Database Guidance

Category Definition

Databases are organized sets of data, and the software is used to access, store, and maintain that data.

Why a defender should care about Databases

Databases often store some of the most sensitive data in the organization, such as PII, PHI, and PCI, making them a highly desirable target for attackers. Databases are among the most critical IT assets requiring high availability, secure configuration, monitoring, and frequent patching. These systems are also challenging to secure, especially within development environments, and database configurations are often complex. It is common for changes to a database to sacrifice security in favor of convenience, sometimes unintentionally.

Why an attacker is interested in Databases

Databases provide various avenues of attack and multiple opportunities once compromised. Since databases allow authenticated access, attackers can log in or they can compromise the database software itself. Accessing or exfiltrating (https://attack.mitre.org/tactics/TA0010/) sensitive data is an obvious goal, but databases may store other information useful to attackers. Databases are often a source of truth for additional services such as authentication. Attackers see a database and ask, "What can I steal from this source of truth?" (https://attack.mitre.org/techniques/T1213/) and "Can I change the source of truth for my benefit?". Databases also connect to other data repositories like backups. Achieving code execution within databases can enable direct access to these additional components and their data.