How to detect Data thief attempt


We are using a SIEM solution (QRadar) to detect a data thief attempt (SQL DB Dump).
The customer is using a MSSQL 2008 (on WIN2012). The audit logs are sent to the QRadar slution. The goal is to detect data thief and then raise a security incident.

  1. Question #1: How can we detect DB dump attempt (by analyzing the logs) or another way to stole a Data base?
    Which logs are involved?

  2. Question #2: If we consider that such action (SQL DB dump,...) needs some times to be processed. I can monitor each SQL query duration,
    if a query last too many time (let's say more than 1 minute), then QRadar will raise a security alert.
    The question here, is how can I do to force MSSQL to log EACH SQL query?

  3. Questions #3: I know about the "SET STATISTICS TIME ON;" and the SET STATISTICS TIME OFF;
    But I don't know how to enable it by default on each query (without the need to call these 2 functions in each query).
    I also tested the "SQL Server Profiler", but I don't know if it is the bes solution.
    I don't know if the profile may be executed as a service (no need to launch manually the Server Profiler).

Please don't hesitate to ask me additional questions if I am not clear.

Thanks for your help

How many and how solid are you other security layers before thief reaches sql server?
What type of holes do you have in your security that data thief was able to reach the sql server?

This is not the topic, I am asking about technical guidance to detect such events in case of. We have to prevent that such scenario occurs.