Tidal Cyber has launched Community Edition, a threat-informed defense SaaS platform.
The Tidal platform enables organizations to assess, organize and optimize their cyber defenses based on a deep understanding of the threats and adversaries most relevant to them.
Tidal’s Community Edition enables security analysts to apply insights about adversary behavior as defined by the MITER ATT&CK Knowledge Base and other open source threat intelligence sources to their environment.
Beyond that, the platform also enables analysts to make this threat intelligence actionable by showing how specific security products process adversary behaviors to better defend against these threats.
“Threat-informed cyber defense is based on understanding how adversaries are likely to attack your organization and using that knowledge to ensure you have the optimal security solutions in place,” said Richard Struse, CTO and co-founder of Tidal Cyber.
“Our goal is to enable security teams to maintain a ‘single source of truth’ for all relevant threat and countermeasure data. With the availability of Community Edition, organizations can now not only explore the vast knowledge base of adversarial behaviors more efficiently, but also quickly search for available solutions to defend against these threats,” continued Struse.
The Community Edition includes:
- Researching adversary behavior which allows security analysts to investigate relevant ATT&CK objects (e.g. tactics, techniques, sub-techniques, groups, software, data sources, references), as well as information on the how to defend against these behaviors.
- Tidal Product Registry, an organized repository of vendor-provided security product features associated with specific adversary behaviors. The registry describes how each product protects, detects, responds to, or tests ATT&CK techniques, as well as the data each product generates to map to ATT&CK data components. This allows defenders to see how their current security stack is holding up against adversary behaviors they care about and evaluate options to close the gaps.
- Knowledge base labels that allow users to explore the relationships between threat objects that are relevant to their organization.
- Custom technical sets that allow defenders to group specific techniques and sub-techniques with custom labels, making it easier to track and communicate plans for emulation and researching new threats.
Solution providers whose product features are available in the Community Edition of Tidal at launch include Atomic Red Team, AttackIQ, BreachBits, BluVector, Picus, Remediant, SCYTHE, Sysmon Modular, and Trinity Cyber.
A number of other solution providers, including Check Point, Cybereason and SentinelOne, have also committed to joining the Product Registry, and their data will soon be incorporated into the Community Edition. Tidal will also release platform updates in which additional solution providers and new product features will be added.
“With the Tidal platform, my team will be much better equipped to understand the threats we face and answer questions like, ‘which threats are most relevant to our business?’, ‘where are our gaps and where are our redundancies?” and “Will a particular security solution improve our protection against these relevant threats?” said Patricia Titus, CISO at Markel Corporation.
“Vulnerability management is important in cybersecurity. However, a defensive strategy focused primarily on vulnerability management does not do enough to prioritize threats against the severity of risk posed to a specific organization, its unique threat surface, and its unique security stack,” said Patrick Donegan. , principal analyst at HardenStance. .
“By enabling informed threat defense, Tidal Cyber makes it easier for users to assess their specific cyber risk against the latest threat intelligence reported by the ATT&CK framework, identify capabilities and gaps their own security controls to defend against the riskiest threats, then configure those controls optimally for the most effective defense,” Donegan continued.
The Community Edition is the first of multiple offerings on the Tidal platform. Subsequent editions of the platform will be announced later this year and will include expanded functionality such as the ability to overlay threat models onto your environment’s security solutions to identify coverage areas, gaps and redundancy.