Azure SQL Database Threat Detection Arrives in April

Microsoft works to provide its customers with attack-resistant cloud services, advanced search capabilities and streamlined application logins.

microsoft azure

Last week, just before the RSA Conference kicked off in San Francisco, Microsoft teased several upcoming security-themed products, including a new Azure SQL Database Threat Detection offering that can sniff out suspicious database activity. A recent blog post from Ron Matchoro, senior program manager at Microsoft Azure SQL Database, sheds more light on things.

"Azure SQL Database Threat Detection provides an additional layer of security intelligence built into the Azure SQL Database service," wrote Matchoro. "It helps customers using Azure SQL Database to secure their databases within minutes without needing to be an expert in database security. It works around the clock to learn, profile and detect anomalous database activities indicating unusual and potentially harmful attempts to access or exploit databases."

Those activities can include attempted access to a production database from an unknown network or SQL injection, a popular tactic among cyber-attackers. Akamai's State of the Internet Security Report for the fourth quarter of 2016, released earlier this week, found that SQL injection remained the top web application attack type followed by local file inclusion.

General availability is scheduled for some time in April, Matchoro added. When it arrives, it will be priced at $15 per server per month. A preview is available now for interested users.

Microsoft's cloud security management product, Azure Security Center, is gaining new analytics-driven capabilities to help administrators thwart attacks on their Azure deployments.

Customers can now test Azure Security Center's new application whitelisting feature that reduces the attack surface on virtual machines (VMs). It automatically recommends a whitelist policy, and if approved, applies it using the company's AppLocker technology. To guard against brute force network attacks on Virtual Machines, Microsoft has added a just-in-time network access feature that opens the ports used to connect VMs on a limited, as-needed basis.

Elsewhere in Microsoft's cloud ecosystem, the company announced a new integration between its DocumentDB, a NoSQL document service, and Azure Search indexing service for various types of data.

"Seamlessly select or create a Search service, and your DocumentDB configuration will be populated automatically. You'll have all the search power you've come to expect," said Evan Boyle, a software engineer at Microsoft Azure Search, in a Feb. 13 announcement. "Schema inference provides an excellent starting point to easily add features like faceted navigation, intelligent language processing, and suggestions."

Meanwhile, Azure Active Directory B2C (business-to-consumer) now allows users to hit the ground running when signing up for a new app.

Launched last summer, Azure Active Directory B2C offers developers user access and identity management for their cloud-powered applications. Typically when users sign up for an app, they are asked to verify their identity with an email verification.

Now, with a new "friction-free" setup option that disables email verification, developers can skip that step and provide users with immediate access. Also new is support for single-page apps where the page dynamically updates without a complete page refresh and a handful of new usage reporting APIs, including a tally of successful authentications during a specified period.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...