Microsoft Defender for Cloud’s has a new team member – “Defender for Databases” which is a broadly compatible security add-on for your database workloads. Microsoft realized an industry need for their security stack to include threat protection monitoring and vulnerability assessment services for Azure SQL, SQL Managed Instances, PostgreSQL, CosmosDB, MySQL & SQL Servers on Windows/Linux VM’s inside and outside of Azure.
Per Microsoft, “The focus of Defender for Databases is security, but the service has a split architecture to balance data uploading and speed with performance.” Lab tests of the solution demonstrate CPU usage averaging 3% for peak slices, comparing it against benchmark loads.
Non-Azure SQL servers leverage the Azure Arc agent + Azure Monitor Agent + VM Extension (WindowsAgent.SqlServer), which will create an Azure resource for each discovered SQL Server instance.
SQL vulnerability assessment includes actionable steps to resolve security issues and enhance your database security reported as MDC Security Recommendations. The vulnerability assessment service scans your databases every 12 hours. Each database is randomly assigned a scan time on a set day of the week.
To further enhance, Advanced Threat Protection provides an additional layer of security by providing security alerts on anomalous activities around authentication, SQL injection, and data exfiltration.
Public Resources Available:
SQL Vulnerabilities Checks: https://bit.ly/3UC3J6h
SQL Security Alerts: https://bit.ly/3HfBqYk
Azure Policy to deploy agent: https://bit.ly/3HfgSPJ
Azure Policy to configure auditing: https://bit.ly/3iB7ueN
Azure Arc SQL: https://bit.ly/3FabCdi
Setting SQL baselines: https://bit.ly/3P2gAgZ