Azure Defender for SQL: What You Need to Know

Managing an IT team can be stressful enough without worrying about cyber-attacks on your SQL Server databases. According to OWASP, SQL injection attacks were one of the top 3 cyber-threats of 2021. An SQL injection is the insertion of malicious SQL query code via input data, an attack can let hackers read and modify sensitive data; execute admin operations, recover database file content, and even give commands to your operating system.

Here is an example of how a SQL Injection works:

Note: Although this video is from 2016, it's still relevant today.

Any OS interacting with an SQL database is vulnerable and of course, the results can be disastrous. Fortunately, you can protect your business' SQL Servers from cyber-attacks whether they are on-premises, in Azure, or in a multi-cloud architecture. One of the most effective ways is using software like Azure Defender for SQL.

What is Azure Defender for SQL?

Previously known as Advanced Threat Detection, Azure Defender for SQL is part of Microsoft's Azure Defender product suite that contains security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your network, and more. It extends the Azure Security Center data security package to secure your databases and data wherever they're located. It does this by monitoring for threats that could include SQL injection, brute-force password hacks, data exfiltration, unsafe action, and abuse of system privilege.

It also performs regular security scans and updates you about your SQL Server security level as well as any potential threats. This means that your team remains consistently informed about the health of your setup and alerts you when any part of your system is affected, along with how to fix the problem. The process is referred to as Extended Detection and Response (XDR).

What plans are available for Azure Defender for SQL?

Azure Defender for SQL has two types of plans to choose from:

1. Azure Defender for Azure SQL database servers

This plan protects the following:
- Azure SQL Database
- Azure SQL Managed Instance
- Dedicated SQL pool in Azure Synapse

2. Azure Defender for SQL Servers on machines

This plan extends the protections for your Azure-native SQL Servers to fully support hybrid environments. It also protects the following:
- SQL Servers (all supported versions) hosted in Azure
- Other cloud environments
- SQL Server on Virtual Machines
- On-premises SQL Servers

How does Azure Defender for SQL protect you?

Azure Defender for SQL gives you a continuous monitoring system to assess your SQL Server security. You will know your data is safe and your setup is as secure as possible. The alerts are action-oriented so your team can take immediate steps to refortify your systems. In other words, you can act as soon as an alert pops up in the Azure Security Center.

Azure Defender for SQL will protect you against SQL injection, brute-force attacks, data exfiltration, anomalous queries, unsafe actions, abuse of access privilege, and suspicious activity i.e., from authorized users.

Azure Defender for SQL uses Azure Sentinel to assist in the delivery of intelligent security analytics and threat intelligence to investigate more deeply. Azure Sentinel is a Security, Information, and Event Management (SIEM) tool that can give you a detailed overview of any threat and situation by analyzing the data.

Along with Sentinel, you will also benefit from automated Vulnerability Assessment via Azure Security Center. Vulnerability Assessment functions with Azure-hosted SQL databases, managed instances, and synapse analytics. You will thus have full coverage, regardless of your setup. You can configure the assessment process, set baselines for permission, and feature configs along with general database settings. You can also view and export the results of security scans in a range of graphical and interactive reports, featuring recommendations, findings, and security data.

Does Azure Defender for SQL impact performance?

Installing any security program onto your server can drain computational resources; putting strain on CPUs and hogging RAM. Yet, based on Microsoft's performance tests, Azure Defender for SQL averaged 3% of CPU usage for peak slices. Depending on your priorities, this may be negligible or significant.
But given the cost of a successful SQL Server attack, losing some performance would be a welcome sacrifice in comparison. The array of configuration options can also help you fine-tune any issues.

Who should use Azure Defender for SQL?

Any business, large or small can benefit from SQL Server protection, especially with the continuous monitoring, agility, and action-oriented alerts provided by Azure Defender for SQL. Most companies already use an SQL Server to communicate SQL queries to their databases.

Many dynamic web pages function the same way, whether ASP.NET or PHP. But any machine communicating with a database via an SQL Server is a potential target for an attack. Each business has its own types of data and sensitivities. This could mean that a dedicated protection service might not be immediately necessary for data security but as a rule, adding extra security to your setup is rarely a bad choice.

CSW Solutions offer a range of Azure managed services to safeguard your data and applications. get in touch to see how we can assist you.

Azure Defender for SQL Pricing

The cost for Azure Defender for SQL can vary depending on where you host your server. You can pay either monthly or hourly but your first month is always free.

The rates are as follows:

• If you want Azure to host your server, the cost is $15/Instance/month
• If you have plans for hosting, outside of Azure, the cost is $10.95/vCore/month
• Hourly rates are $0.021/Instance/hour for Azure-hosted servers
• $0.015/vCore/hour for servers hosted outside of Azure

More pricing information can be found here.

Learn More

If you want to learn more about Azure Defender for SQL and how to protect your SQL from anywhere with this evolution in threat protection technology, you can reach out to us at CSW Solutions any time. You can sign-up for the CSW Newsletter for more from our team or reach out to us here. We are a Gold-certified Microsoft Partner and we can help you with everything in the cloud or on the ground!