1 00:00:00,000 --> 00:00:06,200 Welcome to the Azure Security Podcast, 2 00:00:06,200 --> 00:00:09,380 where we discuss topics relating to security, privacy, 3 00:00:09,380 --> 00:00:13,680 reliability, and compliance on the Microsoft Cloud Platform. 4 00:00:13,680 --> 00:00:16,800 Hey everybody, welcome to Episode 36. 5 00:00:16,800 --> 00:00:18,840 This week we have myself, Michael, 6 00:00:18,840 --> 00:00:20,440 we have Gladys and Mark. 7 00:00:20,440 --> 00:00:22,720 We also have a special guest, David Tregano, 8 00:00:22,720 --> 00:00:24,220 whose hits talked to us about 9 00:00:24,220 --> 00:00:26,860 Azure Defender for SQL vulnerability assessment. 10 00:00:26,860 --> 00:00:27,900 But before we get to David, 11 00:00:27,900 --> 00:00:28,920 let's take a look at the news. 12 00:00:28,920 --> 00:00:29,800 I'll kick things off. 13 00:00:29,800 --> 00:00:31,800 A couple of things really piqued my interest this week. 14 00:00:31,800 --> 00:00:33,440 The first was based on 15 00:00:33,440 --> 00:00:34,760 an internal discussion that we had at 16 00:00:34,760 --> 00:00:36,560 Microsoft with some of 17 00:00:36,560 --> 00:00:39,660 the networking security folks on the Azure team. 18 00:00:39,660 --> 00:00:41,860 I'll be honest, I'm an app development guy, 19 00:00:41,860 --> 00:00:43,760 application security, security design, 20 00:00:43,760 --> 00:00:47,240 that sort of stuff is my main area of expertise. 21 00:00:47,240 --> 00:00:49,240 Security, when it comes to networking, 22 00:00:49,240 --> 00:00:51,080 is not an expert at all. 23 00:00:51,080 --> 00:00:53,040 So I'm always willing to learn new stuff. 24 00:00:53,040 --> 00:00:55,400 So we had this internal discussion and 25 00:00:55,400 --> 00:00:57,160 the woman who was talking provided 26 00:00:57,160 --> 00:01:01,040 a link to the Azure networking ninja training. 27 00:01:01,040 --> 00:01:03,040 So I'm going to provide a link to that because 28 00:01:03,040 --> 00:01:05,720 the material is absolutely fantastic. 29 00:01:05,720 --> 00:01:07,240 Now the one is that some tools 30 00:01:07,240 --> 00:01:12,040 that allow you to perform network intrusions into Azure, 31 00:01:12,040 --> 00:01:14,960 so that you can make sure that your tooling all works, 32 00:01:14,960 --> 00:01:17,520 using a whole bunch of open source tools. 33 00:01:17,520 --> 00:01:19,720 So I'll actually provide a link to those as well. 34 00:01:19,720 --> 00:01:24,400 Finally, just to keep your ideogenist and Sarah happy, 35 00:01:24,400 --> 00:01:26,680 I actually took SC900, 36 00:01:26,680 --> 00:01:30,040 which is the security and identity fundamentals exam. 37 00:01:30,040 --> 00:01:32,920 Pretty easy. It's an hour long exam. 38 00:01:32,920 --> 00:01:34,760 I actually got it done in 15 minutes. 39 00:01:34,760 --> 00:01:37,000 That being said, I think if you're relatively 40 00:01:37,000 --> 00:01:39,560 new to security in Azure, 41 00:01:39,560 --> 00:01:42,600 it's still well worth taking the exam. 42 00:01:42,600 --> 00:01:45,880 For no other reason to have another exam under your belt. 43 00:01:45,880 --> 00:01:48,080 As I've mentioned in many times before, 44 00:01:48,080 --> 00:01:51,080 I'm looking at taking all the 900 exams. 45 00:01:51,080 --> 00:01:54,000 The next one on the cards is going to be the AI900. 46 00:01:54,000 --> 00:01:56,280 Then after that, I'll probably do the Power Platform 900. 47 00:01:56,280 --> 00:01:59,080 I think that's PB900, it's P-something 900. 48 00:01:59,080 --> 00:02:00,200 That's all I got. 49 00:02:00,200 --> 00:02:02,960 This is Gladys and I'm going to be focusing 50 00:02:02,960 --> 00:02:04,880 in this session on government. 51 00:02:04,880 --> 00:02:08,200 Microsoft has been releasing a lot of documentation 52 00:02:08,200 --> 00:02:09,960 that is geared to answer 53 00:02:09,960 --> 00:02:14,480 the executive order on improving the nation's cybersecurity. 54 00:02:14,480 --> 00:02:17,800 Many people are familiar with the original order 55 00:02:17,800 --> 00:02:20,720 that was released on May 12, 2021, 56 00:02:20,720 --> 00:02:24,760 which was focused on government organizations. 57 00:02:24,760 --> 00:02:28,840 But there's also a memorandum that was released 58 00:02:28,840 --> 00:02:32,320 for improving cybersecurity for critical infrastructure 59 00:02:32,320 --> 00:02:35,600 control systems, which includes energy, 60 00:02:35,600 --> 00:02:41,240 nuclear, wastewater, management, system sectors, 61 00:02:41,240 --> 00:02:45,400 emergency services, healthcare, transportation, 62 00:02:45,400 --> 00:02:48,840 financial, commercial, and many other organizations as well. 63 00:02:48,840 --> 00:02:51,280 Because there are so many organizations 64 00:02:51,280 --> 00:02:52,960 that need this guidance, 65 00:02:52,960 --> 00:02:56,000 Microsoft has been creating a lot of blogs, 66 00:02:56,000 --> 00:02:59,840 documentation, and even newer capabilities 67 00:02:59,840 --> 00:03:04,320 within our products to address the requirements in 2021. 68 00:03:04,320 --> 00:03:09,680 Some examples include the Zero Trust 3.0 book 69 00:03:09,680 --> 00:03:11,400 for Sentinel mapping. 70 00:03:11,400 --> 00:03:14,600 This is one of the guidance that is recommended 71 00:03:14,600 --> 00:03:19,800 to address requirements for the EO or executive order. 72 00:03:19,800 --> 00:03:23,240 The Azure Security Benchmark maps 73 00:03:23,240 --> 00:03:28,120 requirements to the NIST SP-853. 74 00:03:28,120 --> 00:03:30,920 There's a lot of guidance being published also 75 00:03:30,920 --> 00:03:33,160 in the cyber EO section 76 00:03:33,160 --> 00:03:36,080 of the Microsoft Federal page as well. 77 00:03:36,080 --> 00:03:38,200 So please be in the lookout 78 00:03:38,200 --> 00:03:41,840 for the documentation and capabilities being released. 79 00:03:41,840 --> 00:03:46,200 I will put several links in our podcast site as well. 80 00:03:46,200 --> 00:03:51,400 On August 16th also, we announced the general availability 81 00:03:51,400 --> 00:03:54,520 of Azure Government Top Secret. 82 00:03:54,520 --> 00:03:58,240 This shows the Microsoft commitment to the mission 83 00:03:58,240 --> 00:04:00,920 of nation security. 84 00:04:00,920 --> 00:04:03,960 Currently, there are over 60 services, 85 00:04:03,960 --> 00:04:06,240 but more are coming soon. 86 00:04:06,240 --> 00:04:08,880 This is close to the same amount of the services 87 00:04:08,880 --> 00:04:13,160 that we have in Azure Secret, which is 73. 88 00:04:13,160 --> 00:04:17,360 The blog also talks about data unification 89 00:04:17,360 --> 00:04:20,800 and services interconnection strategy, 90 00:04:20,800 --> 00:04:23,040 which is something we keep consistent 91 00:04:23,040 --> 00:04:26,040 within all our clouds. 92 00:04:26,040 --> 00:04:29,720 Thanks. From my side, a couple updates, 93 00:04:29,720 --> 00:04:33,160 mostly in the training readiness education space. 94 00:04:33,160 --> 00:04:35,560 The first of the videos that we recorded, 95 00:04:35,560 --> 00:04:38,320 they're actually formatted as interactive guides. 96 00:04:38,320 --> 00:04:39,800 So I think computer-based training 97 00:04:39,800 --> 00:04:44,000 where you click next and back for concept. 98 00:04:44,000 --> 00:04:46,840 So the first versions of those are out 99 00:04:46,840 --> 00:04:49,560 for the cyber reference architecture. 100 00:04:49,560 --> 00:04:53,120 So the three that we released recently 101 00:04:53,120 --> 00:04:55,320 are the main capabilities diagram, 102 00:04:55,320 --> 00:04:57,720 the people diagram that talks about roles 103 00:04:57,720 --> 00:04:59,800 and responsibilities, jobs to be done, 104 00:04:59,800 --> 00:05:04,440 and a third one is the zero trust user access. 105 00:05:04,440 --> 00:05:07,320 And so those three are rolled out and available publicly. 106 00:05:07,320 --> 00:05:09,920 So I'm putting the links in the show notes there 107 00:05:09,920 --> 00:05:12,160 for y'all to check those out. 108 00:05:12,160 --> 00:05:15,400 These particular videos, there's some more coming, 109 00:05:15,400 --> 00:05:18,800 but these particular videos are focused on folks 110 00:05:18,800 --> 00:05:21,880 that are a little bit more new to security, 111 00:05:21,880 --> 00:05:23,240 new to security technology, 112 00:05:23,240 --> 00:05:25,880 new to Microsoft's capabilities. 113 00:05:25,880 --> 00:05:28,440 We do have some coming that are a little bit more oriented 114 00:05:28,440 --> 00:05:30,840 towards folks that are familiar with the cyber reference 115 00:05:30,840 --> 00:05:34,040 architectures and have seen previous versions of the videos, 116 00:05:34,040 --> 00:05:36,040 but these are more for the folks 117 00:05:36,040 --> 00:05:37,480 that are a little bit new to it. 118 00:05:37,480 --> 00:05:39,800 There's definitely some interesting information there 119 00:05:39,800 --> 00:05:43,080 for all audiences, but we really tried to help those folks 120 00:05:43,080 --> 00:05:45,840 that are a little bit new to the space 121 00:05:45,840 --> 00:05:48,240 with this particular set of videos, 122 00:05:48,240 --> 00:05:50,440 or interactive guides rather. 