The document discusses best practices for securing data in Azure SQL DB, including:
1. Setting firewall rules for virtual networks to restrict server access.
2. Using transparent data encryption to encrypt data at the cell, column, or row level.
3. Enabling auditing and threat detection to monitor vulnerabilities and detect threats.
4. Implementing dynamic data masking to hide sensitive data from unauthorized users.
Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...DataStax Academy
Video: http://youtu.be/B-bTPSwhsDY
Abstract
Patrick McFadin (@PatrickMcFadin), Chief Evangelist for Apache Cassandra at DataStax, will be presenting an introduction to Cassandra as a key player in database technologies. Both large and small companies alike chose Apache Cassandra as their database solution and Patrick will be presenting on why they made that choice.
Patrick will also be discussing Cassandra's architecture, including: data modeling, time-series storage and replication strategies, providing a holistic overview of how Cassandra works and the best way to get started.
About Patrick McFadin
Prior to working for DataStax, Patrick was the Chief Architect at Hobsons, an education services company. His responsibilities included ensuring product availability and scaling for all higher education products. Prior to this position, he was the Director of Engineering at Hobsons which he came to after they acquired his company, Link-11 Systems, a software services company. While at Link-11 Systems, he built the first widely popular CRM system for universities, Connect. He obtained a BS in Computer Engineering from Cal Poly, San Luis Obispo and holds the distinction of being the only recipient of a medal (asanyone can find out) for hacking while serving in the US Navy.
The document discusses a SQL Server event organized by GUSS in France. It includes an agenda for presentations on SQL Database and Azure data and storage services. Key topics covered include:
- Getting started with SQL Database on Azure and differences from SQL Server on VMs.
- SQL Database service tiers (basic, standard, premium) and their performance and storage capabilities.
- Elastic pools and tools for scaling databases.
- Monitoring database performance and tuning indexes.
- Security features including configuring firewalls, authentication, and auditing databases.
- Backup, migration and disaster recovery options like geo-replication.
This document provides an overview of Azure Key Vault, a cloud service for securely storing and accessing secrets. It discusses how Key Vault can be used to store encryption keys, passwords, and certificates. Key Vault uses hardware security modules to cryptographically protect secrets and can be accessed via REST APIs. The document demonstrates how to create a Key Vault, add a secret, and consume that secret from an application using either a service principal or managed service identity.
Cisco has a large global IT infrastructure supporting many applications, databases, and employees. The document discusses Cisco's existing customer service and commerce systems (CSCC/SMS3) and some of the performance, scalability, and user experience issues. It then presents a proposed new architecture using modern technologies like Elasticsearch, Cassandra, and microservices to address these issues and improve agility, performance, scalability, uptime, and the user interface.
Scylla Cloud on Display: Functionality, Performance and DemosScyllaDB
Join us for a session showcasing Scylla Cloud and how easy it is to integrate and connect with your applications and forget about all aspects of managing, securing, scaling and maintaining a distributed, always-on database. We will demo Scylla Cloud and present deployment and account options over various cloud providers.
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
It is not a secret that it is hard to manage sensitive information. Azure Key Vault allows you to securely store this kind of information ranging from secrets & certificates to cryptographic keys.
Great! But how do you use it? How do I authenticate with it and how do I build robust applications with it?
Come join me and I'll walk you through the challenges and give you some recommendations.
This document outlines strategies for optimizing AWS costs based on the lessons learned from Scrooge McDuck. It discusses using the right instance types, reserved instances, spot instances, monitoring usage, redesigning architecture, and removing idle and unnecessary resources. It provides examples of policies for automatically stopping and starting test environments outside of business hours to save on costs. Specifically, it shows policies for suspending auto scaling groups, stopping EC2 instances and RDS databases in test environments during off hours, and resuming them during on hours.
Cassandra Community Webinar | Getting Started with Apache Cassandra with Patr...DataStax Academy
Video: http://youtu.be/B-bTPSwhsDY
Abstract
Patrick McFadin (@PatrickMcFadin), Chief Evangelist for Apache Cassandra at DataStax, will be presenting an introduction to Cassandra as a key player in database technologies. Both large and small companies alike chose Apache Cassandra as their database solution and Patrick will be presenting on why they made that choice.
Patrick will also be discussing Cassandra's architecture, including: data modeling, time-series storage and replication strategies, providing a holistic overview of how Cassandra works and the best way to get started.
About Patrick McFadin
Prior to working for DataStax, Patrick was the Chief Architect at Hobsons, an education services company. His responsibilities included ensuring product availability and scaling for all higher education products. Prior to this position, he was the Director of Engineering at Hobsons which he came to after they acquired his company, Link-11 Systems, a software services company. While at Link-11 Systems, he built the first widely popular CRM system for universities, Connect. He obtained a BS in Computer Engineering from Cal Poly, San Luis Obispo and holds the distinction of being the only recipient of a medal (asanyone can find out) for hacking while serving in the US Navy.
The document discusses a SQL Server event organized by GUSS in France. It includes an agenda for presentations on SQL Database and Azure data and storage services. Key topics covered include:
- Getting started with SQL Database on Azure and differences from SQL Server on VMs.
- SQL Database service tiers (basic, standard, premium) and their performance and storage capabilities.
- Elastic pools and tools for scaling databases.
- Monitoring database performance and tuning indexes.
- Security features including configuring firewalls, authentication, and auditing databases.
- Backup, migration and disaster recovery options like geo-replication.
