The Importance of Database Activity Monitoring

The Importance of Database Activity Monitoring

With the transition to a remote workforce dispersing access to databases far beyond the network perimeter, coupled with the rise in privileged credential attacks and insider threats, the importance of database activity monitoring has never been greater. This post will explain what database activity monitoring is, how it shrinks your attack surface, and why it should be a critical control in your cybersecurity program.

What is Database Activity Monitoring?

Database activity monitoring is the process of observing, analyzing, and reporting/alerting on database activities, especially unusual, unauthorized, and/or potentially malicious or fraudulent actions and policy violations. A top question that database activity monitoring tools answer is, “What data is being accessed, and by whom, and is that a problem?”

Capabilities of database activity monitoring tools range from simple user activity analysis to comprehensive solutions that offer application-level analytics, intrusion detection and prevention, discovery/classification, vulnerability management, and integration with identity and access management (IAM) solutions.

How Does Database Activity Monitoring Work?

Database activity monitoring solutions fall into two general categories: standalone applications (often SaaS tools), and software modules that run on your database servers. Both rely on multiple techniques, from network monitoring to analyzing database audit logs, to deliver early warnings and/or block suspect activity.

Database activity monitoring solutions work in or near real-time, separate from your database management system (DBMS) auditing and logging functions to minimize performance impacts. They can detect issues originating inside or outside your network, and some can block requests before they are executed. This gives you a preventive layer of protection over your most sensitive data, while also supporting data breach investigations and incident response. The more you know about potential threats and the quicker you know it, the better you can identify causes and take corrective action before data is compromised or exfiltrated.

What are the Top Database Activity Monitoring Features?

Database activity monitoring tools often have the following key features, which are important to ask vendors about:

  • The ability to monitor, analyze and alert on database activities without impacting database performance
  • The ability to alert on policy violations, suspicious activity, and other threats to data
  • A secure architecture that prevents privileged database users from compromising the tool’s operation or data, such as tampering with recorded activities or logs
  • The capability to monitor and report on privileged users’ activities, often called separation of duties
  • An “IT infrastructure agnostic” design that doesn’t clash with your encryption solution and other security controls, and/or can integrate with your data protection, operations monitoring, and compliance reporting solutions.
  • The capacity to monitor your entire database environment across both cloud and on-premises systems, multiple physical and virtual server platforms, and even different DBMSs

More sophisticated database activity monitoring tools may offer additional features and capabilities, such as:

  • Predefined policies to address common compliance requirements like HIPAA, SOX, and PCI out-of-the-box
  • Enabling deeper visibility into how much data you have and where it is stored, across on-premises, cloud-based, and legacy databases
  • Automated (or semi-automated) discovery and classification of data by type and/or cyber risk level, particularly personal data (email addresses, credit card numbers, medical records) 
  • Integration with third-party change management solutions to “close the loop” on tracking approved database changes, including generating change management reports based on tracked database activity

How Can Database Activity Monitoring Help My Business?
Database activity monitoring controls help companies comply with regulations like the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act (SOX), and the Health Insurance Portability and Accountability Act (HIPAA). These controls can also support compliance with evolving and escalating US government regulations. This includes the NIST SP 800-171 cybersecurity standard mandated by the US Department of Defense (DoD) and other agencies across all sectors for government contractors and their vendors that handle Controlled Unclassified Information (CUI).

If you need to monitor database access and privileged users to fulfill compliance requirements, meet contract obligations, and/or address risk management guidelines, database activity monitoring can streamline and simplify these processes significantly. It is also one of the best ways to protect sensitive databases from external cyber-attacks (e.g., using stolen administrator credentials) and to block insider threats.

