PAM and Cybersecurity Glossary

What are Tactics, Techniques and Procedures (TTPs) | Delinea

Written by Delinea Team | Mar 8, 2023 8:54:00 PM

What are Tactics, Techniques and Procedures?

Tactics, Techniques and Procedures (TTPs) describes three components in a process used to develop threats and plan cyberattacks. Tactics represent the “why” of an attack technique and the reason for performing an action. Techniques represent “how” an adversary achieves a tactical goal by performing an action. Procedures are the specific implementation the adversary uses for techniques.

Tactics represent the “why” of an ATT&CK technique or sub-technique. It is the adversary’s tactical goal: the reason for performing an action. 
For example: an adversary may want to achieve credential access.

Techniques represent “how” an adversary achieves a tactical goal by performing an action.
For example: an adversary may dump credentials to achieve credential access.

Procedures are the specific implementation the adversary uses for techniques or sub-techniques. 
For example: a procedure could be an adversary using PowerShell to inject into lsass.exe to dump credentials by scraping LSASS memory on a victim. Procedures are categorized in ATT&CK as the observed in the wild use of techniques in the "Procedure Examples" section of technique pages.

Should an incident occur in your organization, forensic analysis of the TTPs employed in the attack will help you establish attribution, identify the attack vector, implement the appropriate incident response, and move to protect yourself from further attacks.

 

Resources for protecting your organization from threat actors:

Blog

7 Steps to Recognize and Combat Cybercrime

Whitepaper

How to Build Your Incident Response Plan

Free eBook

Cybersecurity for Dummies

Webinars

Anatomy of a Privileged Account Hack: How to Know the Risks and Keep them Contained

Free Tools

Customizable Cybersecurity Incident Response Plan Template

Privileged Access Security Toolkit