This document provides an overview of Azure Key Vault, a cloud service for securely storing and accessing secrets. It discusses how Key Vault can be used to store encryption keys, passwords, and certificates. Key Vault uses hardware security modules to cryptographically protect secrets and can be accessed via REST APIs. The document demonstrates how to create a Key Vault, add a secret, and consume that secret from an application using either a service principal or managed service identity.
Cisco has a large global IT infrastructure supporting many applications, databases, and employees. The document discusses Cisco's existing customer service and commerce systems (CSCC/SMS3) and some of the performance, scalability, and user experience issues. It then presents a proposed new architecture using modern technologies like Elasticsearch, Cassandra, and microservices to address these issues and improve agility, performance, scalability, uptime, and the user interface.
Scylla Cloud on Display: Functionality, Performance and DemosScyllaDB
Join us for a session showcasing Scylla Cloud and how easy it is to integrate and connect with your applications and forget about all aspects of managing, securing, scaling and maintaining a distributed, always-on database. We will demo Scylla Cloud and present deployment and account options over various cloud providers.
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
It is not a secret that it is hard to manage sensitive information. Azure Key Vault allows you to securely store this kind of information ranging from secrets & certificates to cryptographic keys.
Great! But how do you use it? How do I authenticate with it and how do I build robust applications with it?
Come join me and I'll walk you through the challenges and give you some recommendations.
This document outlines strategies for optimizing AWS costs based on the lessons learned from Scrooge McDuck. It discusses using the right instance types, reserved instances, spot instances, monitoring usage, redesigning architecture, and removing idle and unnecessary resources. It provides examples of policies for automatically stopping and starting test environments outside of business hours to save on costs. Specifically, it shows policies for suspending auto scaling groups, stopping EC2 instances and RDS databases in test environments during off hours, and resuming them during on hours.
This document discusses monitoring real-life Azure applications. It provides an overview of the Azure monitoring tools and services including Application Insights, Log Analytics, Azure Monitor, Activity Logs, and Azure Security Center. It explains how these tools can be used to monitor applications, hosts, infrastructure, and platforms. The document also discusses collecting and analyzing Azure logs and metrics across multiple subscriptions and accounts for security monitoring in an enterprise environment.
Conference Talk at ForwardJS at Ottawa on using Vault to store your secrets for your nodejs application. How to use Vault to store secrets. How to use approles to authenticate with vault using node-vault. How not to use env variable to pass in secrets.
IT Camp 19: Top Azure security fails and how to avoid themKarl Ots
As delivered at the IT Camp 19 in Cluj-Napoca, Romania.
Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them.
Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...Nagios
Scott Wilkerson's presentation on Log Monitoring and Log Management With Nagios - Introducing Nagios Log Server.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
TechDays Finland 2020: Best practices of securing web applications running on...Karl Ots
The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring them together.
In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.
Philipp Krenn - Host your database in the cloud, they said... - NoSQL matters...NoSQLmatters
More than two years ago we faced the decision whether to run our MongoDB database on Amazon's EC2 ourselves or to rely on a Database as a Service provider. Common wisdom told us that a well known provider, focusing all its knowledge and energy on running MongoDB, would be a better choice than us trying it on the side. Well, this talk describes what can go wrong, since we have seen a lot of interesting minor and major hiccups — including stopped instances, broken backups, a major security incident, and more broken backups. Additionally, we discuss some reasons why a hosted solution is not always the better choice and which new challenges arise from it.
Geo Searches for Health Care Pricing Data with MongoDBRobert Stewart
I presented this updated version of my talk at NoSQL Now! 2013 in San Jose, CA, on August 22, 2013. The presentation describes how Castlight Health uses MongoDB to support very low latency searches for very large volumes of health care pricing data. Key factors are geospatial indexes, SSDs and replica sets.
BSides Portland - Attacking Azure Environments with PowerShellKarl Fosaaen
For a multitude of reasons, many organizations are moving their operations to the cloud. Along with this, many organizations are introducing old vulnerabilities in new ways. As one of the top cloud providers, Microsoft Azure has had significant adoption and continues to grow in market share. As part of this increase in adoption, there has also been an increase in demand for security testing of Azure environments. Given the blended nature of hosted services, PAAS, and virtual infrastructure, it can be difficult to get a handle on how to properly secure these environments. Reviewing Azure environments can also be time consuming given the lack of automated tools for dumping configuration information.
MicroBurst is a set of PowerShell tools that helps automate the processes of dumping and reviewing Microsoft Azure configurations. This talk will go over the ways that pen testers and defenders can use MicroBurst to dump out the configuration information for an Azure environment, and identify common configuration issues. Security testers will benefit from the speed of dumping environment credentials for pivoting, listing out publicly available services and files, and enumerating additional targets for phishing and password guessing attacks. As an added bonus, defenders can also use these tools to audit their environment for weak spots.
The document provides an overview of secret management solutions and architectures. It discusses what secrets are and why secret management is important. Some key points:
- Secrets include authentication credentials, API keys, passwords, and certificates that need access control. As services increase, so do secrets.
- An ideal secret management solution provides security, encryption, access control, auditing, ease of use, and integration with other tools.
- Version control systems and orchestration tools like Kubernetes can be used for secrets but have limitations compared to dedicated secret management solutions.
- AWS offers Parameter Store, Secrets Manager, and KMS for secret management. Parameter Store is generally recommended, while Secrets Manager is better for database
1) The document provides an overview of 5 key things developers should know about SQL Azure, including how to set up a connection string, issues of throttling and errors, tools for migration and management, and performance tuning tips.
2) Throttling occurs when a session acquires too many locks or resources and causes errors like 40501, and developers need retry logic to handle errors and disconnects.
3) Tools for SQL Azure include the SQL Azure Database Manager, SSMS 2008 R2, and the migration wizard.
4) Performance can be improved by addressing indexing, minimizing round trips, using connection pooling, and caching/batching data access.
--session donnée lors du SQL Saturday Torino 2015--
http://www.sqlsaturday.com/454/EventHome.aspx
Data Management Gateway (classic, personal, AS connector) is what make modern Microsoft BI stack hybrid. Power BI (v1 and v2) and Azure Data Factory use that component to interact with On-Prem Data assets.
That session is a Deep dive into the DMG and the hybrid architecture involved by Power BI and ADF. How does it work ? Security, Firewall, Certificates, Multiple gateways, Admin delegation, Scale out, Disaster Recovery…. All that topics will be covered during that technical session.
Top 13 best security practices for AzureRadu Vunvulea
Security nowadays is just a buzzword. Even so, by joining this session, we discover together what are the most important security best practices from a .NET developer point of view that we need to take into considerations when we develop an application for Microsoft Azure.
2014.11.22 Azure for Sql Server Developer - SQLSAT355 ParmaMarco Parenzan
This document contains information from a presentation by Marco Parenzan on using Azure for SQL Server development. The presentation covers using Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) options on Azure for handling relational data. It discusses using virtual machines, Azure SQL Database, features like automatic scaling and backups, and demonstrates functionality like creating SQL backups to Azure storage. The agenda also includes operations, development, and business intelligence experiences on Azure.
Practical SQL Azure: Moving into the cloudTimothy Corey
This document provides an overview and demonstration of moving a database into Microsoft Azure SQL. It begins with an introduction and roadmap of topics to be covered, which include an overview of SQL Azure, migrating a local database to the cloud, and best practices. The presentation then demonstrates how to set up a SQL database in Azure, configure database settings, fix incompatibilities when migrating a database, package a database using BACPAC files, and directly deploy a database to Azure SQL. It concludes with a section on SQL Azure best practices related to data security, safety and availability.
Chef as a One-Stop Solution on Microsoft AzureKarsten Müller
We are using Chef as a One-Stop Solution on Microsoft Azure. Based on Azure DevOps as our CI/CD pipeline we are using Chef Cookbooks to provision infrastructure, deploy and configure software. We are doing compliance testing with Inspec too and are happily using Automate to represent the results.
This document discusses harnessing the power of big data using Azure Data Lake. It provides an overview of Azure Data Lake Store for unlimited storage of data in its native format, Azure Data Lake Analytics for running analytics jobs on big data, and U-SQL for writing queries. It includes a demo of Data Lake Store and Analytics. The document aims to explain what a data lake is and how the Azure Data Lake services can be used to ingest, store, analyze and query big data.
Microsoft has provided an almost unlimited number of ways for you to securely deploy Azure resources; but people continue to make simple mistakes. In 2017 many organisations had breaches due to poor cloud deployment practices.
In this session, you’ll learn how to use Azure Resource Manager (ARM) templates to deploy resources in a secure manner. This session will look at Azure Storage, App Services, SQL, Virtual Machines and Virtual Networks. I'll discuss the costs, benefits and trade-offs of different design patterns and how you can secure your deployment pipelines.
いそがしいひとのための Microsoft Ignite 2018 + 最新情報 Data & AI 編Miho Yamamoto
This document summarizes announcements from Microsoft Ignite 2018 related to data and AI. Some of the key announcements include general availability of Azure Cosmos DB multi-master and Cassandra API, preview of Azure SQL Database Hyperscale, flexible restore points for Azure SQL Data Warehouse, and preview of Azure Data Explorer for real-time analytics of large datasets. It also discusses updates to services like Azure Machine Learning, Azure Databricks, and HDInsight and previews of new capabilities for databases on Azure.
MongoDB World 2018: Enterprise Security in the CloudMongoDB
This document discusses enterprise security in the cloud. It covers identity and access controls, auditing, and encryption. For identity and access, it describes secure access controls like multi-factor authentication, role-based access controls, and dedicated virtual private clouds (VPCs). For auditing, it outlines activity logs, monitoring and alerts, and a real-time activity panel. For encryption, it discusses key management, different encryption service levels, and key service differences between AWS, GCP and Azure.
MongoDB World 2018: Enterprise Cloud SecurityMongoDB
This document discusses enterprise security in the cloud. It covers identity and access controls, auditing, and encryption. For identity and access, it describes secure access controls like multi-factor authentication, role-based access controls, and dedicated virtual private clouds (VPCs). For auditing, it outlines activity logs, monitoring and alerts, and a real-time activity panel. For encryption, it discusses key management, different encryption service levels, and key service differences between AWS, GCP and Azure.
The document discusses SQL Azure, a scalable cloud-based data storage and query processing service built on Microsoft SQL Server and Windows Server technologies. It provides the benefits of SQL Azure including robust SQL support, ease of application development, scalability, availability, security, and a strong service level agreement. The document also covers features of SQL Azure like unlimited storage, pay-as-you-go pricing, and compares it to on-premise SQL Server. It concludes with demos and taking questions.
This talk will walk through the journey of Cassandra at Netflix. It will go into 3-4 specific use cases where Cassandra stands out than the rest of the data-stores and is being used in Netflix, bringing great viewing experience to all customers globally. Roopa will go into the specifics of the data model being used and where Cassandra stands out with its strengths and which places where they learnt the hard way. Roopa will then share some of the best practices and self service platform being used for Cassandra to cater to their developer needs.
