In a previous post, Andreas wrote on how to set up audit trail, especially for Microsoft SQL Server. However, there are always bad actors who will seek to get access to and, likely, exfiltrate (exfil) the data. But they don’t want to get caught; they don’t want to tip off the fact that they are doing such actions. Especially in larger organizations with valuable data, the longer a threat actor can stay hidden, the more they can steal.
So what do you need to look out for? What techniques might a threat actor use to try and stay hidden? That’s what Andreas Wolter covers in his post about Evading Data Access Auditing. Just as I said about the previous post, I also highly encourage folks to read this one. For instance, did you know that it’s possible to see data using the statistics objects in SQL Server? Do you understand why that evades normal detection? If you don’t, read Andreas’ post. He breaks it down and how to detect for it.