How TrustLogix Secures SQL Server Data for Financial Institutions

Maintaining data security posture and regulatory compliance are paramount for institutions handling sensitive financial information. A leading global, full-service investment banking and capital markets firm with approximately $10B in annual revenue had significant transactional data in SQL Server. Maintaining a data security posture was critical since the transactional data contained sensitive information about stock investments and finances. Safeguarding this data is not only a matter of preventing breaches but also adhering to stringent industry regulations such as FINRA and SOC, which demand robust security protocols and auditable data practices.

In this blog, we'll explore how TrustLogix provided a complete data security posture, from monitoring anomalous activities to tracking unauthorized data movements and enabling ongoing compliance with evolving regulations.

The Challenge: Existing Toolset Limitations

Invasive and Proxy Based

Initially, the bank's security team relied on traditional monitoring tools that used proxies and agents to oversee network traffic between data platforms and consumers. These tools were not built for high-scale workloads and added performance overhead. The tools required routed the data through their proxies to manage data access and redaction, adding complexity to their data architecture and a potential threat vector if those tools were compromised (such as “man in the middle”). The security team required a non-invasive solution to underlying data platforms and pipelines and could not see or touch the data itself.

Data Security Posture at Scale 

As the bank scaled, more lines of business (LOBs) were onboarded, which required even more comprehensive monitoring capabilities that the existing toolset could not provide:

• Monitor login failures, SQL injection queries
• Monitor DDL operations on sensitive objects and from privileged users
  • Are there overly granted roles or privileges posing a threat to sensitive data?
• Visibility into unauthorized tools and IP addresses attempting connection
  
  • Are unapproved or non-whitelisted tools attempting connection, risking data being copied to unmonitored locations or deleting the data?
  • Are unapproved or non-whitelisted IP Addresses attempting to login potentially causing compliance violations or data leakage?
• Detect Suspicious Data Movement out of the SQL Server
  • Are there backups performed over data classified as sensitive to external systems?
  • Are unapproved or unlisted users copying sensitive data?

Additionally, the team sought a solution that could be customized to meet evolving security requirements. As business needs changed, the bank needed the flexibility to create custom security controls and policies that could adapt to new threats or compliance mandates.

Ensuring Compliance and Risk Detection

The CISO team needed assistance with audit efforts and timely compliance reports, as well as detected risks integrated with external security information and event management systems.

The Solution: TrustLogix - A Cloud-Native, Non-Invasive Security Platform

Built as a cloud-native and non-invasive solution (so it cannot see or touch the data itself), TrustLogix provides data security posture management for SQL Server and both cloud and on-premise data platforms. 

TrustLogix Monitoring Policies: Visibility into SQL Server Data Risks

TrustLogix offers a suite of monitoring policies that address various SQL data security risks. These policies track specific events and activities within SQL Server environments, offering detailed visibility into critical operations.

• Detect Multiple Login Failures: Monitors and alerts on consecutive login failures to detect potential brute-force attacks. 

• Monitor for SQL Injection Queries: SQL injection is one of the most common attack vectors targeting SQL Server. The policy tracks suspicious query patterns to identify potential SQL injection attempts.

• Monitor DDL Operations on Sensitive Objects and from Privileged Users: Data Definition Language (DDL) operations like CREATE, ALTER, and DROP are closely monitored, particularly when they target sensitive or classified objects or involve privileged users to prevent unauthorized changes.  
• Monitor DDL Operations on Specific Tables: Allows granular monitoring of DDL operations targeting specific tables classified as high-risk.
• Detect Suspicious Data Movement Activity: Flags unusual data movement across the system, including the copying, transferring, or exfiltrating of sensitive data.
• Monitor Account Modification: Tracks changes to user accounts, permissions, and roles to ensure that only authorized personnel can make modifications.
• Monitor OS Operations: Monitors operating system-level activities to detect unauthorized changes or suspicious behavior in the infrastructure.

Additional TrustLogix Monitoring Policies: Fine-Tuning Security to Bank’s Needs

TrustLogix also provided additional monitoring policies to fine-tune security based on the bank’s specific requirements, further strengthening its protection capabilities. 

• Monitor Copy of Sensitive Objects by Unlisted Tools: Tracks attempts to copy sensitive data using tools not explicitly listed or authorized, identifying potential insider threats or attacks.
• Monitor Login Activity from Non-Whitelisted IP Addresses: Flags unapproved or suspicious login attempts from IP addresses not on a whitelist, helping detect potential breaches.
• Monitor Copy of PII Objects by Unlisted Users: Alerts when unlisted users try to access or copy Personally Identifiable Information (PII).
• Monitor Brute Force Login Attempts from Non-Whitelisted IPs: Detects brute-force login attempts from unauthorized IPs to prevent account compromise.
• Monitor Backup of Databases Classified as Sensitive: Monitors backup operations involving sensitive databases to prevent unauthorized backups that could lead to data leakage or exfiltration.
• Monitor Deletion of Sensitive Objects by Unlisted Tools: Tracks deletion operations on sensitive objects by unlisted or unauthorized tools, ensuring data destruction is legitimate and authorized.

TrustLogix Activity Reports: Timely and Defensible Compliance Audits

With TrustLogix, the CISO team could leverage automated reporting to streamline audit efforts and generate timely compliance reports. TrustLogix offers robust activity reporting features that allow security teams to gain deep insights into all operations related to SQL Server. TrustLogix empowers the CISO or security officer to establish a stronger, more defensible position during audits with regulatory and compliance teams. The team can now demonstrate a proactive, compliant security posture that minimizes the risk of non-compliance and positions the organization as a responsible, risk-aware entity ready to handle scrutiny and regulatory requirements effectively. The team can provide proof of protected data and fine-grained data access. Furthermore, the tool’s integration with external Security Information and Event Management (SIEM) systems allowed for a more holistic view of the bank’s security posture.

Key Audit Reports include:

• Summary Report of Login Activity: Overview of successful and failed logins helps admins track who is accessing the database and when.
• Details of All Client Tools Used to Connect to SQL Server: Identifies tools used to connect to SQL Server, ensuring connections are being made using authorized software.
• Database Management and Read-Write Activity Report: Summarizes actions related to database management, including both read and write activities. Helps security teams track changes, queries, and critical actions.
• Summary Report of Data Access Activities on Classified Objects: Monitors access to Sensitive or classified data objects, helping security teams monitor who is accessing high-risk data and why.

Conclusion: Driving Data Success: Unlocking Potential, Accelerating Projects, and Building Trust

By adopting TrustLogix, the the bank’s security teams were empowered to maintain a data security posture by detecting and mitigating risks before they escalate.TrustLogix also enhanced the bank’s ability to maintain compliance with ever-evolving regulatory frameworks, reducing the complexity and time required to produce timely compliance reports. 

In a highly competitive industry where data breaches can have significant financial and reputational consequences, TrustLogix provides the Financial Institution with a strategic advantage: the ability to foster trust with clients and stakeholders, ensure regulatory adherence, and unlock new opportunities for innovation and growth. In an age where data is one of the most valuable assets, safeguarding it with a proactive, scalable, and non-invasive solution like TrustLogix is not just a security measure—it’s a critical business enabler.

Ready to try it for yourself? Get a free data security assessment on your SQL Server as well as other cloud and on-premise data platforms by registering for a free 90-day data protection service or request a demo.