Tactics, techniques, and procedures definition
Tactics, techniques, and procedures (TTPs) is a framework that different groups — from military units to cybersecurity teams — use to understand and respond to threats. It helps those working in cybersecurity understand why cyberattacks are carried out, and what methods are used by hackers. Figuring this out helps companies quickly jump into action when cyberattacks happen, and prevent them in the future.
See also: Cyberthreat, Threat monitoring
Understanding the components of TTPs
- 1.Tactics. These are the plans or goals that hackers use to get what they want. For example, they may want to steal sensitive data from a company's network and plan to do it with a phishing campaign.
- 2.Techniques. These are the specific methods hackers use to carry out their plans. This could involve things like sending spear phishing emails (where the hackers pretend to be someone senior in the company).
- 3.Procedures. These are the detailed steps that hackers follow to carry out an attack, like deciding what tools to use and what commands to run. For example, the attackers we’ve mentioned above would be using specific procedures to get into a network and steal the email addresses of those they want to target with spear phishing.
What are the benefits of using TTPs in cybersecurity?
- TTPs build a strong defence against cyber threats.
- They make it faster and easier to react to attacks.
- TTPs help prevent data breaches and keep data safe.
- They help make sure everyone knows what to do in a cyber incident.
- TTPs help companies adapt to the changing threats and challenges.
Other examples of TTP use
- Soldiers and military units use TTPs to plan and carry out combat operations.
- Police officers use TTPs in investigations, patrols, and crowd control.
- Firefighters, paramedics, and emergency response teams use TTPs to coordinate rescues and handle crises.
- Intelligence operatives and analysts use TTPs to collect and analyze information for national security.