While monitoring might be common practice for keeping databases running smoothly, this is often directed at maintenance tasks such as query performance or future planning. Sometimes this will include some checks for security, but these tend to be limited, defending only against what the DBA is already looking for.
The ‘How monitoring can help keep your SQL Server estate secure’ security whitepaper discusses the difficulty of defending against new or unknown attacks on your data systems, and how to introduce a broad surveillance approach to your monitoring and improve security. It covers why these attacks are hard to spot, the risks they pose, and what’s needed in a solution against them with SQL Monitor as an example.
Key Points for Monitoring
- Monitoring against known signs of attack might work against attacks you expect, but against novel or unusual attacks you won’t know what to look for.
For example, you might be monitoring for SQL injection attacks by checking against errors known to be common when an attack is attempting to ‘blind-navigate’ your schema. If, however, the attacker is taking a different approach or has inside knowledge, this defense will eventually fail, as will any other depending on attackers acting in predictable ways.
- A broad surveillance-based approach to monitoring helps identify and stop these attacks by:
- Measuring and establishing a baseline for a wide range of metrics on your data systems.
- Flagging unusual patterns or events so people can investigate and stop the potential attack.
- Separating the monitoring system from what’s being monitored, reducing the risk of a system and its defenses being comprised before an alert can be fired.
Call for Action
Here are two simple calls to action for you.
Try out Red-Gate SQL Monitor
Read more about how to keep your SQL Server estates secure.
Reference: Pinal Dave (https://blog.sqlauthority.com)