We have detected a lot of Failure Audit errors (MSSQLSERVER) on our Web Server for.
Something like Login failed for user 'sa'. [CLIENT: 74.208.102.175]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
IPs are unknown, and we would like to know is this a potential security issue or what can cause this.
EDITED
I adjusted Windows Firewall to prevent access to MSSQL outside server IP, but that did not work.
Here is what I did Firewall > Programs and Service > cheched MSSQL Firewall > Edit > Name:MSSQL, PortNumber 1433, TCP, scope: serverIP/255.255.255.255
It appears that you have exposed your SQL Server to the internet, and now you are seeing brute-force attempts from the internet to log in with the well-known SQL account sa.
I don't know your business needs, but consider adjusting your firewall so that the only IP that is able to reach your database server is your web server, for instance.
Edit: If your web server and your database server are the same, the fact remains that you need to use a firewall, either software or hardware, to block incoming connections to port 1433 from the internet.