Ttp Acronym Military - When I read various reports, blogs and tweets about information security, I often see the acronym "TTP" used to describe various things related to information security (eg Tests, Tools, Processes, Programs, etc.). Although TTP is a commonly used acronym, it is often not the original meaning: Tactics, Techniques and Procedures. In this post, I'll discuss my interpretation of TTP (based on Department of Defense doctrine) and explain why I think you should use TTP the way you should!
Tactics, Techniques and Procedures are specific terms created in the Department of Defense and have been used for many years to describe military operations. 1-02 joint publication,
Ttp Acronym Military
Now that we have the "official" definitions, what do they really mean? I like to think of these as a hierarchy of specificity, going from the broadest (Tactics) to the most specific (Procedures). To help clarify what these actually mean in practice, I'll explain in more detail what each term actually means. In addition, I will use the metaphor of "car ownership" to help describe each of these terms.
Ac72099 Pehb 2018 Pdf
Tactics are high-level considerations with limited specific information that dictate how things should be done. Usually used for planning and/or monitoring, there are no specific guidelines or instructions, just a useful general guide for higher level considerations to ensure that what is needed is completed as part of a larger whole.
To use the analogy of car ownership, there are many "Tactics" that a car owner is involved in, such as fuel, cleaning, and preventative maintenance. Each of these can be considered a "tactic" involved in owning a car. For the purpose of this example, we will focus on "Preventive Maintenance" as the tactic of choice that we will explore in depth.
Techniques form a gray area between the high-level view of tactics and the very specific details of Procedures (discussed next). It consists of planned actions, but without specific (ie non-prescriptive) instructions for carrying out that action. This usually identifies the tasks that need to be completed, but without micromanaging how to complete the task.
To continue with the car analogy, if the chosen Tactic is "Preventive Maintenance", there are various techniques that can be used to perform this tactic, such as changing the oil, rotating the tires, replacing the brakes, etc. These techniques describe the general. the tasks to be done, however, do not provide specific instructions for doing them. We will choose "Oil Changing" as the technique we are interested in and use it to discuss the procedures.
Pentagon Assessment, Iraq, 2017 Airstrike: The Civilian Casualty Files
Procedures are specific detailed instructions and/or directions for completing a task. Procedures include all the steps necessary to complete a specific task, but without any higher-level considerations or background as to why the task is being performed. The priority of procedures is to ensure clear instructions so that a task can be completed correctly by anyone capable of following the instructions.
To complete our car analogy, the procedures for implementing the "oil change" technique will be specific to the car being maintained. This would include all information about change frequency, oil type, filter type, drain plug location, tools required, etc. The procedures should be such that anyone (well, almost anyone) can perform the task described. use the following guidelines.
Presenting Tactics, Techniques and Procedures as a hierarchy can help you see the relationships between them. To perform the desired Tactics it will be necessary to use one or more Techniques. To complete the desired Techniques, there must be one or more Procedures to follow. What separates "advanced" threat actors from others is their ability to implement new Techniques or sophisticated Procedures that others cannot easily replicate, even if their tactics are the same as others.
While TTP has been used to describe conventional warfare, it can be very useful in describing cyber security. Fortunately, the MITER ATT&CK Matrix is already set up to use this structure and provides an excellent single source for security-based TTPs.
What's In A Name? Ttps In Info Sec
The column headings indicate the high-level Tactics (highlighted in red) that an attacker uses as part of the cyber attack cycle. Under Tactics the individual Matrix entries represent Techniques (highlighted in green). As we mentioned earlier, for each Tactic, several Techniques are listed. Clicking on any Technique will take you to a page with additional details on the Technique, including examples of actual use by bad actors. These examples represent the Procedures used and provide a detailed analysis of the specific actions performed and the resources used. Procedures can also be viewed as specific hashes or tools and specific command lines used for a particular malicious activity. MITER ATT&CK makes the TTP exam on computer security easy to get.
For example, when an attacker needs to access network computers or resources that are not at their home location, they must implement the Lateral Movement Tactic. A popular technique is to use the Windows administrative shares, C$ and ADMIN$, as writable directories on the remote computer. One procedure for implementing this technique might be to use the SysInternals PsExec tool, which creates a command-executable binary, copies it to a Windows Admin Share, and starts a service from that share. Blocking the SysInternals PsExec tool will not completely remove the Windows Admin Shares Technique risk; an attacker can use another Procedure, e.g
Or the Invoke-PsExec PowerShell cmdlet. Understanding the specificity of attacks and countermeasures is critical to evaluating the effectiveness of security controls.
Besides trying to clarify the usage of "TTP", why is that old military jargon relevant in a modern computer-driven world? In fact, this approach to understanding malicious activity makes you a better attacker or defender. Being able to uncomplicate complex attacks into TTPs makes it much easier to detect or replicate attacks.
Cyber Kill Chain Explained
Understanding the various Tactics involved in information security can help you pinpoint areas of deficiency in your personal experience of the corporate environment and focus your efforts on areas where you may currently lack awareness/coverage. For example, the "Assumed a Breach" mindset recognizes that effective cybersecurity must be aware of other tactics used by attackers, rather than focusing on preventing the initial compromise. This high-level view will help prevent oversights in any part of the security program.
Understanding the difference between Techniques and Procedures is also extremely important. Many network security tools and threat intelligence feeds focus on the specific Procedures an actor uses (such as tool hashes, filenames, and C2 domains/IPs) rather than the overall Technique being used. Sometimes the security community labels something as a new Technique when it should be called a new Procedure for an existing Technique. Knowing the underlying technique and being able to adapt specific procedures will make you a better operator, no matter what role you play.
As the old saying goes "Give a man a fish and you feed him for a day". Teach a man to fish and feed him for life.' From a network defense perspective, phishing is like focusing on sensitive indicators of an attacker's procedures (such as hashes and specific IPs). It may satisfy your needs temporarily, but its effectiveness will be short-lived. Learning to fish is about focusing on the Technique being used, understanding the technology and behavior associated with an attack, and creating strong countermeasures that work even when the attacker adapts or creates new Procedures.
Hopefully, this post has been helpful in clarifying the difference between Tactics, Techniques, and Procedures and highlighting the benefit of understanding each term.
Pdf) Flexible Method For Developing Tactics, Techniques, And Procedures For Future Capabilities
Army ttp acronym, ttp military acronym, ttp acronym security, bde military acronym, pom acronym military, isr acronym military, aor military acronym, ttp acronym medical, military ttp, acronym ttp, what does the acronym ttp stand for, srp military acronym
0 Comments