123 00:05:50,440 --> 00:05:52,600 The other thing that I wanted to reshare 124 00:05:52,600 --> 00:05:55,840 because this is something that a lot of people 125 00:05:55,840 --> 00:05:58,960 aren't sort of used to coming from Microsoft is 126 00:05:58,960 --> 00:06:01,120 we have some ninja training, 127 00:06:01,120 --> 00:06:02,960 ninjas just our Microsoft terminology 128 00:06:02,960 --> 00:06:05,520 for the nice sets of training, 129 00:06:05,520 --> 00:06:06,760 a whole complete set of training 130 00:06:06,760 --> 00:06:08,920 to help you become an expert or a ninja. 131 00:06:08,920 --> 00:06:11,200 The defender for IoT one is the one I want to highlight, 132 00:06:11,200 --> 00:06:13,960 and I'll include a link for that in the show notes as well. 133 00:06:13,960 --> 00:06:16,640 What this is is for our operational technology, 134 00:06:16,640 --> 00:06:20,600 also known as SCADA, Super Advisory Control 135 00:06:20,600 --> 00:06:23,840 and Data Acquisition, ICS, Industrial Control System. 136 00:06:23,840 --> 00:06:25,200 It goes by a lot of different names, 137 00:06:25,200 --> 00:06:28,680 but ultimately OT is the technology that computers 138 00:06:28,680 --> 00:06:31,120 that control physical machines, physical processes, 139 00:06:31,120 --> 00:06:33,440 taken data from sensors, et cetera. 140 00:06:33,440 --> 00:06:35,600 So that security technology we have 141 00:06:35,600 --> 00:06:37,240 for securing those environments, 142 00:06:37,240 --> 00:06:41,360 often 30 to 50 year old crusty electronics is out. 143 00:06:41,360 --> 00:06:43,960 So, how Microsoft can help you secure that 144 00:06:43,960 --> 00:06:45,640 and how to use it and how to work with it 145 00:06:45,640 --> 00:06:48,080 and how that whole space works at large. 146 00:06:48,080 --> 00:06:50,720 So I wanted to highlight that for folks as well. 147 00:06:50,720 --> 00:06:52,080 Okay, so now we've got the news out the way. 148 00:06:52,080 --> 00:06:53,840 Let's turn our attention to our guest. 149 00:06:53,840 --> 00:06:55,440 This week we have David Tregano, 150 00:06:55,440 --> 00:06:57,360 who is here to talk to us about 151 00:06:57,360 --> 00:07:00,480 as you defender for SQL vulnerability assessment. 152 00:07:00,480 --> 00:07:01,760 David, welcome to the podcast. 153 00:07:01,760 --> 00:07:03,200 Would you mind spending a moment 154 00:07:03,200 --> 00:07:05,920 just explaining what you do to our listeners? 155 00:07:05,920 --> 00:07:07,320 Sure, hi everyone, hi Michael. 156 00:07:07,320 --> 00:07:09,480 Thank you for inviting me to the podcast. 157 00:07:09,480 --> 00:07:11,480 So as you said, my name is David Tregano. 158 00:07:11,480 --> 00:07:14,560 I'm a product manager working on Microsoft. 159 00:07:14,560 --> 00:07:18,280 My actual job is to ensure that our customers 160 00:07:18,280 --> 00:07:22,360 are well protected using Azure Defender for SQL 161 00:07:22,360 --> 00:07:24,720 and specifically SQL vulnerability assessment 162 00:07:24,720 --> 00:07:26,760 that we will talk about it in a minute. 163 00:07:26,760 --> 00:07:31,000 And more personally, I've been in Microsoft for seven years. 164 00:07:31,000 --> 00:07:33,600 Interesting history because I started my journey 165 00:07:33,600 --> 00:07:36,200 at Microsoft as a Microsoft student partner. 166 00:07:36,200 --> 00:07:39,640 So MSP, it's kind of MVP before students 167 00:07:39,640 --> 00:07:43,160 when I was in France, so 2008, 2009. 168 00:07:43,160 --> 00:07:45,720 And then 2010, I started as an intense 169 00:07:45,720 --> 00:07:48,440 software engineer working on Microsoft France. 170 00:07:48,440 --> 00:07:50,600 Then I moved to be a ADM, 171 00:07:50,600 --> 00:07:52,880 so application development manager. 172 00:07:52,880 --> 00:07:55,240 I came to Israel five years ago, 173 00:07:55,240 --> 00:07:57,920 still working on Microsoft as an ADM. 174 00:07:57,920 --> 00:08:00,760 And two years ago, I moved to a program manager 175 00:08:00,760 --> 00:08:04,520 slash product manager here in Azure Security Center. 176 00:08:04,520 --> 00:08:05,360 Thanks for that. 177 00:08:05,360 --> 00:08:06,680 So just so our listeners are aware, 178 00:08:06,680 --> 00:08:09,760 this is kind of the second part of a two-part series. 179 00:08:09,760 --> 00:08:13,720 Last time we had Michael McLevich to talk to us about 180 00:08:13,720 --> 00:08:16,440 as you Defender for SQL Advanced Threat Protection. 181 00:08:16,440 --> 00:08:17,840 And so this is the second half now. 182 00:08:17,840 --> 00:08:20,120 So David is gonna cover the other part, 183 00:08:20,120 --> 00:08:21,960 which is the vulnerability assessment. 184 00:08:21,960 --> 00:08:23,560 David, would you mind just spending a couple of minutes 185 00:08:23,560 --> 00:08:26,360 just explain what the vulnerability assessment side 186 00:08:26,360 --> 00:08:29,800 of the house looks like and what's sort of the philosophy 187 00:08:29,800 --> 00:08:32,160 and the goals behind that part of the product? 188 00:08:32,160 --> 00:08:36,360 I think when you look over the security posture 189 00:08:36,360 --> 00:08:39,320 or the security lifecycle of a resource, 190 00:08:39,320 --> 00:08:43,080 you have this reactive alert that you're receiving 191 00:08:43,080 --> 00:08:45,560 when a malicious user access to your database 192 00:08:45,560 --> 00:08:48,240 or when there is malicious activities in your database. 193 00:08:48,240 --> 00:08:52,760 But you have all this proactive side of this lifecycle, 194 00:08:52,760 --> 00:08:57,160 which basically contains of scanning your databases, 195 00:08:57,160 --> 00:09:00,520 discovering misconfigurations and vulnerabilities 196 00:09:00,520 --> 00:09:03,160 and highlighting those misconfigurations 197 00:09:03,160 --> 00:09:07,840 and vulnerabilities, allowing our customers to fix them 198 00:09:07,840 --> 00:09:10,120 and remediate them before something bad happens 199 00:09:10,120 --> 00:09:12,040 to the databases. 200 00:09:12,040 --> 00:09:16,960 So I think bottom line, this is what VA stands for, 201 00:09:16,960 --> 00:09:21,400 scan databases, proactively discover misconfigurations 202 00:09:21,400 --> 00:09:25,200 and vulnerabilities, sending these findings 203 00:09:25,200 --> 00:09:27,800 into a centralized place that is called Azure Defender 204 00:09:27,800 --> 00:09:31,000 for SQL, or should I say, Azure Security Center, 205 00:09:31,000 --> 00:09:35,080 part of the CSPM side of Azure Security Center. 206 00:09:35,080 --> 00:09:39,280 So CSPM stands for Cloud Security Posture Management. 207 00:09:39,280 --> 00:09:42,480 So basically, Azure Security Center has two aspects. 208 00:09:42,480 --> 00:09:45,800 The first one is CSPM, as I just mentioned, 209 00:09:45,800 --> 00:09:47,440 Cloud Security Posture Management, 210 00:09:47,440 --> 00:09:51,000 allowing customers to understand the security posture 211 00:09:51,000 --> 00:09:53,440 on their environment, receiving recommendations 212 00:09:53,440 --> 00:09:55,600 and best practices from Microsoft. 213 00:09:55,600 --> 00:09:59,680 Not only this, but these are the big pillars of the CSPM. 214 00:09:59,680 --> 00:10:03,400 And what we call the second part is the CWP 215 00:10:03,400 --> 00:10:06,880 for Cloud World Cloud Protection, 216 00:10:06,880 --> 00:10:11,800 which basically you can translate it into the ATP 217 00:10:11,800 --> 00:10:15,280 sides of the Azure Defender plans. 218 00:10:15,280 --> 00:10:17,840 So ATP for SQL, ATP for containers, 219 00:10:17,840 --> 00:10:20,600 ATP for VMs, et cetera, et cetera. 220 00:10:20,600 --> 00:10:25,600 So which versions of SQL Server are protected by VA? 221 00:10:26,560 --> 00:10:29,720 Basically, we do like to say that we are protecting 222 00:10:29,720 --> 00:10:32,160 any type, any flavor of SQL. 223 00:10:32,160 --> 00:10:35,080 So you can have Azure SQL Database, 224 00:10:35,080 --> 00:10:38,800 Synapse, Data Warehouse, SQL Managing Instance. 225 00:10:38,800 --> 00:10:41,280 You can have also SQL Server on-prem. 226 00:10:41,280 --> 00:10:43,760 You can have SQL Server hosted on an Azure VM. 227 00:10:43,760 --> 00:10:46,080 So as long as you are, as long as we are supporting 228 00:10:46,080 --> 00:10:49,240 this SQL version, so it's basically SQL Server 229 00:10:49,240 --> 00:10:54,240 12 and higher, so 12, 14, 16, 17 and 19. 230 00:10:55,640 --> 00:10:59,840 We also protect SQL Server that are hosted outside 231 00:10:59,840 --> 00:11:02,600 of Azure, so as I said, on-premise, 232 00:11:02,600 --> 00:11:04,400 but as well any other cloud provider. 233 00:11:04,400 --> 00:11:08,840 So it can be AWS, GCP, IBM, or AcuraLy by the cloud. 234 00:11:08,840 --> 00:11:11,560 We are basically considering these are servers 235 00:11:11,560 --> 00:11:13,680 that are hosted outside of Azure, 236 00:11:13,680 --> 00:11:17,440 and we are of course protecting those flavors of SQL, 237 00:11:17,440 --> 00:11:22,160 those cloud providers, regardless of where they are, 238 00:11:22,160 --> 00:11:25,520 or what is the version, as long as they are hosted 239 00:11:25,520 --> 00:11:28,760 on the Windows operating system, we do protect them. 240 00:11:28,760 --> 00:11:31,160 So last time when we spoke to Michael, 241 00:11:31,160 --> 00:11:34,200 he did mention AWS, and I thought, 242 00:11:34,200 --> 00:11:37,880 perhaps that means we have some special connector to AWS, 243 00:11:37,880 --> 00:11:40,640 like to allow SQL Server to run inside of a VM, 244 00:11:40,640 --> 00:11:42,960 say a Windows Server 2019 VM, 245 00:11:42,960 --> 00:11:47,800 and you just mentioned AWS, GCP, Alibaba Cloud, 246 00:11:47,800 --> 00:11:51,520 IBM's Cloud, Oracle Cloud, so what's actually going on there? 247 00:11:51,520 --> 00:11:53,360 Obviously it's not restricted to just AWS, 248 00:11:53,360 --> 00:11:54,800 and like reading between the lines, 249 00:11:54,800 --> 00:11:56,480 it sounds like we don't have like some funky 250 00:11:56,480 --> 00:11:58,000 connector out to AWS. 251 00:11:59,000 --> 00:12:04,000 So basically for us, we do consider any cloud providers 252 00:12:04,200 --> 00:12:08,040 as a single cloud provider, for us it doesn't matter 253 00:12:08,040 --> 00:12:12,320 where the SQL slash the underlying operating system run. 254 00:12:12,320 --> 00:12:14,320 So as long as you're using Azure Arc, 255 00:12:14,320 --> 00:12:16,720 or as long as you're using an RMS agent, 256 00:12:16,720 --> 00:12:21,720 we are basically able to connect your machine into Azure, 257 00:12:22,960 --> 00:12:25,160 and as long as the machine is connected to Azure, 258 00:12:25,160 --> 00:12:28,960 then we have the ability to proactively 259 00:12:28,960 --> 00:12:31,240 detect misconfigurations and vulnerabilities 260 00:12:31,240 --> 00:12:35,560 using SQL VA, and detect malicious activities 261 00:12:35,560 --> 00:12:37,760 using SQL Advanced Threat Protection. 262 00:12:37,760 --> 00:12:42,760 So are there any port requirements to gather telemetry? 263 00:12:43,360 --> 00:12:46,240 For the RMS agent, it's the port 443 264 00:12:46,240 --> 00:12:50,800 that needs to be open, and for Azure Arc, 265 00:12:50,800 --> 00:12:54,440 so Arc and Archie, so Archie means for a 266 00:12:54,440 --> 00:12:58,360 Azure Arc SQL enabled, so it's the extra piece 267 00:12:58,360 --> 00:13:02,400 of technical implementation that Microsoft built 268 00:13:02,400 --> 00:13:06,480 on top of the Azure Arc agent to detect automatically 269 00:13:06,480 --> 00:13:09,960 the SQL server and connect the SQL server as well 270 00:13:09,960 --> 00:13:13,480 into Azure. 271 00:13:13,480 --> 00:13:15,080 This is something that you need to check 272 00:13:15,080 --> 00:13:17,400 within our documentation, but of course, 273 00:13:17,400 --> 00:13:20,440 this is something that we document. 274 00:13:20,440 --> 00:13:21,600 So a little later in the podcast, 275 00:13:21,600 --> 00:13:25,120 I'm gonna ask a question about sort of vulnerabilities 276 00:13:25,120 --> 00:13:28,520 you look for in configuration of a SQL database. 277 00:13:28,520 --> 00:13:31,040 But before I get there, and I really like your opinion 278 00:13:31,040 --> 00:13:32,800 on this, both from a technical perspective 279 00:13:32,800 --> 00:13:35,000 and that sort of philosophical perspective, 280 00:13:35,000 --> 00:13:37,040 SQL databases are kind of interesting beasts, right? 281 00:13:37,040 --> 00:13:39,640 Because you've got this sort of shell around the database, 282 00:13:39,640 --> 00:13:42,360 which is very, very sort of windows-ish, 283 00:13:42,360 --> 00:13:44,840 like if you're installing this out of a VM. 284 00:13:44,840 --> 00:13:47,440 So for example, I can store it as a service, 285 00:13:47,440 --> 00:13:49,200 it can run as a specific account, 286 00:13:49,200 --> 00:13:52,800 I can change ACLs on objects that are in the file system, 287 00:13:52,800 --> 00:13:54,120 and so on. 288 00:13:54,120 --> 00:13:56,160 And then I've got, say, Azure SQL DB, right? 289 00:13:56,160 --> 00:13:58,360 And so around it, I've got all the Azure stuff, 290 00:13:58,360 --> 00:13:59,840 so I can deploy it with an ARM template, 291 00:13:59,840 --> 00:14:01,840 I can use a little F firewall 292 00:14:01,840 --> 00:14:03,880 and do port restrictions, and so on. 293 00:14:03,880 --> 00:14:05,720 But then when you get inside the database, 294 00:14:05,720 --> 00:14:08,120 you've got all these things that are unique 295 00:14:08,120 --> 00:14:09,960 to SQL databases that require protection, 296 00:14:09,960 --> 00:14:13,160 and they're not exposed to windows directly, 297 00:14:13,160 --> 00:14:16,120 they're not exposed to Azure directly. 298 00:14:16,120 --> 00:14:18,360 So examples, we include things like, you know, 299 00:14:18,360 --> 00:14:21,360 various roles that are unique to SQL databases, 300 00:14:21,360 --> 00:14:24,480 or one, you know, very commonly used 301 00:14:24,480 --> 00:14:26,960 sort of security pattern with SQL databases 302 00:14:26,960 --> 00:14:29,760 is to deny access to underlying tables, 303 00:14:29,760 --> 00:14:32,360 and then grant access, say, through store procedures 304 00:14:32,360 --> 00:14:34,160 or views only. 305 00:14:34,160 --> 00:14:37,000 I mean, this is a very interesting nuance 306 00:14:37,000 --> 00:14:39,960 that exists within SQL databases. 307 00:14:39,960 --> 00:14:41,520 Do you have any thoughts about, you know, 308 00:14:41,520 --> 00:14:44,720 what sort of stresses or difficulties 309 00:14:44,720 --> 00:14:46,800 or potential complexities that might bring 310 00:14:46,800 --> 00:14:50,280 to someone administering and protecting these databases? 311 00:14:50,280 --> 00:14:54,680 Absolutely, so you're raising actually a good concern, 312 00:14:54,680 --> 00:14:58,920 or I say you're raising a good matter that applies only, 313 00:14:58,920 --> 00:15:01,920 or should I say, actually exclusively to SQL, 314 00:15:01,920 --> 00:15:05,800 maybe you have this within some other OSS databases. 315 00:15:05,800 --> 00:15:09,280 But in fact, within SQL, I think Microsoft made something 316 00:15:09,280 --> 00:15:12,840 that nobody made over the last few decades, 317 00:15:12,840 --> 00:15:17,360 which is taking an on-prem relational databases 318 00:15:17,360 --> 00:15:21,760 and try to lift and shift the database itself 319 00:15:21,760 --> 00:15:23,800 to be a pass application. 320 00:15:23,800 --> 00:15:28,120 So what you have here is kind of inception, you know, 321 00:15:28,120 --> 00:15:30,520 like the movie where you have dreams into dreams, 322 00:15:30,520 --> 00:15:31,720 and here it's the same thing. 323 00:15:31,720 --> 00:15:34,520 You have this resource within a resource. 324 00:15:34,520 --> 00:15:37,840 So you have, as you said, you have this SQL database 325 00:15:37,840 --> 00:15:39,600 that sits inside a SQL server, 326 00:15:39,600 --> 00:15:42,000 that sits inside a virtual machine, 327 00:15:42,000 --> 00:15:43,640 that sits inside the cloud, 328 00:15:44,720 --> 00:15:48,280 which is very, very complex to manage 329 00:15:48,280 --> 00:15:50,320 because you have multiple personas, as you said. 330 00:15:50,320 --> 00:15:52,960 You have the security administrator 331 00:15:52,960 --> 00:15:57,960 that is here to apply and to configure policies 332 00:15:57,960 --> 00:16:01,520 and security policies around for the organization. 333 00:16:01,520 --> 00:16:05,200 You have the IT guide that in charge of managing 334 00:16:05,200 --> 00:16:07,760 the virtual physical server, 335 00:16:07,760 --> 00:16:10,280 and then you have the application owner 336 00:16:10,280 --> 00:16:13,480 who is in charge of ensuring that the data is here 337 00:16:13,480 --> 00:16:17,760 and available and accessible and reliable. 338 00:16:17,760 --> 00:16:19,560 And then you also have the DBA 339 00:16:19,560 --> 00:16:23,320 that is in charge of ensuring that the SQL answers at scale 340 00:16:23,320 --> 00:16:26,760 and is reliable in terms of infrastructure, 341 00:16:26,760 --> 00:16:29,080 not the data itself. 342 00:16:29,080 --> 00:16:32,720 So you have all these people that are actually dealing, 343 00:16:32,720 --> 00:16:35,040 I mean, you dealing with all these people 344 00:16:35,040 --> 00:16:37,480 to secure the database because database, 345 00:16:37,480 --> 00:16:40,640 it's not secured like, okay, just hit next, 346 00:16:40,640 --> 00:16:44,000 and you configured and you secured. 347 00:16:44,000 --> 00:16:46,080 You need to understand what is going to be the business 348 00:16:46,080 --> 00:16:47,880 impact when you change a configuration. 349 00:16:47,880 --> 00:16:51,040 You need to understand what's the security impact 350 00:16:51,040 --> 00:16:54,240 if you do not change a specific configuration. 351 00:16:54,240 --> 00:16:56,800 You also need to take into consideration 352 00:16:56,800 --> 00:16:59,640 that all of these guys, all of these personas 353 00:16:59,640 --> 00:17:02,720 within the organization are not talking the same language, 354 00:17:02,720 --> 00:17:04,600 they're not using the same tools. 355 00:17:04,600 --> 00:17:07,800 They don't know the same products. 356 00:17:07,800 --> 00:17:10,120 They don't have the same agenda. 357 00:17:10,120 --> 00:17:13,760 So basically it's a world with a lot of frictions. 358 00:17:13,760 --> 00:17:15,920 And I think even from a product perspective, 359 00:17:15,920 --> 00:17:18,320 it's something that drives us a little bit crazy. 360 00:17:18,320 --> 00:17:21,920 I think it's a real challenge from a product point of view, 361 00:17:21,920 --> 00:17:25,680 how you put all these people into the same room, 362 00:17:25,680 --> 00:17:28,880 collaborating together on improving security, 363 00:17:28,880 --> 00:17:31,240 posture related to SQL, 364 00:17:31,240 --> 00:17:35,200 without forcing them to do something they don't want, 365 00:17:35,200 --> 00:17:37,080 they don't understand, they don't like, 366 00:17:37,080 --> 00:17:38,640 it's not part of their duties, 367 00:17:38,640 --> 00:17:42,440 it's not part of their day-to-day journey. 368 00:17:42,440 --> 00:17:46,520 It's something that is interesting to explore. 369 00:17:46,520 --> 00:17:49,760 And even when we talk with customers, 370 00:17:49,760 --> 00:17:52,800 every customer has its own view about it. 371 00:17:52,800 --> 00:17:54,400 You will have customers that will say, 372 00:17:54,400 --> 00:17:56,960 okay, I have a bunch of DBAs 373 00:17:56,960 --> 00:17:59,960 that are managing my on-prem databases, 374 00:17:59,960 --> 00:18:04,080 while I basically move to a more agile model, 375 00:18:04,080 --> 00:18:07,560 like I have resource owners and application owners 376 00:18:07,560 --> 00:18:11,720 that are managing my pass applications and pass resources. 377 00:18:11,720 --> 00:18:15,120 So you have people that are managing storage account 378 00:18:15,120 --> 00:18:17,360 and Cosmos DB and virtual machine, 379 00:18:17,360 --> 00:18:20,040 and SQL on pass and on IaaS 380 00:18:20,040 --> 00:18:22,640 that are dealing with the same product, 381 00:18:22,640 --> 00:18:25,720 the DBAs that are working for years and years 382 00:18:25,720 --> 00:18:28,320 on the same SQL server, 383 00:18:28,320 --> 00:18:32,840 just upgrading three or five years after three or five years 384 00:18:32,840 --> 00:18:34,800 to the next version. 385 00:18:34,800 --> 00:18:38,000 And these people are not, as I said, talking the same language. 386 00:18:38,000 --> 00:18:41,000 So I think that these are the biggest challenges 387 00:18:41,000 --> 00:18:42,760 we are dealing with. 388 00:18:42,760 --> 00:18:45,720 It's an interesting one because at the end, 389 00:18:45,720 --> 00:18:48,720 I think customers have the same goal, 390 00:18:48,720 --> 00:18:52,000 like help me to secure my SQL server, 391 00:18:52,000 --> 00:18:55,200 help me to avoid receiving thousands, 392 00:18:55,200 --> 00:18:57,240 if not more alerts a day, 393 00:18:57,240 --> 00:19:00,160 help me to ensure that my sensitive data 394 00:19:00,160 --> 00:19:01,960 hosted on my SQL, 395 00:19:01,960 --> 00:19:05,120 because we all know that SQL stores sensitive data. 396 00:19:05,120 --> 00:19:08,680 You don't have a SQL server if you want to store pictures. 397 00:19:08,680 --> 00:19:11,640 You have SQL servers because you host 398 00:19:11,640 --> 00:19:13,680 information related to your customers, 399 00:19:13,680 --> 00:19:16,360 information related to your personal IP, 400 00:19:16,360 --> 00:19:19,760 information that helps your application, 401 00:19:19,760 --> 00:19:23,440 that is your money maker to help and serve your customers. 402 00:19:23,440 --> 00:19:27,760 So SQL is probably one of the most important pillars 403 00:19:27,760 --> 00:19:30,000 within organizations today. 404 00:19:30,000 --> 00:19:32,000 And I think that's a real challenge. 405 00:19:32,000 --> 00:19:34,880 How we help them to be secure 406 00:19:34,880 --> 00:19:38,920 without forcing them to do something they don't understand. 407 00:19:38,920 --> 00:19:44,920 This complexity must lead to interesting compliance issues. 408 00:19:44,920 --> 00:19:48,120 How are we helping customers to balance 409 00:19:48,120 --> 00:19:50,960 security and compliance? 410 00:19:50,960 --> 00:19:53,200 I think security and compliance, 411 00:19:53,200 --> 00:19:56,120 I used to say that security and compliance used to, 412 00:19:56,120 --> 00:20:00,040 I mean, should work in a better together mindset. 413 00:20:00,040 --> 00:20:02,360 So if you talk with security guys, 414 00:20:02,360 --> 00:20:04,680 they will tell you that they should lead security 415 00:20:04,680 --> 00:20:06,960 and security should lead compliance. 416 00:20:06,960 --> 00:20:10,360 If you talk to compliance guy, they will tell you the opposite. 417 00:20:10,360 --> 00:20:12,880 Like compliance should lead security. 418 00:20:12,880 --> 00:20:18,080 If you talk to people that are dealing with FedRAM, CIS, GDPR, 419 00:20:18,080 --> 00:20:21,640 or any other benchmark that we have today in the market, 420 00:20:21,640 --> 00:20:24,480 and God knows how benchmarks we have, 421 00:20:24,480 --> 00:20:26,480 and every week or every month, 422 00:20:26,480 --> 00:20:29,400 we have new benchmarks popping around the world 423 00:20:29,400 --> 00:20:32,480 that telling you, hey, now you need to deal one to three, 424 00:20:32,480 --> 00:20:37,040 or you need to act like one to three in case of data breaches, 425 00:20:37,040 --> 00:20:40,160 or security auditors, et cetera, et cetera. 426 00:20:40,160 --> 00:20:46,160 So that's something that SQL VA tries to connect. 427 00:20:46,160 --> 00:20:51,360 So if you look in SQL VA, when we have rules or findings, 428 00:20:51,360 --> 00:20:55,360 we are trying to tell to our customers and users 429 00:20:55,360 --> 00:20:59,360 what is the associated benchmark to that rule. 430 00:20:59,360 --> 00:21:04,920 So in case they have auditors coming from FedRAM or CIS, 431 00:21:04,920 --> 00:21:08,360 they can generate reports, or they can tell, hey, you know what? 432 00:21:08,360 --> 00:21:10,320 These are all the rules that I passed 433 00:21:10,320 --> 00:21:14,160 that are related to FedRAM or CIS, or even STIG, 434 00:21:14,160 --> 00:21:16,480 which is the DOD benchmark that is being used 435 00:21:16,480 --> 00:21:19,360 across all the US governments. 436 00:21:19,360 --> 00:21:22,520 So, yeah, I mean, if I'm summarizing, I think, 437 00:21:22,520 --> 00:21:25,520 security and compliance should help each other, 438 00:21:25,520 --> 00:21:29,000 but I'm sure, Michael, you have all the thought about it, 439 00:21:29,000 --> 00:21:33,960 but it's a very complex question that is, 440 00:21:33,960 --> 00:21:36,680 and again, similar to what we said about the challenges 441 00:21:36,680 --> 00:21:39,040 around securing SQL databases. 442 00:21:39,040 --> 00:21:44,640 Every organization has its own opinion and its own process 443 00:21:44,640 --> 00:21:48,880 about who is leading, is it security, is it compliance, 444 00:21:48,880 --> 00:21:50,720 is it a better together? 445 00:21:50,720 --> 00:21:54,360 So it really depends on the organizations 446 00:21:54,360 --> 00:21:55,800 we are working with. 447 00:21:55,800 --> 00:21:57,480 Yeah, I do have a couple of comments 448 00:21:57,480 --> 00:21:59,880 about security and compliance. 449 00:21:59,880 --> 00:22:03,480 I want to point out, security does not equal compliance, 450 00:22:03,480 --> 00:22:04,960 and compliance does not equal security. 451 00:22:04,960 --> 00:22:07,480 And like you say, they can work hand in hand, 452 00:22:07,480 --> 00:22:09,640 and they should work hand in hand. 453 00:22:09,640 --> 00:22:14,560 But historically, I've found that customers recognize 454 00:22:14,560 --> 00:22:16,960 that they have to meet compliance requirements. 