Tidal Cyber has launched Community Edition, SaaS threat-informed defense platform.
The Tidal Platform enables businesses to assess, organize and optimize their cyber defenses based on a deep understanding of the threats and adversaries that are most relevant to them.
Tidal’s Community Edition enables security analysts to apply the knowledge of adversary behaviors, as defined by the MITRE ATT&CK knowledge base and additional open-source threat intelligence sources, to their environment.
Beyond this, the platform also enables analysts to make this threat information actionable by showing how specific security products address adversary behaviors to better defend against those threats.
“Threat-informed cyber defense is based on understanding how adversaries are likely to attack your organization and using that knowledge to ensure you have the optimal security solutions in place,” said Richard Struse, CTO and Co-Founder of Tidal Cyber.
“Our goal is to enable security teams to maintain a ‘single source of truth’ for all data regarding relevant threats and countermeasures. With the availability of Community Edition, organizations can now not only explore the extensive knowledge base of adversarial behaviors more efficiently, but also quickly research solutions available to defend against those threats.”, Struse continued.
Community Edition includes:
- Adversary behavior search that enables security analysts to investigate relevant ATT&CK objects (e.g., tactics, techniques, sub-techniques, groups, software, data sources, references), as well as information on how to defend against those behaviors.
- Tidal’s product registry, a curated repository of vendor-provided security product capabilities mapped to specific adversary behaviors. The registry describes how each product protects, detects, responds or tests ATT&CK techniques, as well as the data each product generates to map to ATT&CK Data Components. This allows defenders to see how their current security stack stands up to the adversary behaviors they care about and evaluate options to fill any gaps.
- Knowledge base labels which enable users to explore the relationships between the threat objects that are relevant to their organization.
- Custom technique sets that allow defenders to group specific techniques and sub-techniques with custom labels, making it easy to track and communicate emulation plans and new threat research.
Solution providers whose product capabilities are available in Tidal’s Community Edition at launch include Atomic Red Team, AttackIQ, BreachBits, BluVector, Picus, Remediant, SCYTHE, Sysmon Modular, and Trinity Cyber.
A number of other solution providers, including Check Point, Cybereason, and SentinelOne, have also committed to joining the Product Registry, and their data will be integrated into the Community Edition shortly. Tidal will also be releasing updates to the platform in which additional solution providers and new product features will be added.
“With the Tidal platform, my team will be much better equipped to understand the threats we face and answer questions such as: ‘which threats are most relevant to our business?’, ‘where are our gaps and redundancies?’ and ‘is a particular security solution going to improve our protection against those relevant threats?’,” said Patricia Titus, CISO at Markel Corporation.
“Vulnerability management is important in cyber security. However, a defensive strategy driven primarily by vulnerability management doesn’t do enough to prioritize threats relative to the severity of risk posed to a specific organization, its unique threat surface, and its unique security stack,” said Patrick Donegan, Principal Analyst at HardenStance.
“By enabling a threat-informed defense, Tidal Cyber makes it a lot easier for users to assess their specific cyber risk relative to the latest threat intel flagged up by the ATT&CK framework, identify capabilities and gaps in their own security controls for defending against the highest risk threats, and then configure those controls optimally for the most effective defense.”, Donegan continued.
The Community Edition is the first of multiple offerings of the Tidal Platform. Subsequent platform editions will be announced later this year and will feature expanded functionality such as the ability to overlay threat models against the security solutions in your environment to identify areas of coverage, gaps, and redundancy.