Skip to content
    August 13, 2024

    Security Detection Update - 2024-8-13

    Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.

    Introduction and Overview

    This week we spent working on prepping some awesome top secret upcoming features, but also testing with some MSSQL brute forcing.


    New Detections

    This update introduces:

    Excessive MSSQL Login Failures

    Oof, there are a lot of misconfigured MSSQL auth connections out in the world. After extensive testing and baselining our team came up with this detection. You'll note the "Default Disabled" status. This is due to some SQL servers being connected directly to the internet, outdated connection settings, and potential misconfigurations. If you are reading this, and can do anything about it, please don't just put a SQL server on the internet with no protections in place. Really that goes for most technology, but this is a big one. If you can, put it behind MFA, ACLs, WAF, and any other 3 letter acronym you can think of that might help your server not be continuously attacked.

    This could indicate an attempted brute force attack or may also be the result of a misconfigured service account using incorrect or expired credentials. The current threshold is 30 or more failed logins within a 1 hour window.

    • Status: Default Disabled
    • Log type requirement: Windows

    Horoscope

    The stars are aligning in your favor, bringing stability and security to your SQL servers. By safeguarding your connections and implementing robust protections, you've ensured that your data is as safe as a fortress guarded by the universe itself. This week, you'll find peace of mind knowing that your efforts have paid off, as threats that would have plagued others will bypass you entirely. The cosmic forces are smiling upon your diligence—keep up the great work, and you'll continue to reap the rewards of a secure and resilient environment. Remember, your proactive measures today are the foundation for tomorrow's success.

    • Status: Transcendent
    • Log type requirement: Magical

    Amanda Berlin

    Amanda Berlin is Lead Incident Detection Engineer at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An accomplished...

    More from the blog

    View All Posts