455 00:22:16,960 --> 00:22:19,800 Say, for example, PCI DSS for handling credit cards, 456 00:22:19,800 --> 00:22:23,440 or HIPAA high trust for health care, FedRAM for federal customers, 457 00:22:23,440 --> 00:22:27,400 GDPR for European customers, SOC2, all these, 458 00:22:27,400 --> 00:22:29,000 all this alphabet soup. 459 00:22:29,000 --> 00:22:30,480 So they know they need to be compliant, 460 00:22:30,480 --> 00:22:33,960 and they need to be compliant with these various programs. 461 00:22:33,960 --> 00:22:36,000 One thing that we've done that's actually worked really, 462 00:22:36,000 --> 00:22:38,600 really well is when we're building threat models 463 00:22:38,600 --> 00:22:40,800 for customers, so they're taking an application, 464 00:22:40,800 --> 00:22:42,840 and they want to understand what their security posture is 465 00:22:42,840 --> 00:22:44,480 so we can build a threat model. 466 00:22:44,480 --> 00:22:45,640 I mean, it's obviously looking at things 467 00:22:45,640 --> 00:22:48,640 from an application development and design perspective. 468 00:22:48,640 --> 00:22:51,240 But one thing we've done is actually mapped the mitigations 469 00:22:51,240 --> 00:22:53,960 that are in the threat model onto compliance programs. 470 00:22:53,960 --> 00:22:55,400 And that's actually worked really, really well. 471 00:22:55,400 --> 00:22:57,160 It kind of ends up being a rosetta stone 472 00:22:57,160 --> 00:22:59,720 between the compliance folks, the architecture folks, 473 00:22:59,720 --> 00:23:01,360 and the security folks. 474 00:23:01,360 --> 00:23:03,360 And so that works really well. 475 00:23:03,360 --> 00:23:06,240 The only last little thought I'll leave 476 00:23:06,240 --> 00:23:09,400 is we've actually managed, this sounds a bit cynical, 477 00:23:09,400 --> 00:23:11,120 but it is what it is. 478 00:23:11,120 --> 00:23:14,120 We've actually managed to unlock funds for customers 479 00:23:14,120 --> 00:23:19,480 to drive security programs by using compliance programs 480 00:23:19,480 --> 00:23:22,520 to help drive some of that security work. 481 00:23:22,520 --> 00:23:23,960 And again, we found threat modeling 482 00:23:23,960 --> 00:23:27,720 has a really good way of mapping between those various disciplines. 483 00:23:27,720 --> 00:23:29,920 So yeah, I think compliance is obviously critical. 484 00:23:29,920 --> 00:23:31,160 We do a great job of it, I think, 485 00:23:31,160 --> 00:23:33,200 and as you're in terms of being able to show people 486 00:23:33,200 --> 00:23:35,600 their security posture through Azure Security Center 487 00:23:35,600 --> 00:23:38,280 as it maps to various compliance programs. 488 00:23:38,280 --> 00:23:40,240 And I think anything that goes through ASC 489 00:23:40,240 --> 00:23:42,360 is always a good starting point. 490 00:23:42,360 --> 00:23:46,360 I wanted to add a comment about what you mentioned 491 00:23:46,360 --> 00:23:50,960 of security not equal to compliance or vice versa. 492 00:23:50,960 --> 00:23:55,360 Unfortunately, lately, technology is moving so fast 493 00:23:55,360 --> 00:23:59,080 that actually not even compliance or governance 494 00:23:59,080 --> 00:24:01,360 is keeping up with the technology. 495 00:24:01,360 --> 00:24:05,240 And that is adding some interesting challenges 496 00:24:05,240 --> 00:24:08,360 to many customers because they're implementing 497 00:24:08,360 --> 00:24:12,520 all this technology, but the process, the procedures, 498 00:24:12,520 --> 00:24:15,000 the compliance document talk nothing 499 00:24:15,000 --> 00:24:17,880 about these new services. 500 00:24:17,880 --> 00:24:23,360 And unfortunately, it's becoming really a pro block 501 00:24:23,360 --> 00:24:27,000 for implementation and use of this technology. 502 00:24:27,000 --> 00:24:32,600 So I wanted to ensure that a customer understand 503 00:24:32,600 --> 00:24:37,400 they need to update this documentation in order 504 00:24:37,400 --> 00:24:44,000 to take full value or full use of their investments. 505 00:24:44,000 --> 00:24:44,760 Yeah, absolutely. 506 00:24:44,760 --> 00:24:46,840 I think what you just said, folks, 507 00:24:46,840 --> 00:24:48,280 it's absolutely correct. 508 00:24:48,280 --> 00:24:50,040 I think we need to... 509 00:24:50,040 --> 00:24:54,400 It's an interesting time because we are living a cloud world 510 00:24:54,400 --> 00:24:57,600 for the last 10, even 15 years, but we have customers 511 00:24:57,600 --> 00:25:01,440 that have started this journey of moving to the cloud 512 00:25:01,440 --> 00:25:03,800 and implementing, as you said, Gladys, 513 00:25:03,800 --> 00:25:08,240 some new technology processes and applications. 514 00:25:08,240 --> 00:25:10,960 And I think that security and compliance 515 00:25:10,960 --> 00:25:15,960 need to be associated, but not only associated. 516 00:25:15,960 --> 00:25:17,960 They need to be well-understand and digested. 517 00:25:17,960 --> 00:25:22,720 So they understand what are the common points 518 00:25:22,720 --> 00:25:26,760 and what are the differences that they must take care of. 519 00:25:26,760 --> 00:25:30,520 Something I wanted also to double check and pay 520 00:25:30,520 --> 00:25:32,840 a little bit more attention is something 521 00:25:32,840 --> 00:25:35,720 that I mentioned in the beginning of this podcast, 522 00:25:35,720 --> 00:25:39,440 which is the CSPM within Azure Security Center, 523 00:25:39,440 --> 00:25:42,920 so for cloud security posture management. 524 00:25:42,920 --> 00:25:44,760 It's great that we're talking about compliance 525 00:25:44,760 --> 00:25:48,200 because compliance is also something that is part of CSPM, 526 00:25:48,200 --> 00:25:49,960 Cloud Security Posture Management, 527 00:25:49,960 --> 00:25:52,000 within Azure Security Center. 528 00:25:52,000 --> 00:25:55,480 And this is something also customers are integrating 529 00:25:55,480 --> 00:25:57,400 part of their posture management. 530 00:25:57,400 --> 00:26:00,880 As I said, all the secure score, 531 00:26:00,880 --> 00:26:03,960 all the recommendations that are sold by controls 532 00:26:03,960 --> 00:26:06,160 within Azure Security Center, 533 00:26:06,160 --> 00:26:10,440 how we can help customers to understand how secure 534 00:26:10,440 --> 00:26:14,200 they are against Microsoft's best practices 535 00:26:14,200 --> 00:26:16,360 within Azure, but also outside Azure. 536 00:26:16,360 --> 00:26:20,080 We talked also, Michael, about this multi-cloud approach 537 00:26:20,080 --> 00:26:23,560 that Microsoft is, and more specifically within Azure 538 00:26:23,560 --> 00:26:26,200 that we are going through. 539 00:26:26,200 --> 00:26:28,600 Having the ability to help our customers 540 00:26:28,600 --> 00:26:31,120 not only to protect their Azure resources 541 00:26:31,120 --> 00:26:34,480 or to improve their security posture within Azure, 542 00:26:34,480 --> 00:26:37,240 but how we can also help them to improve 543 00:26:37,240 --> 00:26:40,240 their security posture and not only for SQL, 544 00:26:40,240 --> 00:26:43,440 not only for Azure, but everywhere. 545 00:26:43,440 --> 00:26:46,640 Customers and organizations more and more 546 00:26:46,640 --> 00:26:50,920 have a multi-cloud approach and CSPM specifically 547 00:26:50,920 --> 00:26:54,040 within ASC tries to help customers 548 00:26:54,040 --> 00:26:56,440 to get into a single go-to location, 549 00:26:56,440 --> 00:26:59,480 which is Azure Security Center, 550 00:26:59,480 --> 00:27:04,480 and control a visibility on how secure your resources 551 00:27:05,000 --> 00:27:09,480 and applications are across your organization, 552 00:27:09,480 --> 00:27:13,800 regardless of where those applications and resources sit. 553 00:27:13,800 --> 00:27:18,160 So one of the advantages of Microsoft services 554 00:27:18,160 --> 00:27:23,160 is the interconnectivity that it provides between services. 555 00:27:23,440 --> 00:27:28,360 This enables the customer to have wide amount of signals 556 00:27:28,360 --> 00:27:32,800 from both Microsoft services and third-party services. 557 00:27:32,800 --> 00:27:34,760 So what is the type of information 558 00:27:34,760 --> 00:27:37,840 that you're feeding into Azure Security Center? 559 00:27:37,840 --> 00:27:41,200 So in fact, what we are basically sending 560 00:27:41,200 --> 00:27:43,600 slash feeding into Azure Security Center 561 00:27:43,600 --> 00:27:46,080 from a SQL VA perspective. 562 00:27:46,080 --> 00:27:49,800 So we basically have two recommendations 563 00:27:49,800 --> 00:27:54,320 within the CSPM area, allowing customers 564 00:27:54,320 --> 00:27:59,320 to see all the misconfigurations and vulnerabilities 565 00:27:59,880 --> 00:28:01,800 are across their SQL. 566 00:28:01,800 --> 00:28:04,400 So this is a question that I alluded to earlier 567 00:28:04,400 --> 00:28:06,240 in the podcast. 