Among the most common use cases for database monitoring are:

  • Monitoring application activity to detect fraudulent access and enforce end-user accountability. Many firms need the ability to identify and associate individual database transactions with individual application users to trace unapproved or malicious events to their source. This type of monitoring also helps mitigate risk from widespread cyber-attack vectors like SQL injection.
  • Monitoring privileged users like database administrators, IT staff, software developers, and help desk staff, whether in-house or outsourced. This includes monitoring and logging all transactions and identifying abnormal activities like viewing sensitive data. These controls are a critical adjunct to network-level controls like firewalls because they help protect your data if your perimeter is breached or if an attacker is already prowling “inside the castle.” 
  • Ensuring data governance by enforcing change control procedures so that unapproved database changes are blocked or quickly rolled back. These capabilities also support anti-fraud programs.

Moving Your Database Security Program Forward

Databases store a company’s most sensitive data assets, yet they are often poorly protected. In today’s world of constantly escalating and evolving security threats, combined with continuous data growth and new data uses, most organizations need database-centric security measures to reduce business risk. The growing importance of data integrity and privacy to regulators and customers is another major driver for implementing database activity monitoring. 

For these reasons and more, database activity monitoring is a vital part of a robust, holistic database security program that encompasses your data, your database configurations, and servers, your database security policies, your patch management program, your identity, and access controls, your network and application security controls, your physical environment, your vendor risk management, and more.

As an ideal starting point, an expert database security risk assessment can find the gaps in your current security posture and guide prioritized mitigation. To find out more, connect with Buda Consulting.


An In-Depth Look at Microsoft SQL Server Managed Services with Buda Consulting

An In-Depth Look at Microsoft SQL Server Managed Services with Buda Consulting

Monitoring and managing Microsoft SQL Server databases can be challenging for many businesses. It takes significant resources and constant monitoring to ensure optimal functioning across a SQL Server database environment, in line with best practices and business goals. Many organizations lack the expertise and time to manage their SQL Server databases. This is where SQL Server Managed Services at Buda Consulting come into play.

Our certified professionals are capable of managing even the most sophisticated SQL Server environments and can take the load of managing your databases completely off your team. Our SQL Server Managed Services offering includes remote administration, performance tuning, upgrades, database security, high availability, disaster recovery, database migrations, and more.

Monitoring SQL Server Managed Services for Security and Performance

Today’s businesses need database performance and security monitoring more than ever. Even in non-regulated environments, organizations need to manage and monitor database access, ensure data is available and protected by backups, and be prepared to respond to potential breaches, including any required reporting. Organizations also need to consider other factors, including permission changes, addition or drop of columns or tables, and unscheduled changes inside the database. All this can take significant time and expertise.

Overall, SQL Server database performance and security monitoring delivered as a managed service help proactively identify and solve problems before they impact operations, while cost-effectively eliminating the constant drain of database monitoring on in-house resources. Managed services can also ensure that your SQL Server environment is safely backed up off-site to reduce the impact of ransomware and other malware attacks.

High Availability and Disaster Recovery for SQL Server

Companies now consider 24x7x365 availability of their web presence or ERP as a critical requirement for keeping up with today’s dynamic competitive environments. Few firms can afford to face significant downtime of mission-critical applications—especially their SQL Server databases. Besides reducing immediate operational impacts, your ability to seamlessly withstand outages, natural disasters, and infrastructure interruptions will elevate your level of business continuity, and thus directly protect your bottom line. Buda Consulting offers high availability and disaster recovery services as part of its SQL Server Managed Services offering to ensure business continuity and peace of mind.

What’s the difference between high availability and disaster recovery? In SQL Server environments, the former focuses on providing 100% uptime and service availability through redundant and fault-tolerant components at the same location. The latter offers service continuity and minimizes downtime via redundant services at one or more separate sites.

The importance of high availability and disaster recovery for any business cannot be underestimated. Downtime costs alone have been estimated in the millions of dollars per hour in some industries. Database downtime is what a CTO’s nightmares are made of, and this could be the result of various causes, e.g., natural disasters, power outages, or hardware/software failures. With Buda Consulting’s SQL Server Managed Services, these risks won’t keep you up at night anymore. 