This document discusses monitoring real-life Azure applications. It provides an overview of the Azure monitoring tools and services including Application Insights, Log Analytics, Azure Monitor, Activity Logs, and Azure Security Center. It explains how these tools can be used to monitor applications, hosts, infrastructure, and platforms. The document also discusses collecting and analyzing Azure logs and metrics across multiple subscriptions and accounts for security monitoring in an enterprise environment.
Conference Talk at ForwardJS at Ottawa on using Vault to store your secrets for your nodejs application. How to use Vault to store secrets. How to use approles to authenticate with vault using node-vault. How not to use env variable to pass in secrets.
IT Camp 19: Top Azure security fails and how to avoid themKarl Ots
As delivered at the IT Camp 19 in Cluj-Napoca, Romania.
Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them.
Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...Nagios
Scott Wilkerson's presentation on Log Monitoring and Log Management With Nagios - Introducing Nagios Log Server.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
TechDays Finland 2020: Best practices of securing web applications running on...Karl Ots
The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring them together.
In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.
Philipp Krenn - Host your database in the cloud, they said... - NoSQL matters...NoSQLmatters
More than two years ago we faced the decision whether to run our MongoDB database on Amazon's EC2 ourselves or to rely on a Database as a Service provider. Common wisdom told us that a well known provider, focusing all its knowledge and energy on running MongoDB, would be a better choice than us trying it on the side. Well, this talk describes what can go wrong, since we have seen a lot of interesting minor and major hiccups — including stopped instances, broken backups, a major security incident, and more broken backups. Additionally, we discuss some reasons why a hosted solution is not always the better choice and which new challenges arise from it.
Geo Searches for Health Care Pricing Data with MongoDBRobert Stewart
I presented this updated version of my talk at NoSQL Now! 2013 in San Jose, CA, on August 22, 2013. The presentation describes how Castlight Health uses MongoDB to support very low latency searches for very large volumes of health care pricing data. Key factors are geospatial indexes, SSDs and replica sets.
BSides Portland - Attacking Azure Environments with PowerShellKarl Fosaaen
For a multitude of reasons, many organizations are moving their operations to the cloud. Along with this, many organizations are introducing old vulnerabilities in new ways. As one of the top cloud providers, Microsoft Azure has had significant adoption and continues to grow in market share. As part of this increase in adoption, there has also been an increase in demand for security testing of Azure environments. Given the blended nature of hosted services, PAAS, and virtual infrastructure, it can be difficult to get a handle on how to properly secure these environments. Reviewing Azure environments can also be time consuming given the lack of automated tools for dumping configuration information.
MicroBurst is a set of PowerShell tools that helps automate the processes of dumping and reviewing Microsoft Azure configurations. This talk will go over the ways that pen testers and defenders can use MicroBurst to dump out the configuration information for an Azure environment, and identify common configuration issues. Security testers will benefit from the speed of dumping environment credentials for pivoting, listing out publicly available services and files, and enumerating additional targets for phishing and password guessing attacks. As an added bonus, defenders can also use these tools to audit their environment for weak spots.
The document provides an overview of secret management solutions and architectures. It discusses what secrets are and why secret management is important. Some key points:
- Secrets include authentication credentials, API keys, passwords, and certificates that need access control. As services increase, so do secrets.
- An ideal secret management solution provides security, encryption, access control, auditing, ease of use, and integration with other tools.
- Version control systems and orchestration tools like Kubernetes can be used for secrets but have limitations compared to dedicated secret management solutions.
- AWS offers Parameter Store, Secrets Manager, and KMS for secret management. Parameter Store is generally recommended, while Secrets Manager is better for database
1) The document provides an overview of 5 key things developers should know about SQL Azure, including how to set up a connection string, issues of throttling and errors, tools for migration and management, and performance tuning tips.
2) Throttling occurs when a session acquires too many locks or resources and causes errors like 40501, and developers need retry logic to handle errors and disconnects.
3) Tools for SQL Azure include the SQL Azure Database Manager, SSMS 2008 R2, and the migration wizard.
4) Performance can be improved by addressing indexing, minimizing round trips, using connection pooling, and caching/batching data access.
--session donnée lors du SQL Saturday Torino 2015--
http://www.sqlsaturday.com/454/EventHome.aspx
Data Management Gateway (classic, personal, AS connector) is what make modern Microsoft BI stack hybrid. Power BI (v1 and v2) and Azure Data Factory use that component to interact with On-Prem Data assets.
That session is a Deep dive into the DMG and the hybrid architecture involved by Power BI and ADF. How does it work ? Security, Firewall, Certificates, Multiple gateways, Admin delegation, Scale out, Disaster Recovery…. All that topics will be covered during that technical session.
Top 13 best security practices for AzureRadu Vunvulea
Security nowadays is just a buzzword. Even so, by joining this session, we discover together what are the most important security best practices from a .NET developer point of view that we need to take into considerations when we develop an application for Microsoft Azure.
2014.11.22 Azure for Sql Server Developer - SQLSAT355 ParmaMarco Parenzan
This document contains information from a presentation by Marco Parenzan on using Azure for SQL Server development. The presentation covers using Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) options on Azure for handling relational data. It discusses using virtual machines, Azure SQL Database, features like automatic scaling and backups, and demonstrates functionality like creating SQL backups to Azure storage. The agenda also includes operations, development, and business intelligence experiences on Azure.