568 00:28:06,240 --> 00:28:08,560 So what kinds of things does 569 00:28:08,560 --> 00:28:11,400 SQL vulnerability assessment actually look for? 570 00:28:11,400 --> 00:28:14,960 I would say that we are of course focusing on security. 571 00:28:14,960 --> 00:28:16,720 So if you have misconfiguration 572 00:28:16,720 --> 00:28:20,160 and I can think about the most famous one, 573 00:28:20,160 --> 00:28:24,000 which is the SA, the default login that's being generated 574 00:28:24,000 --> 00:28:27,520 when you deploy a new SQL server. 575 00:28:27,520 --> 00:28:30,400 This is something that is being well-known 576 00:28:30,400 --> 00:28:33,840 and used by malicious users and attackers, 577 00:28:33,840 --> 00:28:37,760 and I'm sure Michael doing the previous podcast spend 578 00:28:37,760 --> 00:28:39,040 times talking about it. 579 00:28:39,040 --> 00:28:44,040 This is what we see mainly on different attacks 580 00:28:44,320 --> 00:28:48,160 and patterns being used by attackers across SQL. 581 00:28:48,160 --> 00:28:52,080 Basically, the technique is super simple. 582 00:28:52,080 --> 00:28:54,640 Customers are basically deploying SQL server. 583 00:28:54,640 --> 00:28:59,640 By default, they have this SA user that is being enabled. 584 00:29:00,080 --> 00:29:02,760 Basically, they have to set up a password 585 00:29:02,760 --> 00:29:05,160 to this default user. 586 00:29:05,160 --> 00:29:07,440 They are usually taking a weak passport, 587 00:29:07,440 --> 00:29:12,440 like passport with capital P, W, O, and capital D, 588 00:29:13,200 --> 00:29:16,720 some basic password like this. 589 00:29:16,720 --> 00:29:19,000 And malicious users are basically 590 00:29:19,000 --> 00:29:20,200 boot-forcing this SA. 591 00:29:20,200 --> 00:29:22,160 So this is the first misconfiguration 592 00:29:22,160 --> 00:29:24,080 of the vulnerability that we are looking for. 593 00:29:24,080 --> 00:29:26,960 We're also checking if XPEComancial is enabled. 594 00:29:26,960 --> 00:29:30,840 So for those who are not familiar with XPEComancial, 595 00:29:30,840 --> 00:29:34,600 is a capability within SQL, SQL server, 596 00:29:34,600 --> 00:29:38,480 allowing DBAs or users within the SQL engine 597 00:29:38,480 --> 00:29:42,840 with enough permission to run a DOS script. 598 00:29:42,840 --> 00:29:45,800 So script on the underlying operating system. 599 00:29:45,800 --> 00:29:50,640 So you can think about how powerful this capability is 600 00:29:50,640 --> 00:29:54,000 if it falls into a malicious user. 601 00:29:54,000 --> 00:29:57,920 So you can connect and run a remote script 602 00:29:57,920 --> 00:29:59,560 from the internet. 603 00:29:59,560 --> 00:30:01,920 You can deploy CryptoMiner. 604 00:30:01,920 --> 00:30:03,760 You can deploy Run Somewhere 605 00:30:03,760 --> 00:30:06,240 on the underlying operating system. 606 00:30:06,240 --> 00:30:07,080 And this is something, 607 00:30:07,080 --> 00:30:09,960 and these are not theoretical examples. 608 00:30:09,960 --> 00:30:13,680 These are real examples we are seeing every day, 609 00:30:13,680 --> 00:30:18,680 unfortunately, with customers and not only small customers. 610 00:30:18,720 --> 00:30:20,400 I think on the internet, 611 00:30:20,400 --> 00:30:22,760 you have news popping every day 612 00:30:22,760 --> 00:30:27,520 talking about cyber attacks on big organizations, 613 00:30:27,520 --> 00:30:29,960 worldwide organizations that are, 614 00:30:29,960 --> 00:30:33,880 their SQL, their storage account has been compromised 615 00:30:33,880 --> 00:30:36,200 and data has been extracted 616 00:30:36,200 --> 00:30:38,040 and sensitive data has been leaked 617 00:30:38,040 --> 00:30:40,000 and exposed to the dark web. 618 00:30:40,000 --> 00:30:42,080 So these are the famous one. 619 00:30:42,080 --> 00:30:46,680 We also have the ability to check for updates, for example. 620 00:30:46,680 --> 00:30:49,280 If we see that there is some CU 621 00:30:49,280 --> 00:30:53,040 for cumulative updates on your SQL that been released 622 00:30:53,040 --> 00:30:54,640 and you didn't install them, 623 00:30:54,640 --> 00:30:57,160 then we have the ability to automatically highlight you 624 00:30:57,160 --> 00:31:01,640 all the SQL servers that you must install the latest update. 625 00:31:01,640 --> 00:31:03,640 And of course, SAX decommensual, 626 00:31:03,640 --> 00:31:06,720 we have the ability to highlight or to surf us 627 00:31:06,720 --> 00:31:11,720 all the misconfigured SQL in a single recommendation. 628 00:31:11,720 --> 00:31:14,440 I think that was your previous question 629 00:31:14,440 --> 00:31:16,160 what we actually feed into AC. 630 00:31:16,160 --> 00:31:19,040 It's not only those misconfiguration, 631 00:31:19,040 --> 00:31:23,520 it's also the ability to aggregate the configuration 632 00:31:23,520 --> 00:31:26,360 of any SQL server you have 633 00:31:26,360 --> 00:31:28,760 or customers have within the organization 634 00:31:28,760 --> 00:31:30,840 and their environments. 635 00:31:30,840 --> 00:31:34,040 Again, regardless of where the SQL server run, 636 00:31:34,040 --> 00:31:37,240 we have the ability to aggregate all the misconfigurations 637 00:31:37,240 --> 00:31:39,200 into a single recommendation, 638 00:31:40,120 --> 00:31:42,480 giving the ability to security owners 639 00:31:42,480 --> 00:31:47,000 and security administrator to prioritize their SQL 640 00:31:47,000 --> 00:31:49,800 according to the criticality of the SQL. 641 00:31:49,800 --> 00:31:53,760 If you have SQL that are in production 642 00:31:53,760 --> 00:31:55,880 that are a customer facing, 643 00:31:55,880 --> 00:31:59,000 you can very quickly search for that SQL 644 00:31:59,000 --> 00:32:02,120 into the recommendation and check what's the configuration 645 00:32:02,120 --> 00:32:04,200 or should I say, what are the misconfigurations 646 00:32:04,200 --> 00:32:05,840 on that SQL? 647 00:32:05,840 --> 00:32:08,040 If we found that there are too many users 648 00:32:08,040 --> 00:32:11,480 that have excessive privileges on the database, 649 00:32:11,480 --> 00:32:13,480 we can highlight to those users and ask you, 650 00:32:13,480 --> 00:32:15,720 hey, do you know those users? 651 00:32:15,720 --> 00:32:18,920 And our customers can say, yes, all these users, 652 00:32:18,920 --> 00:32:22,280 we know them so they can set up what we call the baseline 653 00:32:22,280 --> 00:32:25,160 on these users allowing SQL V8 to say, 654 00:32:25,160 --> 00:32:28,560 okay, as long as this list doesn't change, 655 00:32:28,560 --> 00:32:31,160 for me, everything is going well. 656 00:32:31,160 --> 00:32:35,520 When a new user with excessive privileges 657 00:32:35,520 --> 00:32:38,800 will be created within that database, 658 00:32:38,800 --> 00:32:41,400 I will automatically highlight that change 659 00:32:41,400 --> 00:32:44,720 into this ASC recommendation, 660 00:32:44,720 --> 00:32:48,520 allowing the security administrator 661 00:32:48,520 --> 00:32:53,080 to automatically understand that there is a change 662 00:32:53,080 --> 00:32:57,000 on a specific database and pay attention to that change 663 00:32:57,000 --> 00:32:59,880 and mitigate or at least say, okay, 664 00:32:59,880 --> 00:33:01,960 this is a valid user, 665 00:33:01,960 --> 00:33:05,400 just add this user to my existing baseline. 666 00:33:05,400 --> 00:33:08,800 So I think these are the things 667 00:33:08,800 --> 00:33:12,520 or this is how SQL V8 works and search for. 668 00:33:12,520 --> 00:33:16,160 Important to mention that we are always adding new rules. 669 00:33:16,160 --> 00:33:18,680 We are always improving existing rules. 670 00:33:18,680 --> 00:33:22,040 We have different rules for different flavors of SQL. 671 00:33:22,040 --> 00:33:24,800 So of course, if you're running an Azure SQL database, 672 00:33:24,800 --> 00:33:27,360 we are not going to check if XPEC Commentshell is enabled 673 00:33:27,360 --> 00:33:30,280 because this is not supported in Azure SQL DB. 674 00:33:30,280 --> 00:33:31,800 If you're using a SQL server, 675 00:33:31,800 --> 00:33:33,560 we are going to check some rules 676 00:33:33,560 --> 00:33:37,400 that are not supported on the Azure SQL database. 677 00:33:37,400 --> 00:33:39,880 If you're running a SQL managed instance, 678 00:33:39,880 --> 00:33:41,720 we have a set of rules that apply 679 00:33:41,720 --> 00:33:44,320 to each of these flavors of SQL. 680 00:33:44,320 --> 00:33:48,240 So it's a tool that is not generically built for SQL, 681 00:33:48,240 --> 00:33:51,400 but we tailor made it for every flavor of SQL 682 00:33:51,400 --> 00:33:55,520 to ensure that we are covering any potential misconfiguration 683 00:33:55,520 --> 00:34:00,240 on any flavor of SQL currently being supported by Microsoft. 