Enhance your Azure PostgreSQL Flexible Server security posture with Azure Defender
Published Dec 13 2023 08:01 AM 2,412 Views
Microsoft

We are excited to announce limited General Availability of Azure Defender for new Microsoft Azure Database for PostgreSQL - Flexible Server instances. This is another add-on, which, if deployed, provides another important security barrier to your Azure PostgreSQL server in addition to existing security features, we blogged about earlier

elephants-battle-large.jpg

 

In the following article, we will discuss how adding Azure Defender for OSS databases with your PostgreSQL Flexible server will help you secure your applications from hacking attacks.

 

Protection against brute force attacks


A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Attackers work through all possible combinations hoping to guess correctly.

These attacks are done by ‘brute force’ meaning they use excessive forceful attempts to try and ‘force’ their way into your private account(s). 

The "brute-force" terminology is derived from the tactic of using constant attempts or excessive "force" until the threat actor arrives at the desired result—entry into a system with the right credentials. Despite this being one of the oldest hacking methodologies, according to Verizon’s 2020 Data Breach Investigations Report, hacking, which includes brute forcing passwords, remains the primary attack vector. Over 80% of breaches caused by hacking involve brute force or the use of lost or stolen credentials. 

PostgreSQL brute force attack examplePostgreSQL brute force attack example

 

When Microsoft Defender detects a brute force attack, it triggers an alert to bring you awareness that a brute force attack took place. It also can separate simple brute force attack from brute force attack on a valid user or a successful brute force attack.

 

Detecting anomalous database access patterns

Databases may store extremely sensitive business information, making them a major target for attackers. Therefore, securing their data from damage or leakage is a critical issue. To manage this, enterprises typically implement several layers of protection between users and data, working at the network, host, and database levels.  The data protection at database level includes the access control models to limit the permissions to of legitimate users to read, write data and encryption at times.  These security models are sometimes insufficient to prevent misuse, especially insider abuse by legitimate users.  When Microsoft Defender detects anomalous login pattern, where attacker is attempting to login via brute force attack, it fires an alert to make you aware of such activity as well. 

 

 

Enabling Microsoft Defender with PostgreSQL Flexible Server

 

Enabling  Defender with PostgreSQL Flexible Server in Azure PortalEnabling Defender with PostgreSQL Flexible Server in Azure Portal

 

 

  1. From the Azure portal, navigate to Security menu in the left pane.
  2. Pick Microsoft Defender for Cloud
  3. Click Enable in the right pane.

Resources

For more information on Azure Defender and its use with Postgres Flexible Server see following:

 

 

To learn more about our Flexible Server managed service, see the Azure Database for PostgreSQL service page. We’re always eager to hear customer feedback, so please reach out to us at Ask Azure DB for PostgreSQL.

 

 

Co-Authors
Version history
Last update:
‎Jan 05 2024 09:56 AM
Updated by: