适用于 SQL 的 Azure Defender 简介Introduction to Azure Defender for SQL

适用于 SQL 的 Azure Defender 包括两个 Azure Defender 计划,这些计划可扩展 Azure 安全中心的数据安全包以保护任何位置的数据库及其数据。Azure Defender for SQL includes two Azure Defender plans that extend Azure Security Center's data security package to secure your databases and their data wherever they're located.

可用性Availability

方面Aspect 详细信息Details
发布状态:Release state: 适用于 Azure SQL 数据库服务器的 Azure Defender - 正式发布 (GA)Azure Defender for Azure SQL database servers - Generally available (GA)
适用于计算机上的 SQL 服务器的 Azure Defender - 预览Azure Defender for SQL servers on machines - Preview
定价:Pricing: 适用于 SQL 的 Azure Defender 包含的两个计划按定价页中的定价计费The two plans that form Azure Defender for SQL are billed as shown on the pricing page
受保护的 SQL 版本:Protected SQL versions: Azure 虚拟机上的 SQL - WindowsLinuxSQL on Azure virtual machines - Windows and Linux
Azure SQL 单一数据库弹性池Azure SQL single databases and elastic pools
Azure SQL 托管实例Azure SQL Managed Instance
Azure Synapse Analytics(以前称为 SQL DW)专用 SQL 池Azure Synapse Analytics (formerly SQL DW) dedicated SQL pool
云:Clouds: 是 中国云China cloud

适用于 SQL 的 Azure Defender 保护了哪些项目?What does Azure Defender for SQL protect?

适用于 SQL 的 Azure Defender 包含两个单独的 Azure Defender 计划:Azure Defender for SQL comprises two separate Azure Defender plans:

  • 适用于 Azure SQL 数据库服务器的 Azure Defender 保护:Azure Defender for Azure SQL database servers protects:

  • 适用于计算机上的 SQL 服务器的 Azure Defender(预览版)会扩展对 Azure 原生 SQL Server 的保护以完全支持混合环境,并保护在 Azure、其他云环境甚至本地计算机上托管的 SQL server(所有受支持的版本)Azure Defender for SQL servers on machines (Preview) extends the protections for your Azure-native SQL Servers to fully support hybrid environments and protect SQL servers (all supported version) hosted in Azure, other cloud environments, and even on-premises machines

适用于 SQL 的 Azure Defender 有哪些优点?What are the benefits of Azure Defender for SQL?

这两项计划包括用于识别和减少潜在的数据库漏洞的功能,以及用于检测可能表明数据库有威胁的异常活动的功能:These two plans include functionality for identifying and mitigating potential database vulnerabilities and detecting anomalous activities that could indicate threats to your databases:

  • 漏洞评估 - 一种扫描服务,用于发现、跟踪并帮助修正潜在的数据库漏洞。Vulnerability assessment - The scanning service to discover, track, and help you remediate potential database vulnerabilities. 评估扫描概述了 SQL 计算机的安全状态以及任何安全发现结果的详细信息。Assessment scans provide an overview of your SQL machines' security state, and details of any security findings.

  • 高级威胁防护 -一种检测服务,用于持续监视 SQL 服务器的威胁,例如 SQL 注入、暴力攻击和特权滥用。Advanced threat protection - The detection service that continuously monitors your SQL servers for threats such as SQL injection, brute-force attacks, and privilege abuse. 此服务在 Azure 安全中心提供面向操作的安全警报,其中包括可疑活动的详细信息、有关如何减少威胁的指导。This service provides action-oriented security alerts in Azure Security Center with details of the suspicious activity, guidance on how to mitigate to the threats.

适用于 SQL 的 Azure Defender 提供哪种类型的警报?What kind of alerts does Azure Defender for SQL provide?

当存在以下情况时,会触发安全警报:Security alerts are triggered when there's:

  • 潜在的 SQL 注入攻击 - 包括应用程序在数据库中生成错误的 SQL 语句时检测到的漏洞Potential SQL injection attacks - including vulnerabilities detected when applications generate a faulty SQL statement in the database
  • 异常的数据库访问和查询模式 - 例如,使用不同的凭据尝试登陆,但登录失败的次数异常多(强制尝试)Anomalous database access and query patterns - for example, an abnormally high number of failed sign-in attempts with different credentials (a brute force attempt)
  • 可疑的数据库活动 - 例如,SQL 导入和导出操作的导出存储目标发生了变化Suspicious database activity - for example, a change in the export storage destination for a SQL import and export operation

警报包含触发警报的事件的详细信息,并提供有关如何调查和消除威胁的建议。Alerts include details of the incident that triggered them, as well as recommendations on how to investigate and remediate threats.

后续步骤Next steps

本文介绍了适用于 SQL 的 Azure Defender。In this article, you learned about Azure Defender for SQL.

如需相关材料,请参阅以下文章:For related material, see the following articles: