// THREAT DETECTION AND DATA PRIVACY TERM
TTP
TTP stands for Tactics, Techniques, and Procedures, describing the complete spectrum of how an adversary operates, from their overall strategy to the specific steps they take to achieve their goals.
TECHNICAL DEFINITION
TTP (Tactics, Techniques, and Procedures) in cybersecurity and military intelligence delineate an adversary's observable behaviors and methodologies, encompassing their strategic approaches (tactics), specific attack methods (techniques), and detailed step-by-step processes (procedures), which are crucial for threat intelligence, defensive planning, and attribution.
BACKGROUND
The Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) is a guideline for classifying and describing cyberattacks and intrusions. It was created by the Mitre Corporation and released in 2013.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Adversary Playbook
- Attack Methods
- Threat Behavior
- Operational Patterns
- Modus Operandi (MO)
- Attack Lifecycle
USAGE NOTE
Understanding an adversary's TTPs is fundamental for developing effective defensive strategies and proactive threat hunting efforts.
DEVELOPERS
Organizations developing technology related to TTP.
Mandiant specializes in threat intelligence, incident response, and security validation, providing deep insights into adversary tactics, techniques, and procedures (TTPs) and helping organizations defend against sophisticated cyber threats.
CrowdStrike is a leader in endpoint security, threat intelligence, and incident response, leveraging its Falcon platform and extensive threat research to detect and prevent attacks by understanding and profiling adversary TTPs.
MITRE developed and maintains the ATT&CK framework, a globally accessible knowledge base of adversary tactics and techniques based on real-world observations, which serves as a foundational resource for understanding and documenting TTPs in cybersecurity.
Palo Alto Networks provides a comprehensive cybersecurity platform, with its Unit 42 threat intelligence team actively researching and reporting on adversary TTPs, which are integrated into their security products for prevention and detection.
Recorded Future delivers intelligence for security operations, providing insights into adversary TTPs, vulnerabilities, and emerging threats by analyzing a vast array of open, dark web, and technical sources.
Microsoft's security division offers a broad range of products and services, including Defender and Sentinel, backed by the Microsoft Threat Intelligence Center (MSTIC) which actively tracks, analyzes, and mitigates threats by understanding adversary TTPs.
AttackIQ specializes in breach and attack simulation (BAS) platforms, allowing organizations to validate their security controls against known adversary TTPs mapped to frameworks like MITRE ATT&CK, ensuring continuous defense readiness.
Splunk provides a security information and event management (SIEM) platform that enables organizations to aggregate, analyze, and act on security data, facilitating the detection and response to adversary TTPs by correlating security events and threat intelligence.