684 00:34:00,240 --> 00:34:01,440 Actually, you beat me to the punch there. 685 00:34:01,440 --> 00:34:04,920 I was going to point out that XPEC Commentshell 686 00:34:04,920 --> 00:34:08,360 is not available on the Azure SQL DB. 687 00:34:08,360 --> 00:34:11,400 You don't have access to the underlying operating system. 688 00:34:11,400 --> 00:34:13,320 And also even on-prem, 689 00:34:13,320 --> 00:34:15,480 XPEC Commentshell is disabled by default, 690 00:34:15,480 --> 00:34:18,440 but certainly customers do enable it. 691 00:34:18,440 --> 00:34:20,880 That's the case and I think people need to understand 692 00:34:20,880 --> 00:34:21,720 the risks. 693 00:34:21,720 --> 00:34:23,520 I mean, it's a great deal of functionality, 694 00:34:23,520 --> 00:34:26,160 but with that increased functionality 695 00:34:26,160 --> 00:34:29,320 comes a great deal of responsibility as well. 696 00:34:29,320 --> 00:34:30,160 Absolutely. 697 00:34:30,160 --> 00:34:32,720 I think it's important also to explain that, 698 00:34:32,720 --> 00:34:35,200 as you said, not all the misconfigurations 699 00:34:35,200 --> 00:34:36,760 are enabled by default. 700 00:34:36,760 --> 00:34:39,080 Microsoft does not provide you SQL 701 00:34:39,080 --> 00:34:40,560 that is not well configured, 702 00:34:40,560 --> 00:34:44,160 but I think we are basically giving you this 703 00:34:44,160 --> 00:34:46,800 out of the box SQL server. 704 00:34:46,800 --> 00:34:48,360 While we know that security, 705 00:34:48,360 --> 00:34:50,640 and I think this is something that we are always 706 00:34:50,640 --> 00:34:53,280 saying for the last five years is that security, 707 00:34:53,280 --> 00:34:55,920 it's a shared responsibility between 708 00:34:55,920 --> 00:34:59,360 software provider or cloud provider in our case 709 00:34:59,360 --> 00:35:01,760 and the end user. 710 00:35:01,760 --> 00:35:05,520 A lot of organization that deployed Azure Defender 711 00:35:05,520 --> 00:35:07,360 for SQL came to us and say, 712 00:35:07,360 --> 00:35:09,440 hey, I deployed Azure Defender for SQL. 713 00:35:09,440 --> 00:35:11,680 Why I'm still receiving alerts? 714 00:35:11,680 --> 00:35:13,880 They thought that deploying Azure Defender for SQL 715 00:35:13,880 --> 00:35:15,480 is this kind of, you know, 716 00:35:15,480 --> 00:35:19,800 antivirus or firewall that stops everything like Superman. 717 00:35:19,800 --> 00:35:21,960 And it's important to understand that at the end, 718 00:35:21,960 --> 00:35:24,640 Azure Defender for SQL is a powerful tool, 719 00:35:24,640 --> 00:35:25,640 but it's still a tool. 720 00:35:25,640 --> 00:35:27,920 It's not a real human. 721 00:35:27,920 --> 00:35:30,360 It's going to change your configuration 722 00:35:30,360 --> 00:35:33,840 because at the end, only the organization 723 00:35:33,840 --> 00:35:37,240 are the only one who knows why exactly 724 00:35:37,240 --> 00:35:40,680 they need to change this because it's not going to hurt 725 00:35:40,680 --> 00:35:44,320 their application, their business, their processes. 726 00:35:44,320 --> 00:35:48,800 And we are here to highlight those misconfigurations, 727 00:35:48,800 --> 00:35:52,040 but probably we, I mean, we have organizations 728 00:35:52,040 --> 00:35:53,640 that enable the expect commensurate 729 00:35:53,640 --> 00:35:57,360 because their applications that run on top of SQL 730 00:35:57,360 --> 00:35:59,640 requires that capability. 731 00:35:59,640 --> 00:36:03,520 So they basically came to SQL VA and apply the baseline 732 00:36:03,520 --> 00:36:06,640 on expect commensurate for some of their databases, 733 00:36:06,640 --> 00:36:10,040 saying, as long as expect commensurate is still enabled, 734 00:36:10,040 --> 00:36:12,800 hey, you know what, consider it as acceptable 735 00:36:12,800 --> 00:36:16,520 for my organization, but it's only on some specific 736 00:36:16,520 --> 00:36:19,640 databases, you will never see organizations 737 00:36:19,640 --> 00:36:21,800 that deploy or enable expect commensurate 738 00:36:21,800 --> 00:36:24,680 on all of their environments that are usually deploying 739 00:36:24,680 --> 00:36:28,360 or enabling expect commensurate on few databases 740 00:36:28,360 --> 00:36:30,160 within their organization. 741 00:36:30,160 --> 00:36:33,560 And this is where SQL VA becomes super important 742 00:36:33,560 --> 00:36:35,840 because we have the ability to tell you, 743 00:36:35,840 --> 00:36:39,000 hey, you know what, we found all this expect commensurate. 744 00:36:39,000 --> 00:36:43,240 You tell me that on database number one, two, three, 745 00:36:43,240 --> 00:36:44,760 this is the expected behavior, 746 00:36:44,760 --> 00:36:47,920 but you know what, I found 100 databases 747 00:36:47,920 --> 00:36:51,640 that somebody deploy or enable the essay 748 00:36:51,640 --> 00:36:54,320 or the extra commensurate or did not install 749 00:36:54,320 --> 00:36:55,520 the latest here. 750 00:36:55,520 --> 00:36:58,040 So you should pay attention to this potential 751 00:36:58,040 --> 00:36:59,760 misconfigurations of vulnerability 752 00:36:59,760 --> 00:37:02,840 before someone malicious user or attackers 753 00:37:02,840 --> 00:37:05,320 will use that vulnerability against you. 754 00:37:05,320 --> 00:37:06,640 This is an important point. 755 00:37:06,640 --> 00:37:08,640 I could have say a hundred SQL databases 756 00:37:08,640 --> 00:37:10,760 and I could just say, hey, that one database over there 757 00:37:10,760 --> 00:37:12,520 requires XP underscore command shell. 758 00:37:12,520 --> 00:37:13,720 It just does. 759 00:37:13,720 --> 00:37:16,440 So don't keep warning me about that one database. 760 00:37:16,440 --> 00:37:18,960 But if it pops up in any of the other 99 databases, 761 00:37:18,960 --> 00:37:20,600 I want to know. 762 00:37:20,600 --> 00:37:22,720 So that's essentially what you just said. 763 00:37:22,720 --> 00:37:24,000 Is that a fair point? 764 00:37:24,000 --> 00:37:25,040 Yes, absolutely. 765 00:37:25,040 --> 00:37:27,520 So we have the ability within SQL 766 00:37:27,520 --> 00:37:31,840 and a bloody assessment to make what we call a baseline tool. 767 00:37:31,840 --> 00:37:34,320 So we allow customers to set the baseline, 768 00:37:34,320 --> 00:37:37,680 which means basically as long as this finding result 769 00:37:37,680 --> 00:37:40,760 does not change, consider it as a healthy finding, 770 00:37:40,760 --> 00:37:42,520 as a healthy configuration. 771 00:37:42,520 --> 00:37:46,960 Regardless of what you Microsoft think best practices should be, 772 00:37:46,960 --> 00:37:49,400 just don't bother me too much about it. 773 00:37:49,400 --> 00:37:53,200 On this specific database, this specific finding is healthy. 774 00:37:53,200 --> 00:37:55,240 This is the expected configuration. 775 00:37:55,240 --> 00:37:57,600 Now, as you said, if something change, 776 00:37:57,600 --> 00:37:58,720 let's say that I don't know, 777 00:37:58,720 --> 00:38:01,560 I have five administrators on my database. 778 00:38:01,560 --> 00:38:03,640 For me, these are the right administrators 779 00:38:03,640 --> 00:38:06,000 that I must have on my databases. 780 00:38:06,000 --> 00:38:08,280 Now, if there is a new administrator 781 00:38:08,280 --> 00:38:09,640 that's being add on my database, 782 00:38:09,640 --> 00:38:12,880 please let me know because I want to identify 783 00:38:12,880 --> 00:38:14,720 if this is a valid administrator, 784 00:38:14,720 --> 00:38:16,040 if this is a valid user, 785 00:38:16,040 --> 00:38:18,440 if this is not a malicious activity 786 00:38:18,440 --> 00:38:21,680 that somebody access or lateral movement 787 00:38:21,680 --> 00:38:24,880 of a malicious users that basically trying 788 00:38:24,880 --> 00:38:28,680 to extract the data from one of my database. 789 00:38:28,680 --> 00:38:32,160 Let's focus a little bit on separation of privilege. 790 00:38:32,160 --> 00:38:34,360 There's a lot of interesting data 791 00:38:34,360 --> 00:38:37,840 that are beneficial for different type of group. 792 00:38:37,840 --> 00:38:40,400 What kind of data, what kind of access 793 00:38:40,400 --> 00:38:43,600 that those DBAs or other roles have? 794 00:38:43,600 --> 00:38:44,440 So that's a good question. 795 00:38:44,440 --> 00:38:46,160 I think separation of privileges 796 00:38:46,160 --> 00:38:49,400 or separation of duties depending on who you're talking with, 797 00:38:49,400 --> 00:38:51,200 but these are similar terms 798 00:38:51,200 --> 00:38:53,160 that are basically saying the same thing 799 00:38:53,160 --> 00:38:57,280 is how we ensure that we are not giving too much privileges 800 00:38:57,280 --> 00:39:00,800 or too much access to a single user within the organization. 