Link Search Menu Expand Document

Azure Database Protect

Table of contents

Introduction

Often data is one of the most valuable assets a company has. Even though databases like Azure SQL Databases, MySQL, MariaDB, or Postgres can be deployed quite easily in Microsoft Azure, a big security component is still the responsibility of the customer.

Wortell Azure Database Protect helps to protect your valuable databases.

SKU’s

Feature Azure Database Protect
Protection against anomalous database access +
Protection against suspicious queries and database activities like SQL Injection +
Protection against brute force attacks +
Minimal impact on database performance +
Support for a wide range of databases +
Works in the cloud and hybrid environments +
Compliant with NEN & ISO +
24/7 alert and incident follow-up +

*this product can not be enabled in combination with a Vidara Light SKU.

Features

Protection against anomalous database access

Databases are in almost all circumstances part of an application environment. Therefore, the number of accounts that have access, locations from which the databases are accessed, and IP addresses used are very predictable.

By using Azure Defender for SQL and Azure Defender for open-source relational databases, Wortell can detect anomalies logins. After receiving such an alert, the Wortell Managed Detection and Response team will take action to investigate and mitigate the attack.

Protection against suspicious queries and database activities

Azure Defender for SQL and Azure Defender for open-source relational databases are capable of detecting suspicious queries and database activities. For example, a legitimate user accessing an SQL Server from a breached computer which communicated with a crypto-mining C&C server

After detecting such alerts, the Wortell Managed Detection and Response team will investigate and mitigate these types of alerts.

Protection against brute force attacks

Newly deployed databases in Azure are often public facing. This means that the database is directly accessible through the internet. Even though this is a bad practice and Wortell doesn’t recommend it, it happens a lot.

With Azure Defender for SQL Wortell can detect brute force attacks against these database endpoints. After receiving such alerts, the Managed detection and response team will investigate and mitigate these types of alerts.

Minimal impact on database performance

Wortell uses Azure Defender for SQL and Azure Defender for open-source relational databases to scan and monitor for anomalous and suspicious database activities. The service has a split architecture to balance data uploading and speed with performance:

  • some of our detectors run on the machine for real-time speed advantages
  • others run in the cloud to spare the machine from heavy computational loads

Lab tests of the solutions, comparing it against benchmark loads, showed CPU usage averaging 3% for peak slices. An analysis of the telemetry for the current users shows a negligible impact on CPU and memory usage.

Of course, performance always varies between environments, machines, and loads. The statements and numbers above are provided as a general guideline, not a guarantee for any individual deployment.

Support for a wide range of databases

Wortell Azure Database Protect works for a wide range of databases. The following databases, deployed as PaaS service in Azure are supported:

  • Azure SQL Databases
  • Azure PostgreSQL
  • Azure MariaDB
  • Azure MySQL

Works in the cloud and hybrid environments

The following configurations are supported:

  • SQL on Azure Virtual Machines
  • Azure Arc enabled SQL Servers
  • On-premises SQL servers on Windows Machines without Azure Arc
  • Azure SQL Single databases and elastic pools
  • Azure SQL Managed Instance
  • Azure Databases for PostgreSQL (cloud only)
  • Azure Database for MySQL (cloud only)
  • Azure Database for MariaDB (cloud only)

Compliant with NEN & ISO

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS). Using it enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties.

24/7 alert and incident follow-up

Cloud Services are important, and attacks are happening during the day and nighttime. Therefore, Wortell has a team of cybersecurity engineers available 24/7.

Wortell has organized the availability of the experts as follows:

  • Tier 1: Eyes on-screen during business hours and outside of business hours
  • Tier 2: Eyes on-screen during business hours, stand-by outside of business hours
  • Tier 3: Eyes on-screen during business hours, stand-by outside of business hours

Cost Calculation

The cost will be calculated based on the number of databases that are connected to Azure Security Center / Azure Defender.

License Requirements

The following prerequisites need to be met to deliver this service:

  • Azure Defender for SQL for protection of Azure SQL databases
  • Azure Defender for open-source relational databases for MariaDB, MySQL, and PostgreSQL