Practical SQL Azure: Moving into the cloudTimothy Corey
This document provides an overview and demonstration of moving a database into Microsoft Azure SQL. It begins with an introduction and roadmap of topics to be covered, which include an overview of SQL Azure, migrating a local database to the cloud, and best practices. The presentation then demonstrates how to set up a SQL database in Azure, configure database settings, fix incompatibilities when migrating a database, package a database using BACPAC files, and directly deploy a database to Azure SQL. It concludes with a section on SQL Azure best practices related to data security, safety and availability.
Chef as a One-Stop Solution on Microsoft AzureKarsten Müller
We are using Chef as a One-Stop Solution on Microsoft Azure. Based on Azure DevOps as our CI/CD pipeline we are using Chef Cookbooks to provision infrastructure, deploy and configure software. We are doing compliance testing with Inspec too and are happily using Automate to represent the results.
This document discusses harnessing the power of big data using Azure Data Lake. It provides an overview of Azure Data Lake Store for unlimited storage of data in its native format, Azure Data Lake Analytics for running analytics jobs on big data, and U-SQL for writing queries. It includes a demo of Data Lake Store and Analytics. The document aims to explain what a data lake is and how the Azure Data Lake services can be used to ingest, store, analyze and query big data.
Microsoft has provided an almost unlimited number of ways for you to securely deploy Azure resources; but people continue to make simple mistakes. In 2017 many organisations had breaches due to poor cloud deployment practices.
In this session, you’ll learn how to use Azure Resource Manager (ARM) templates to deploy resources in a secure manner. This session will look at Azure Storage, App Services, SQL, Virtual Machines and Virtual Networks. I'll discuss the costs, benefits and trade-offs of different design patterns and how you can secure your deployment pipelines.
いそがしいひとのための Microsoft Ignite 2018 + 最新情報 Data & AI 編Miho Yamamoto
This document summarizes announcements from Microsoft Ignite 2018 related to data and AI. Some of the key announcements include general availability of Azure Cosmos DB multi-master and Cassandra API, preview of Azure SQL Database Hyperscale, flexible restore points for Azure SQL Data Warehouse, and preview of Azure Data Explorer for real-time analytics of large datasets. It also discusses updates to services like Azure Machine Learning, Azure Databricks, and HDInsight and previews of new capabilities for databases on Azure.
MongoDB World 2018: Enterprise Security in the CloudMongoDB
This document discusses enterprise security in the cloud. It covers identity and access controls, auditing, and encryption. For identity and access, it describes secure access controls like multi-factor authentication, role-based access controls, and dedicated virtual private clouds (VPCs). For auditing, it outlines activity logs, monitoring and alerts, and a real-time activity panel. For encryption, it discusses key management, different encryption service levels, and key service differences between AWS, GCP and Azure.
MongoDB World 2018: Enterprise Cloud SecurityMongoDB
This document discusses enterprise security in the cloud. It covers identity and access controls, auditing, and encryption. For identity and access, it describes secure access controls like multi-factor authentication, role-based access controls, and dedicated virtual private clouds (VPCs). For auditing, it outlines activity logs, monitoring and alerts, and a real-time activity panel. For encryption, it discusses key management, different encryption service levels, and key service differences between AWS, GCP and Azure.
The document discusses SQL Azure, a scalable cloud-based data storage and query processing service built on Microsoft SQL Server and Windows Server technologies. It provides the benefits of SQL Azure including robust SQL support, ease of application development, scalability, availability, security, and a strong service level agreement. The document also covers features of SQL Azure like unlimited storage, pay-as-you-go pricing, and compares it to on-premise SQL Server. It concludes with demos and taking questions.
This talk will walk through the journey of Cassandra at Netflix. It will go into 3-4 specific use cases where Cassandra stands out than the rest of the data-stores and is being used in Netflix, bringing great viewing experience to all customers globally. Roopa will go into the specifics of the data model being used and where Cassandra stands out with its strengths and which places where they learnt the hard way. Roopa will then share some of the best practices and self service platform being used for Cassandra to cater to their developer needs.
Data weekender4.2 azure purview erwin de kreukErwin de Kreuk
This document provides information about Azure Purview and its capabilities for unified data governance. It discusses:
- Azure Purview allows for automated discovery of data across on-premises, multicloud and SaaS sources through its data map. It enables classification, lineage tracking and compliance.
- The data catalog provides semantic search and browse capabilities along with a business glossary and data lineage visualizations.
- Insights features provide reporting on assets, scans, the business glossary, classifications and labeling to give visibility into data usage across the organization.
- The document demonstrates registering and scanning a Power BI tenant to discover data with Azure Purview.
This document provides an overview and summary of new security features in SQL Server 2016, including Always Encrypted for encrypting sensitive data at the column level, Dynamic Data Masking for masking sensitive data rather than encrypting it, and Row Level Security for fine-grained access control at the row level. Always Encrypted allows queries on encrypted data and provides application transparency. Dynamic Data Masking masks sensitive data on the result set without requiring application changes. Row Level Security uses security predicates and policies to centrally define and apply row-level access control logic within the database.
Enterprise-class security with PostgreSQL - 1Ashnikbiz
For businesses that handle personal data everyday, the security aspect of their database is of utmost importance.
With an increasing number of hack attacks and frauds, organizations want their open source databases to be fully equipped with the top security features.
