. We would like to share a few customer experiences that demonstrate how Azure SQL Database Threat Detection helped address their concerns about potential threats to their database.
What is Azure SQL Database Threat Detection?
Azure SQL Database Threat Detection is a new security intelligence feature built into the Azure SQL Database service. Working around the clock to learn, profile and detect anomalous database activities, Azure SQL Database Threat Detection identifies potential threats to the database.
Security officers or other designated administrators can get an immediate notification about suspicious database activities as they occur. Each notification provides details of the suspicious activity and recommends how to further investigate and mitigate the threat.
Currently, Azure SQL Database Threat Detection detects potential vulnerabilities and SQL injection attacks, as well as anomalous database access patterns. The following customer feedback attests to how Azure SQL Database Threat Detection warned them about these threats as they occurred and helped them improve their database security.
Case #1: Attempted database access by former employee
Borja Gómez, architect and development lead at YesEnglish
“Azure SQL Database Threat Detection is a useful feature that allows us to detect and respond to anomalous database activities, which were not visible to us beforehand. As part of my role designing and building Azure-based solutions for global companies in the Information and Communication Technology field, we always turn on Auditing and Threat Detection, which are built-in and operate independently of our code. A few months later, we received an email alert that "Anomalous database activities from unfamiliar IP (location) was detected." The threat came from a former employee trying to access one of our customer’s databases, which contained sensitive data, using old credentials. The alert allowed us to detect this threat as it occurred, we were able to remediate the threat immediately by locking down the firewall rules and changing credentials, thereby preventing any damage. Such is the simplicity and power of Azure.”
Case #2: Preventing SQL Injection attacks
Richard Priest, architectural software engineer at Feilden Clegg Bradley Studios and head of the collective at Missing Widget
“Thanks to Azure SQL Database Threat Detection, we were able to detect and fix code vulnerabilities to SQL injection attacks and prevent potential threats to our database. I was extremely impressed how simple it was to enable the threat detection policy using the Azure portal, which required no modifications to our SQL client applications. A while after enabling Azure SQL Database Threat Detection, we received an email notification about ‘An application error that may indicate a vulnerability to SQL injection attacks.’ The notification provided details of the suspicious activity and recommended concrete actions to further investigate and remediate the threat. The alert helped me to track down the source my error and pointed me to the Microsoft documentation that thoroughly explained how to fix my code. As the head of IT, I now guide my team to turn on Azure SQL Database Auditing and Threat Detection on all our projects, because it gives us another layer of protection and is like having a free security expert on our team.”
Case #3: Anomalous access from home to production database
Manrique Logan, architect and technical lead at ASEBA
“Azure SQL Database Threat Detection is an incredible feature, super simple to use, empowering our small engineering team to protect our company data without the need to be security experts. Our non-profit company provides user-friendly tools for mental health professionals, storing health and sales data in the cloud. As such we need to be HIPAA and PCI compliant, and Azure SQL Database Auditing and Threat Detection help us achieve this. These features are available out of the box, and simple to enable too, taking only a few minutes to configure. We saw the real value from these not long after enabling Azure SQL Database Threat Detection, when we received an email notification that ‘Access from an unfamiliar IP address (location) was detected.' The alert was triggered as a result of my unusual access to our production database from home. Knowing that Microsoft is using its vast security expertise to protect my data gives me incredible peace of mind and allows us to focus our security budget on other issues. Furthermore, knowing the fact that every database activity is being monitored has increased security awareness among our engineers. Azure SQL Database Threat Detection is now an important part of our incident response plan. I love that Azure SQL Database offers such powerful and easy-to-use security features.
Turning on Azure SQL Database Threat Detection
Azure SQL Database Threat Detection is incredibly easy to enable. You simply navigate to the Auditing and Threat Detection configuration blade for your database in the Azure management portal. There you switch on Auditing and Threat Detection, and configure at least one email address for receiving alerts.
Click the following links to:
We'll be glad to get feedback on how this feature is serving your security requirements. Please feel free to share your comments below.