Published : Feb 17, 2022
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base aims to advance our collective understanding of the technical mechanisms that insider threats have used. With this knowledge, Insider Threat Programs and Security Operations Centers will detect, mitigate, and emulate insider actions on IT systems to stop insider threats. Utilizing the Knowledge Base, cyber defenders across organizations will identify insider threat activity on IT systems and limit the damage. Capturing and sharing the Design Principles and Methodology for developing the Knowledge Base is a foundational step to establishing this community resource and enabling its broad adoption and ongoing development.
SOCs and insider threat analysts need to know which technical mechanisms are used by insiders, and what controls mitigate insider threats.
Develop an open knowledge base of the tactics, techniques, and procedures used by insiders in IT environments.
Defenders detect, mitigate, and emulate insider actions on IT systems and stop them.
Contributors to the Insider Threat Knowledge Base are founders of the community’s first cross-sector, multi-organizational, community-sourced body of Insider Threat data inspired by MITRE ATT&CK®. With this knowledge base of insider threat tactics, techniques, and procedures (TTPs) as a foundation, defenders will detect, mitigate, and emulate insider actions on IT systems and stop them.
Stay informed about new releases of R&D projects and other exciting updates from the Center for Threat-Informed Defense.