Making Sense of TTPs, Cybersecurity, & What That Means for Your Business

VirtualArmour

July 5, 2021

Making Sense of TTPs, Cybersecurity, & What That Means for Your Business

Once considered a nice-to-have, cybersecurity has become essential for organizations in all verticals. Even before COVID-19 made remote work the norm for many office workers (leading to a marked increase in social engineering attacks), cybercrime was already on the rise, with global losses skyrocketing to nearly $1 trillion in 2020 alone

No matter how large or small your organization is, investing in your cybersecurity posture is vital for safeguarding your digital assets, your business, and your customers. To improve your cybersecurity posture, you need to get inside the mind of a cybercriminal and figure out how to stay one step ahead in this endless game of cat and mouse. 

What are TTPs?

TTPs refers to the tactics (or tools), techniques, and procedures used by a specific threat actor (the bad guy) or threat actors. Essentially, TTPs refer to distinct patterns of activities or behaviors associated with a particular person or group of people and describe how threat actors orchestrate, execute, and manage their cyber attacks. 

Tactics

Tactics, generally speaking, refer to the vectors used by attackers. This could include accessing and using confidential information, gaining access to a website, or making lateral movements (moving sideways between devices and apps to better map your system and look for vulnerabilities in less protected areas that they can exploit). 

Techniques

Techniques refer to the methods attackers use to achieve their goals. For example, if the immediate goal (the tactic) is to gain unauthorized access to your system, then the technique could be using social engineering (such as a phishing scam) to trick employees into sharing their login credentials. A single tactic can involve multiple techniques. 

Techniques act like stepping stones towards the attacker’s overarching goal, which could include damaging your systems, infecting your network with ransomware, or stealing sensitive files.

Procedures

Procedures refer to specific, actionable, preconfigured steps used by cybercriminals to achieve their overarching goals. So, for example, if the goal is to use a phishing scam to gather login credentials from employees, the procedure could involve determining what the email should say and configuring the email to download malware when a user opens the attachment included with the email.

Why are TTPs Important for My Business?

Analyzing TTPs is vital for your cybersecurity posture since the clues threat actors leave behind can be used to help identify who is responsible for an attack or breach. By analyzing TTPs, your cybersecurity team or cybersecurity partner can:

  1. Rapidly triage and contextualize the event taking place by comparing the TTPs of the current attack with TTPs of known threat actors or groups (such as hostile foreign governments, lone criminals, criminal groups, or rival corporations) who may have launched the attack. Based on who may be behind the attack, your cybersecurity experts can try to predict what may happen next and redeploy resources to better safeguard your most critical digital assets, such as your server. 
  2. Review probable paths for research and further exploration based on what TTPs were used in the attack. This allows your cybersecurity experts to potentially identify who was behind the attack so criminal charges can be laid.
  3. Identify potential sources or vectors of the attack. This step involves identifying how the threat actors were able to gain unauthorized access to your systems so those vulnerabilities can be addressed as soon as possible so that other threat actors can’t exploit them in the future.
  4. Identify and investigate all systems that may have been compromised. This step is part of your incident response process and is critical for preventing further damage and rooting out potential back doors left by the attackers. 
  5. Create threat modeling exercises and improve your cybersecurity training so that your team won’t be caught unaware again should a similar or related event occur in the future. 

How Can VirtualArmour Help?

Security experts like the VirtualArmour team use TTPs to help identify potentially suspicious activities. When a company like VirtualArmour is monitoring your network 24/7/365, one of the things our experts look for are TTPs. TTPs act like fingerprints: Our experts know what sort of patterns to look for and use that vast wealth of knowledge to help sift out potentially suspicious network activity from ordinary, harmless network activity. 

Should an incident occur, our experts can use TTPs to narrow down the list of suspects, potentially identify third parties that may be impacted (for example, if the phishing attack came from a Gmail email address that may mean Gmail has been compromised), and allow our team to trace the route of the attack back through your network, flagging potentially compromised systems for further investigation and identifying how the attacker was able to gain access. Once we have that information, we can work with you to address your security posture’s current shortcomings and help you update your cybersecurity training so your employees are better able to identify potentially suspicious activities such as phishing emails. 

To help keep organizations like yours safe, we offer a variety of managed services and consulting services, including SOCaaS (security operations center as a service). Most SMBs don’t have the budget to maintain a full, in-house security team. Virtual Armour SOC as a service offers a cost-effective solution: Our full team of cybersecurity experts and analysts act like an extension of your existing security team or can be used to supplement staff in IT light environments, managing and monitoring your network, devices, and digital assets.

VirtualArmour’s SOCaaS premium includes:

  • Managed Detection & Response
  • Enforcing Sanctioned Enterprise Applications
  • Endpoint Security Policies
  • Firewall Rule Management
  • Firewall Configuration
  • Security Incident Investigations
  • Regular Cadence Reporting
  • Identification of Vulnerable
  • Software/Hardware
  • Configuration Auditing for Security Gaps
  • Data Enrichment and Context for Alert

For more information about TTPs and their importance, or to get started improving your cybersecurity posture, please contact our team today. 

Further Reading

To learn more about cybersecurity and the steps your organization should be taking to improve your cybersecurity posture, please consider reading one of our other educational articles.

General Knowledge

Hacked? Here’s What to Know (& What to Do Next)

Terms & Phrases Used in the Managed IT & Cybersecurity Industries

Leveraging Your MSSP in an “IT Light” Environment

The Ultimate Guide to Managed Threat Intelligence (2020 Edition)

Security vs Compliance: What Are Their Differences?

What is a Managed Security Services Provider (MSSP)?

Tactics, Techniques, & Procedures

In a Remote World, Social Engineering is Even More Dangerous

The Modern Hacker: Who They Are, Where They Live, & What They’re After

Hackers Are Increasingly Targeting People Through Their Phones

How Fear Motivates People to Click on Spam

Ransomware is Only Getting Worse: Is Your Organization Prepared to Confront It?

5 Old-School Hack Techniques That Still Work (& How to Protect Your Data)

Airports are a Hacker’s Best Friend (& Other Ways Users Expose Themselves to Risk)

Everything You Need to Know About Ransomware (2019 Edition)

DNS Spoofing: What It Is & How to Protect Yourself

Don’t Let Phishing Scams Catch You Unaware

Cryptojacking: Because Every Currency Needs to Be Protected

Steps Your Organization Should Be Taking

Building a Cybersecurity Incident Response Program

The SMBs Guide to Getting Started with Cybersecurity

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

Creating an Agile Workplace: How to Prepare for the Unexpected

Cybersecurity Spring Cleaning: It’s Time to Review Your Security Practices

Keeping Your Network Secure in a “Bring Your Own Device” World

19 Essential Cybersecurity Best Practices

Basic Website Precautions: Keep Intruders Out With These Fundamental Security Best Practices

Industry-Specific Information

Higher Education

Cybersecurity Basics Every College & University Needs to Have in Place

Healthcare

The Ultimate Guide to Cybersecurity in the Healthcare Industry

Healthcare Industry Case Studies

Finance

How the Financial Industry Can Strengthen Their Cybersecurity

Financial Industry Case Studies

Manufacturing

Cybersecurity for the Manufacturing Industry: What You Need to Know Now

Retail

Retail Industry Case Study

Energy

Energy Industry Case Studies

Service Providers

Service Provider Case Studies

Related Posts