Effective Management of Growing SQL Server Estates

SQL Server Managed Services involve remote monitoring to check resource usage such as I/O capacity, memory, disk space, and CPU to identify trends and predict when more capacity is necessary. Here monitoring provides timelines and history to help reveal whether a stress phenomenon concurs with a specific type of processing like a scheduled data import or a weekly aggregation. At the same time, making expertise available on-demand is critical to rapidly isolate the root causes of alerts and eliminate unanticipated issues like an increase in deadlocks or a performance drop before users experience problems.

As many SQL Server estates grow rapidly larger and more complex, the advantages of managed service expertise to deal with monitoring, administration, health/performance tuning, and troubleshooting across on-premises, public and hybrid cloud infrastructure increase as well. A managed services approach not only eliminates repetitive, manual daily tasks for your team but also enhances the business value of SQL Server database monitoring through expert use of the latest tools and best practices.

SQL Server Installation and Updates

Your SQL Server Managed Services team will collaborate on the initial installation and configuration of new Microsoft SQL Server software. In most cases, a system administrator or other IT/operations team members are responsible for physical or virtual setup and deployment of the new database server’s operating environment, while a database administrator (DBA) installs and configures the new database software. Also, the DBA handles the ongoing maintenance whenever patches and updates are necessary, as these are critical for security and optimum performance. Anytime there’s a need for a new server, the DBA will deal with data transfer from the current to the new system.

Database Upgrades and Migration

If your company is using an older SQL Server version that is holding you back, Buda Consulting’s SQL Server Managed Services can upgrade you to the current SQL Server version or a different version that better meets your evolving needs, such as the ability to leverage newer SQL Server features like Big Data Clusters, improved container support, new in-memory database capabilities, and more.

Migrating databases between SQL Server environments, such as moving from an on-premises data center to a public, private or hybrid cloud, can be challenging even for experienced IT staff. Buda Consulting SQL Server Managed Services can help you reduce delays and mitigate database migration risks while ensuring new environments are correctly configured and deployed in line with best practices and your specific needs—to eliminate data breaches, data loss, and other misconfiguration impacts. We can even help you move your SQL Server databases from your on-premises data center to a managed hosting provider, or help you choose the best hosting options for your critical SQL Server workloads.

Remote Database Administration

For organizations that want to outsource SQL Server database administration but don’t need a full managed service program, Buda Consulting provides remote database administration (remote DBA) services for your SQL Server environment. This level of support is ideal to help many small to midsized businesses (SMBs) address upgrade and patching needs, performance optimization, maintenance, and monitoring. Leveraging our remote DBA service can very often reduce operational costs, enhance system performance, and relieve stress on scarce IT resources. 

Let Experienced Pros Handle Your SQL Server Databases

Whether you want to optimize your current database performance, develop a new SQL Server database architecture or evaluate your existing database architecture, or improve security, business continuity and incident response in line with new regulations or escalating stakeholder demands, highly-qualified SQL Server Managed Services from Buda Consulting can help. Certified professionals will work with you to understand your business goals and create an optimized Microsoft SQL Server environment that consistently delivers a broad range of cost, security, availability, performance, scalability and agility benefits to your company.

In today’s fast-changing business environment, SMBs demand more from their data than ever before. If you want to focus on running your business and leave Microsoft SQL Server concerns to a trusted partner, you can rely on the database experts at Buda Consulting to provide SQL Server Managed Services that will maximize your operational efficiency, security and availability while reducing IT costs and business risk.

Contact Buda Consulting today to explore the options and benefits of Microsoft SQL Server Managed Services for your organization. 

Managing Server Sprawl With AWS Management Console Alerts

Managing Server Sprawl With AWS Management Console Alerts

A DBA’s Transition Guide for Hosting on the AWS Cloud

So your organization has decided to migrate your traditional on-premises IT infrastructure to the AWS Cloud in the hopes of realizing cost savings, and to cut down on the time it takes to provision and configure services to support new and changing application workloads. Applications can evolve over time to cloud-centric architectures in order to realize cost savings. But what about all the extra administrative tasks and pressures that go along with the additional speed and agility that cloud hosting provides? How do you keep a handle on all the new instances and know when there are server sprawl issues? Or, even better, avoid server sprawl issues in the first place?

