TTPs (Tactics Techniques and Procedures)

The behavior patterns and methods used by threat actors to plan and execute cyberattacks, used to build threat-informed defenses.

Tactics, Techniques, and Procedures (TTPs) describe the behavior of a threat actor — the what, how, and why of an attack. Tactics represent the adversary's high-level goals (e.g., initial access, lateral movement, exfiltration). Techniques describe the specific methods used to achieve those goals. Procedures are the specific implementations of techniques used by a particular threat actor. Understanding adversary TTPs, as catalogued in MITRE ATT&CK, allows defenders to build more effective and targeted security controls. Threat-informed defense — the practice of aligning security controls to known adversary TTPs — is a core methodology used by CyberUp24 across its Consulting and SOC Optimization engagements.

Related terms

SOAR (Security Orchestration, Automation and Response)

Technology that automates security workflows, orchestrates tools, and accelerates incident response — transforming manual SOC tasks into intelligent, repeatable processes.
Read full description
S
s

SIEM (Security Information and Event Management)

A platform that aggregates and analyzes security data from across an organization's environment to detect threats and generate alerts in real time.
Read full description
S
s

Vulnerability Scanning

Automated identification and analysis of security weaknesses in systems, networks, and applications to prioritize remediation efforts.
Read full description
V
v

Zero Trust

A security model based on the principle of never trust always verify — requiring continuous authentication and authorization for every user device and connection regardless of location.
Read full description
Z
z

Threat Hunting

A proactive security practice where analysts actively search for hidden threats and adversaries within an organization's environment before alerts are triggered.
Read full description
T
t

SOAR (Security Orchestration Automation and Response)

Technology that automates security workflows, orchestrates tools, and accelerates incident response — transforming manual SOC tasks into intelligent, repeatable processes.
Read full description
S
s
matrix-green-pattern-img
Mission-ready cybersecurity built by former Cyber Protection Team operators. Serving government and enterprise clients since 2021.
Systems operational
social media blue icon
core@cyberup24.com
social media blue icon
240-490-0873
social media blue icon
880 Harrison Street,
Leesburg, VA 20175

Platform

VAR Services
LARK Kit
New

SERVICES

ConsultingArchitectureEngineeringSOC OptimizationAll Services

COMPANY

About UsSolutionsGlossaryContact Us
@2026 CyberUp24 LLC  ·  All Rights Reserved
Cookie PolicyPrivacy Policy