All Exposures Aren’t Equal: The More Effective Path to CTEM
CTEM consistsof multiple processes to help organizations scope, discover, prioritize, validate, and mobilize to mitigate risk. It also includes capabilities like Threat-Informed Defense (TID) and Breach and Attack Simulation (BAS) that work together to advance your CTEM strategy.  ... Read More
Bringing Rigor to CTEM with Threat-Informed Defense
While vulnerability management is an essential part of good cyber hygiene, it isn’t the only defense necessary against threat actors. Even if organizations could keep all their systems patched, exploited vulnerabilities are only responsible for 38% of initial access, which means other infection vectors such as phishing, website compromise, or ... Read More
Understanding ATT&CK Coverage, Looking Beyond MITRE ATT&CK Evaluations
Last week, Forrester released analysis of the recent MITRE ATT&CK Evaluations, where Allie Mellon, Principal Analyst, provided important objective analysis of this round of evaluations. She discussed the value of data-driven insights into product performance against rigorous testing and applauded the addition of macOS and false positives into the evaluations ... Read More
Operationalizing MITRE ATLAS to Defend Against Attacks on AI
Fall was a busy conference season for Tidal Cyber. My colleagues and I participated in events including Black Hat, FutureCon, Health-ISAC, FS-ISAC, ATT&CKCon, and numerous regional Cybersecurity Summits. As we spoke with attendees, one of the big takeaways was that organizations are trying to understand their risk associated with using ... Read More
A Perfect Shot with Zero-Shot Security
Today, I am thrilled to announce the acquisition of Zero-Shot Security, founded by Harrison Van Riper. Zero-Shot’s Natural  Attack  Reading and Comprehension (NARC) product is an LLM-based reasoning system used to map threat behaviors to MITRE ATT&CK® techniques with high accuracy and speed. Already in use at Tidal Cyber, it reduces ... Read More
Tackling the Visibility Challenges in the SOC
In this blog series, we dive into the challenges faced by our heroes of Threat-Informed Defense, how they address them, and the benefits they are driving for their team and organization. ... Read More
Defensive Stack Optimization: A Threat-Informed Defense Use Case
In this blog series, we dive into the challenges faced by our heroes of Threat-Informed Defense, how they address them, and the benefits they are driving for their team and organization. ... Read More
The TIDE: EDRKillShifter, Ransomware Tools, ExtraHop, Wiz
We haven’t had a version of The TIDE: Threat-Informed Defense Education blog for a bit now, but that is largely because our team has been so busy putting what our customers need into the product more than writing about it. I’m happy to bring it back with what’s happened in ... Read More
How CTI Analysts Use Threat-Informed Defense to Overcome Top Challenges
Recently, I introduced you to our heroes of Threat-Informed Defense. They comprise our diverse community of Tidal Cyber customers who are using our platform in ways you may not have thought about to save time and money, improve their existing defenses, and vastly increase the efficiency of their security teams.  ... Read More
Heroes of Threat-Informed Defense: Tidal Cyber’s Diverse Users
Are you curious about the make-up of the Tidal Cyber user community?  It may surprise you to know that our users hail from very diverse roles within the security and risk management departments of an enterprise. On the other hand, it makes complete sense. After all, MITRE ATT&CK® itself, for ... Read More