801 00:39:00,800 --> 00:39:02,480 It's something that we do consider 802 00:39:02,480 --> 00:39:04,080 within Azure Security Center 803 00:39:04,080 --> 00:39:07,480 and more specifically in SQL vulnerability assessment. 804 00:39:07,480 --> 00:39:09,640 So because we are an Azure product 805 00:39:09,640 --> 00:39:11,200 we'll build on top of Alba. 806 00:39:11,200 --> 00:39:15,240 So yes, so of course, if you are a DBA 807 00:39:15,240 --> 00:39:18,120 that has access only to the database, 808 00:39:18,120 --> 00:39:21,160 then you won't see the scan results 809 00:39:21,160 --> 00:39:22,760 within Azure Security Center 810 00:39:22,760 --> 00:39:27,760 because your AID user doesn't have enough permission 811 00:39:29,680 --> 00:39:31,840 on Azure Security Center. 812 00:39:31,840 --> 00:39:35,080 On the other way, if you are a security administrator 813 00:39:35,080 --> 00:39:37,040 on Azure Security Center, 814 00:39:37,040 --> 00:39:40,680 but you don't have access to the database, 815 00:39:40,680 --> 00:39:42,480 then you will see the misconfiguration, 816 00:39:42,480 --> 00:39:44,880 but you won't be able to mitigate 817 00:39:44,880 --> 00:39:47,840 or to investigate those misconfiguration. 818 00:39:47,840 --> 00:39:49,680 And I think it falls again, 819 00:39:49,680 --> 00:39:52,600 the friction that we have between all these personas 820 00:39:52,600 --> 00:39:56,120 that are dealing with different tools and permissions 821 00:39:56,120 --> 00:39:59,240 and agenda and languages and platforms. 822 00:39:59,240 --> 00:40:03,240 The DBA is used to work with SSMS 823 00:40:03,240 --> 00:40:04,920 while security administrator 824 00:40:04,920 --> 00:40:08,280 are mainly using Azure Security Center, 825 00:40:08,280 --> 00:40:11,680 where the SOC team that are dealing with the alerts 826 00:40:11,680 --> 00:40:14,520 coming from SQL, LTP are mainly dealing 827 00:40:14,520 --> 00:40:18,600 with SIEM application, SIEM platform like Azure Sentinel. 828 00:40:18,600 --> 00:40:19,440 It means a lot. 829 00:40:19,440 --> 00:40:21,680 It means that we have all these users 830 00:40:21,680 --> 00:40:24,840 that need to work together and to collaborate 831 00:40:24,840 --> 00:40:27,320 while working on different platforms 832 00:40:27,320 --> 00:40:29,160 with different permissions. 833 00:40:29,160 --> 00:40:34,160 So what we did is giving the database security role 834 00:40:34,160 --> 00:40:35,600 or should I say, 835 00:40:35,600 --> 00:40:38,880 allowing the security database administrator 836 00:40:38,880 --> 00:40:41,520 in case you have this permission, 837 00:40:41,520 --> 00:40:44,440 this role on the database, 838 00:40:44,440 --> 00:40:47,680 then you can basically see the scan results. 839 00:40:47,680 --> 00:40:51,360 So if you have enough permission on the database itself, 840 00:40:51,360 --> 00:40:52,640 on the engine, 841 00:40:52,640 --> 00:40:55,960 and if you have enough permission on the Azure 842 00:40:55,960 --> 00:40:57,240 to see the scan results, 843 00:40:57,240 --> 00:40:59,480 then you will be able to do everything. 844 00:40:59,480 --> 00:41:01,160 But if you're only a DBA, 845 00:41:01,160 --> 00:41:02,440 just to answer to your question, 846 00:41:02,440 --> 00:41:05,240 then we do not expect you to see the results 847 00:41:05,240 --> 00:41:07,520 within Azure Security Center. 848 00:41:07,520 --> 00:41:08,640 Actually, I'm gonna go one step further. 849 00:41:08,640 --> 00:41:10,640 It's not that we don't expect you to see the results. 850 00:41:10,640 --> 00:41:12,440 We don't want you to see the results at all. 851 00:41:12,440 --> 00:41:14,640 I think that's critically important. 852 00:41:14,640 --> 00:41:16,080 Every customer I work with, 853 00:41:16,080 --> 00:41:17,600 especially in regulated industries, 854 00:41:17,600 --> 00:41:20,400 are really interested in separation of duties. 855 00:41:20,400 --> 00:41:22,320 In fact, going one step further, 856 00:41:22,320 --> 00:41:23,440 people who are doing, 857 00:41:23,440 --> 00:41:24,280 so for example, 858 00:41:24,280 --> 00:41:26,320 SQL Server supports Rural Level Security, 859 00:41:26,320 --> 00:41:29,400 but it also supports the ability to have security officers 860 00:41:29,400 --> 00:41:33,720 who can manipulate the Rural Level Security rules, 861 00:41:33,720 --> 00:41:35,440 because they're essentially a predicate function. 862 00:41:35,440 --> 00:41:37,360 It's a little bit like a store procedure. 863 00:41:37,360 --> 00:41:39,000 They can write that logic 864 00:41:39,000 --> 00:41:41,560 and set up the logic and set up the policies around it, 865 00:41:41,560 --> 00:41:44,000 but they have no access to the data. 866 00:41:44,000 --> 00:41:45,320 They also have no access to, 867 00:41:45,320 --> 00:41:47,040 as your security center, scan results. 868 00:41:47,040 --> 00:41:50,360 They also have no access to Key Vault secrets used for, 869 00:41:50,360 --> 00:41:53,160 say, always encrypted or column encryption. 870 00:41:53,160 --> 00:41:56,040 So SQL Server actually has some really good capabilities. 871 00:41:56,040 --> 00:41:57,400 And the Azure platform in general 872 00:41:57,400 --> 00:41:58,680 has these fantastic privileges 873 00:41:58,680 --> 00:42:00,400 or abilities, I should say, 874 00:42:00,400 --> 00:42:04,400 to support separation of duties or separation of privilege. 875 00:42:04,400 --> 00:42:06,920 With that, let's start to bring this thing to an end. 876 00:42:06,920 --> 00:42:09,720 David, one question we always ask all our guests 877 00:42:09,720 --> 00:42:12,440 is if you had one final thought to leave our listeners with, 878 00:42:12,440 --> 00:42:13,280 what would it be? 879 00:42:13,280 --> 00:42:15,800 I'm usually starting my conferences 880 00:42:15,800 --> 00:42:17,960 with a sentence that I really like 881 00:42:17,960 --> 00:42:19,720 that comes from John Chambers, 882 00:42:19,720 --> 00:42:21,200 that said something that I really like. 883 00:42:21,200 --> 00:42:23,960 He said, there are two types of companies. 884 00:42:23,960 --> 00:42:25,480 Those that have been hacked 885 00:42:25,480 --> 00:42:27,680 and those who don't know they have been hacked. 886 00:42:27,680 --> 00:42:29,400 And I think SQL VAs, 887 00:42:29,400 --> 00:42:33,480 SQL VA and SQL ATP that are basically bundled 888 00:42:33,480 --> 00:42:37,120 into a product called Azure Defender for SQL, 889 00:42:37,120 --> 00:42:39,320 comes to solve that equation. 890 00:42:39,320 --> 00:42:42,000 Like if you have SQL Server, 891 00:42:42,000 --> 00:42:45,200 if you are using SQL within Azure, 892 00:42:45,200 --> 00:42:48,640 outside of Azure, within AWS on-premise, 893 00:42:48,640 --> 00:42:50,840 regardless of where you use it, 894 00:42:50,840 --> 00:42:52,680 try Azure Defender for SQL, 895 00:42:52,680 --> 00:42:54,640 scan your databases, 896 00:42:54,640 --> 00:42:58,200 allow us to help you to find misconfigurations, 897 00:42:58,200 --> 00:43:02,480 vulnerabilities, help to you to understand how to fix 898 00:43:02,480 --> 00:43:05,840 and remediate those misconfigurations and vulnerabilities. 899 00:43:05,840 --> 00:43:08,400 And in case something happened on your database, 900 00:43:08,400 --> 00:43:11,680 we can also highlight you and send you alerts 901 00:43:11,680 --> 00:43:14,360 to let you know that there is a malicious user 902 00:43:14,360 --> 00:43:17,280 or malicious activities in your databases. 903 00:43:17,280 --> 00:43:18,960 David, thank you so much for joining us this week. 904 00:43:18,960 --> 00:43:20,280 Really appreciate you spending the time 905 00:43:20,280 --> 00:43:22,000 and know you're incredibly busy. 906 00:43:22,000 --> 00:43:24,200 I certainly learned a bunch as well. 907 00:43:24,200 --> 00:43:26,480 I've been spending a lot of years with SQL databases, 908 00:43:26,480 --> 00:43:28,600 but I always learn something. 909 00:43:28,600 --> 00:43:30,600 So again, thank you so much for turning up this week. 910 00:43:30,600 --> 00:43:32,960 And for our listeners, thank you so much for listening. 911 00:43:32,960 --> 00:43:35,680 Stay safe out there and we'll see you next time. 912 00:43:35,680 --> 00:43:38,560 Thanks for listening to the Azure Security Podcast. 913 00:43:38,560 --> 00:43:42,320 You can find show notes and other resources at our website, 914 00:43:42,320 --> 00:43:44,400 azsecuritypodcast.net. 915 00:43:45,360 --> 00:43:46,920 If you have any questions, 916 00:43:46,920 --> 00:43:49,240 please find us on Twitter at Azure SecPod. 917 00:43:50,120 --> 00:43:53,080 Background music is from ccmixter.com 918 00:43:53,080 --> 00:43:55,840 and licensed under the Creative Commons license.