Azure Data Lake and Azure Data Lake AnalyticsWaqas Idrees
This document provides an overview and introduction to Azure Data Lake Analytics. It begins with defining big data and its characteristics. It then discusses the history and origins of Azure Data Lake in addressing massive data needs. Key components of Azure Data Lake are introduced, including Azure Data Lake Store for storing vast amounts of data and Azure Data Lake Analytics for performing analytics. U-SQL is covered as the query language for Azure Data Lake Analytics. The document also touches on related Azure services like Azure Data Factory for data movement. Overall it aims to give attendees an understanding of Azure Data Lake and how it can be used to store and analyze large, diverse datasets.
The document discusses moving workloads to the cloud using Microsoft Azure. It defines Azure as a set of cloud services that allow building, managing and deploying applications. It provides considerations for different cloud models like SaaS, IaaS and PaaS. It also outlines potential hurdles in moving to the cloud like network topologies, identity management and security. Finally, it discusses planning the migration and provides Azure resources for architecture guidance.
Gateways to Power BI, Connect PowerBI.com to your On-Prem DataJean-Pierre Riehl
--session donnée lors du SQLSaturday Madrid 2016--
PowerBI.com is a cloud-based BI platform, enabling from personal to corporate BI. But often, your data lives on-premises, on your desktop, on a shared folder or in your enterprise datawarehouse. Microsoft team built gateways to deal with that.
In this session, we will see how to connect, lively or scheduled, your dahsboards to your on-prem data. You'll learn about Personal Gateway and Enterprise Gateway. How does it work. How to configure it. How to maintain it.
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
This session will discuss the options available for encrypting data at rest and key management in AWS. It will focus on two primary scenarios: (1) AWS manages encryption keys on behalf of the customer to provide automated server-side encryption; (2) the customer manages their own encryption keys using partner solutions and/or AWS CloudHSM. Real-world customer examples will be presented to demonstrate adoption drivers of specific encryption technologies in AWS. Netflix Jason Chan will provide an overview of how NetFlix uses CloudHSM for secure key storage.
Similar to Securing your data with Azure SQL DB (20)
Azure Active Directory - Secure and GovernCheah Eng Soon
Azure Active Directory helps secure and govern authentication with features like conditional access and privileged identity management. It allows organizations to mitigate admin risk, govern identities, and set terms of use policies for authentication and access across cloud and on-premises environments.
Zero Trust is a security concept that requires strict identity verification for anyone or anything trying to access applications, data, and infrastructure inside or outside the network. It assumes there is no implicit trust granted to assets and users inside the network, and that verification is required for every access. The goal of Zero Trust is to minimize risk from both external and internal threats by preventing lateral movement and only allowing access based on least-privilege user roles and asset usage.
Microsoft Endpoint Manager provides comprehensive device management capabilities for on-premises environments. It allows IT administrators to deploy, update, protect and monitor Windows, macOS, Linux and IoT devices from a single console. Endpoint Manager combines the capabilities of Configuration Manager and Intune to help businesses securely manage all types of devices across locations.
Microsoft Threat Protection Automated Incident Response Cheah Eng Soon
Microsoft Defender provides automated threat protection including zero-hour and auto purge features to respond to incidents. It also has automated incident response capabilities for user reported phishing attacks and URL verdict changes that help address threats.
The document discusses Azure penetration testing. It provides an agenda that covers an overview of common Azure services attacked, tools used for testing, and guidelines. It describes how Microsoft's blue and red teams work together on testing. Policies prohibit attacks on other customers or social engineering. Encouraged tests include using trial accounts and informing Microsoft of any vulnerabilities found. Steps outlined include identifying attack surfaces, data collection, vulnerability scanning, and penetration testing public-facing Azure services using tools like MicroBurst. Securing databases and using encryption are also addressed. A demo of vulnerability identification is promised.
You'll understand how hackers can attack resources hosted in the Azure and protect Azure infrastructure by identifying vulnerabilities, along with extending your pentesting tools and capabilities.
Microsoft Threat Protection Automated Incident Response DemoCheah Eng Soon
A user reported a phishing attack in their Office 365 organization. The Office 365 Threat Protection service investigated the report and found a malicious URL distributing malware. The URL was blocked for all users in the organization to prevent further infection from this phishing attempt.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
This document outlines demo scenarios for Microsoft Cloud App Security including discovering cloud apps used by an organization, protecting information from connected apps, detecting anomalous user behavior and threats across applications, and automating alert management with Power Automate. The scenarios cover exploring snapshot and continuous reports of discovered apps and risk scores, investigating connected apps and activity logs, detecting anonymous access, and integrating Microsoft Cloud App Security with Microsoft Threat Protection and Power Automate.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
This document summarizes three Microsoft cloud security products: Azure Security Center, Azure Defender, and Microsoft Cloud App Security. Azure Security Center strengthens multi-cloud security posture through dashboards, connectors, secure scores, recommendations, and inventory. Azure Defender protects cloud workloads through vulnerability assessment and security for SQL, storage, and Kubernetes. Microsoft Cloud App Security discovers cloud apps, protects access to connected apps, and detects anomalous user behavior and threats.
Azure Active Directory - External Identities Demo Cheah Eng Soon
The document discusses configuring external identities in Azure Active Directory. It mentions partner authentication with Azure AD and consumer identity providers. It also discusses verifying identities with IDology and lists several organization names, addresses, and contact emails.
Azure WAF is a cloud-native web application firewall service that provides powerful protection for web apps with simple deployment, low maintenance costs, and automatic updates. It acts as a content delivery network and can defend against common attacks like command execution, SQL injection, cross-site scripting, and more, as demonstrated in a presentation where custom rules were set up to create an Azure WAF.
Azure Weekend 2020 Build Malaysia Bus Uncle ChatbotCheah Eng Soon
Thank you for the informative presentation on conversational AI and natural language processing. I learned about key concepts like QnA Maker, Azure Bot Service, and various NLP capabilities in Azure Cognitive Services like text analytics, speech, and translation. The demo was very helpful to see these services in action.
20 common security vulnerabilities and misconfiguration in AzureCheah Eng Soon
This document outlines 20 common security vulnerabilities and misconfigurations in Microsoft Azure. It discusses issues such as storage accounts being publicly accessible, lack of multi-factor authentication, insecure guest user settings, and features like Azure Security Center and Network Watcher being disabled by default. The document is intended to educate users on important security best practices for securing resources and configurations in Azure.
Integrate Microsoft Graph with Azure Bot ServicesCheah Eng Soon
The document discusses 4 steps to integrate Microsoft Graph with Azure Bot Services by registering an application in Azure AD, making queries to Microsoft Graph to retrieve data like documents from SharePoint, implementing code snippets to retrieve the data, and extending the bot to Microsoft Teams. It provides an overview of conversational AI and Azure Bot Services and demonstrates using Microsoft Graph Explorer.
This document provides an overview of Azure Sentinel and how it can be used with Office 365. It discusses the challenges of security operations and how Azure Sentinel uses AI and automation to help. It then summarizes Azure Sentinel's key capabilities including visibility, analytics, hunting, incidents, and automation. It also includes demonstrations of these capabilities and steps to set up Azure Sentinel with an Office 365 connection.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
21. Best Practices for database
threat protection
• Discover, classify, and label the
sensitive data in your databases.
• Track database vulnerabilities so you
can proactively improve your
database security.
• Enable threat detection.
SQLSaturday#893 – Singapore
Restricted Server Access: If SQL Servers do not have restricted access from the Internet enabled, you will not be able to block unauthorized connections.
Data Encryption: If SQL Server Databases do not have transparent data encryption enabled you will not be protected against the threat of malicious activity through real-time encryption and decryption of the database.
Resource Locks: If SQL Server Databases do not use resource locks, your Azure resources will not be locked down and you will not be able to prevent deletion or changing of a resource.
Auto Failover Groups: If SQL Servers do not use failover groups, you will not have the ability to manage replication and failover of a group of databases on a logical server or all databases in a Managed Instance to another region (currently in public preview for Managed Instance). It uses the same underlying technology as active geo-replication.
Database Auditing: If SQL Servers do not have auditing enabled you cannot ensure that all existing and newly created databases on the SQL server instance are audited.
Audit Retention: If SQL Servers do not have auditing retention enabled for greater than 90 days, you will not be able to check for anomalies and get insight into suspected breaches or misuse of information and access.
Azure SQL Databases have a powerful layer of security at the SQL Server level. This layer is provided by the SQL Server Firewall. Azure provides you granular control to configure this firewall and to manage who gets access to your Azure SQL Database. By default, everything is blocked by the firewall. If you want to get access to Azure SQL Database then you will have to configure the Firewall at the SQL Server level. Only the IP addresses you configure have access to the SQL Databases on the Server.
Another key point to understand is that once you configure a rule then because that rule is applied at the server level, it is applied to all the SQL Databases on that Server. So it is important to ensure that you segregate your databases on different SQL Servers if you don't want to share the access to those databases.
You can access the firewall settings by navigating to your Azure SQL Database. Then at the top of the blade, you will find the option for "Set server firewall". Click on this button to access the firewall settings.
Another way to access the settings is on Azure SQL Servers. Navigate to the related Azure SQL Server for your database. Under the settings, find the option for "Firewalls and virtual networks". Clicking on this will also take you to the same firewall settings as the settings are set at the server level in both ways.
Azure Service Endpoints allow access to SQL or Storage services over the network, without going out of the network.
To configure this feature, you can navigate to your Virtual Network and then under the settings, select the "Service endpoints". Click on "+Add" to add a Service Endpoint.
In the popup, select the provider for which you want to configure the Service Endpoint.
Service Endpoints on the Virtual Networks are available for:
Microsoft.Sql provider
Microsoft.Storage provider
Also, select the subnet on which you want to configure the Service Endpoint and then hit "Add".
It will take some time (approximately 15 minutes) to configure the Service Endpoints at the backend. Once configured, you will see the configured endpoints in the portal as shown below.
Cell-level encryption to encrypt specific columns or even cells of data with different encryption keys.
Always Encrypted, which allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine (SQL Database or SQL Server). As a result, Always Encrypted provides a separation between those who own the data (and can view it) and those who manage the data (but should have no access).
Row-Level Security, which enables customers to control access to rows in a database table based on the characteristics of the user who is executing a query. (Example characteristics are group membership and execution context.)
Transparent Data Encryption (TDE) is the automated encryption of your data at rest. If configured it encrypts your database, backups of the database and transactional log files at rest. Normally this is configured by default to provide you with an additional layer of security. If this is not configured then you will get a recommendation to configure it in the Azure Security Center.
Turing Off Transparent data encryption will result in decryption of the complete database and will leave your data vulnerable. When you turn it back On then the database will be encrypted again. Depending upon the size of your database, it may take some time to turn the TDE on or off due to the underlying encryption/decryption process.
This service does not require any changes at the application level. Behind the scene, transparent data encryption performs real-time I/O encryption and decryption of the data at the page level. Each page is decrypted when it's read into memory and then encrypted before being written to disk.
Note: Even if the database is encrypted with TDE, when you take an export of the database (e.g. creation of BACPAK file) then the backup file is created without encryption. You need to ensure that you safeguard/encrypt the backup files before sharing these on an open network.
Transparent Data Encryption (TDE) can be enabled or disabled at every individual Database level. The configuration is a very simple toggle between on and off. To configure this, navigate to your Azure SQL Database. In the settings, select "Transparent Data Encryption". The set the value for "Data Encryption" On or Off.
You can use your own Key for encryption with Transparent Data Encryption. If you do not configure to use your own key, then a service managed certificate is used for encryption and decryption.
To do this you will need to upload your key to an Azure Key Vault or generate a new key within the Key Vault, which is very easy to configure. Once you have a key in an Azure Key Vault, you will be able to use the same with Transparent Data Encryption (TDE).
This setting can't be configured at a Database level. Instead, this has to be configured at the server level. Navigate to the underlying Azure SQL Server (where the SQL Database is hosted). Then follow the below steps:
In the settings, click on the Transparent Data Encryption
Select "Yes" to Use your own key.
Then click on "Select a Key" and then select the key from your Azure Key Vault. Alternatively, you can select to "Enter Key Identifier".
Once the key is configured, select "Save" to save the settings.
Auditing & Threat Detection in Azure SQL Database is a very simple to configure yet very powerful security feature.
Auditing feature audits all activity on your database to a Storage Account. You can determine the number of days for which you want to retain the data. It helps you remain compliant. In an event of any failure or compliance breach, you can go to the audit logs and can pinpoint the exact cause of the issue if this feature is enabled.
Threat Detection is an advanced feature, where Microsoft runs various algorithms under the hood and determines the pattern and identifies any potential attacks on your data. E.g. SQL Injection or patterns like SQL Injection can be detected when this feature is enabled. Please note that the Threat Detection feature has additional cost linked to it. It costs $15/server/month. It will be free for the first 60 days. Note that you can enable Auditing without enabling Threat Detection. But you can't enable Threat Detection without enabling Auditing on the data first.
SQL Threat Detection integrates alerts with Azure Security Center. If any anomalous activity is detected an alert is raised, you can get notification via email and can also review the same within the portal. You get real-time actionable alerts. Each alert also contains the information regarding how to mitigate the alert.
Classify the data in your SQL database by enabling Data Discovery and Classification in Azure SQL Database. You can monitor access to your sensitive data in the Azure dashboard or download reports.
Use the Azure SQL Database Vulnerability Assessment service, which scans for potential database vulnerabilities. The service employs a knowledge base of rules that flag security vulnerabilities and show deviations from best practices, such as misconfigurations, excessive permissions, and unprotected sensitive data. The rules are based on Microsoft best practices and focus on the security issues that present the biggest risks to your database and its valuable data. They cover both database-level issues and server-level security issues, like server firewall settings and serverlevel permissions. These rules also represent many of the requirements from regulatory bodies to meet their compliance standards.
Enable Azure SQL Database Threat Detection to get security alerts and recommendations on how to investigate and mitigate threats. You get alerts about suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access and query patterns.
To configure Auditing and Threat Detection at the database level, navigate to the database. Then follow the below steps:
In the database settings, click on "Auditing and Threat Detection"
You can optionally configure the settings at the Server level by click on the link "View server settings"
Next, toggle the "Auditing" setting on or off. Select the storage account and retention in the number of days.
Next, you can configure the "Threat Detection" on or off. If you toggle it on, then you have the option of selecting which type of Threats you want to detect.
You also have the option of configuring Email notifications which work with the Threat Detection.
When configuring Audit Logs Storage, you can select any subscription under the tenant and a storage account in that subscription. You can then select Retention in number of Days. When this number is set to Zero then that means unlimited retention. You can select a maximum of 3285 number of days for this value. You can also select whether to use a Primary or Secondary key while accessing the Storage Account for writing the logs.
Under Threat Detection types, you can select any one or all of the following types:
SQL injection
SQL injection vulnerability
Anomalous client login
If Blob Auditing or Threat Detection are enabled on the server, they will always apply to the database, regardless of the database settings.
At the server level, the configuration is almost identical. You need to navigate to the related Azure SQL Server first (instead of the SQL Database). Notice at the top of the below screenshot, it says "SQL server" instead of "SQL database". Then navigate to it's "Auditing and Threat Detection" section and perform the configurations similar to above sections.
Dynamic Data Masking is a feature of Azure SQL Databases, that allows you to hide the sensitive data. E.g. your database contains information regarding the Credit Cards of your customers. When exposing the database you want to ensure that the credit cards are not exposed. They should automatically be presented in the format "xxxx-xxxx-xxxx-1234" i.e. only exposing the last 4 digits.
This feature can be accessed by navigating to your database and then clicking on the "Dynamic Data Masking" option under settings. By default, there are no masks applied. Click on "+ Add mask" to add a new mask.
Note that whatever masks you apply are not applied to the administrators. Additionally, you can provide the SQL users who should be excluded from masking.
Azure SQL Database will also automatically try to recommend the fields that should be masked.
When adding Masking Rules you provide below information:
Name for the mask is auto-populated (based on your selections)
Schema
Table in that schema
Column in the table, where mask should be applied
Masking Criteria
Note that the Masking criteria vary based on the type of the column. E.g. If a column does not have numerical value then the masking criteria for "Number (random number range)" will show as disabled.