Every DBA knows that whenever anything goes wrong it is always the database that is guilty until proven innocent. So how can DBAs adapt to the new challenges of AWS hosting to remain valuable assets to our organizations?

For the purposes of this blog we will focus on database monitoring and management using the AWS CloudWatch service. CloudWatch ingests performance data from a wide range of AWS resources, applications and services, sends alerts when needed, and keeps a 15-day historical record of performance information. You can even configure CloudWatch with alarm actions to automatically take corrective measures in response to certain predefined event types (but that is a blog for another time). As an added bonus, the CloudWatch “free tier” should be sufficient to perform the heavy lifting of issue detection and identification for most application databases.

Monitoring Performance Metrics of Databases Managed with Amazon RDS

As with traditional on-premises databases, CPU utilization and available memory are two sides of the same performance tuning coin for databases in the AWS Cloud.

You can use the CPUUtilization metric in CloudWatch to keep a historical view of CPU usage for databases managed with Amazon Relational Database Service (Amazon RDS). To get a more complete picture of how an RDS database instance is performing, you can combine CPU monitoring with these additional metrics:

  • FreeableMemory, which shows the amount of available memory
  • SwapUsage, which shows how much data in memory is being paged to disk due to memory shortages

You can also configure CloudWatch to send alerts when thresholds are crossed.

One of the best features of cloud hosting is you are no longer locked into a specific database footprint based on hardware that was purchased. If you start to see a trend of CPU availability consistently running above 80%, or you’re seeing a shortage of free memory, it could be time to take advantage of the cloud’s on-demand scalability and plan to grow your DB instance to increase capacity. Likewise, if you notice that your databases are consistently showing a large amount of free memory and CPU, then think about scaling down the database instance class to save money.

Storage Monitoring and Auto Scaling To Avoid Server Sprawl

In the AWS cloud, there is never a good reason for running out of available storage on a production database, or any database for that matter. For example, you can use the CloudWatch FreeStorageSpace metric to measure the amount of storage space available to a database instance and trigger alerts as needed. Amazon RDS hosted databases also support storage auto scaling on all major RDS database offerings. This option automatically increases the storage by 5 GB or 10% of currently allocated storage, whichever is higher.

The amount of input/output operations per second (IOPS) for a given database is derived from the storage type you are using together with the amount of storage allocated. It is important to know what IOPS numbers your current storage supports, and you can define the CloudWatch metrics ReadIOPS and WriteIOPS to notify you if you are approaching that level to avoid an issue.

You can get additional IOPS by moving to faster storage or growing your storage footprint to a certain degree. If you exhaust those options and are certain that poor application coding is not leading to excessive read/write activity, it may be time to start thinking about moving to the Provisioned IOPS (PIOPS) storage type, which can provide a higher level of guaranteed I/O for an additional cost.

CloudWatch also offers metrics for ReadLatency, WriteLatency, and DiskQueueDepth for you to configure if you want to keep a closer eye on those parameters.

Monitoring Database Connections

The CloudWatch DatabaseConnections parameter lets you monitor the number of active connections to your database and can alert you when the value approaches the max_connections property for the database.

The default value for max_connections is derived from the total memory and is database-specific, so it is important to check the setting for each database. You can also modify the default value of this parameter if required.

As you can see, CloudWatch simplifies a number of key database monitoring and management tasks. But CloudWatch is just one of several DBA support options you can try on AWS Cloud. You can also subscribe to Amazon RDS events to be notified about changes to a database instance, leverage the Performance Insights dashboard to help analyze database issues, and more.

If your company is thinking of migrating your databases to a cloud or managed hosting provider, Buda Consulting can help you choose the best option for your workloads, and can act as your “first line of defense” when problems like server sprawl arise. We also offer “personalized” managed database environments for Oracle, SQL Server and MySQL workloads.

Contact us to schedule a free consultation today.

For more information: