Databases are key targets for hackers looking to steal data. However, there is insufficient emphasis by the MITRE ATT&CK Framework on the Collection tactic regarding access of data from a database.

Hackers collect data through eavesdropping/man in the middle attacks of data in transit, by capturing data at the point of collection (such as point of sale devices), exfiltrating files containing sensitive data, etc. But the motherlode is the database.  By watching how and what data is accessed from a database it is possible to determine whether such access constitutes an attempted data theft.  This is the equivalent of catching a bank robber in the vault. 

This webcast covered more about the database gaps in the current MITRE ATT&CK Framework. Our speakers discussed:

• What a Security Operations Center (SOC) engineer should know about database security
• Database Security using the MITRE ATT&CK Framework
• How to effectively monitor and detect security events in database environments
• Proposed new Technique for Collection Tactic of ATT&CK