Threat Defense
All Exposures Aren’t Equal: The More Effective Path to CTEM
CTEM consistsof multiple processes to help organizations scope, discover, prioritize, validate, and mobilize to mitigate risk. It also includes capabilities like Threat-Informed Defense (TID) and Breach and Attack Simulation (BAS) that work ...
Doing the Heavy Lifting: MITRE ATT&CK v17 Updates in Tidal Cyber
ATT&CK v17 We are excited to announce that the Tidal Cyber Enterprise and Community Editions are now on the new v17 version of MITRE ATT&CK. Like we do with every ATT&CK update, ...
Knowing Your Defenses Beyond a Vulnerability Focused Approach to CTEM
The chaotic world of cybersecurity where the threats from nation-states, cyber gangs, botnet operators, and APT groups are real, has created an extensive landscape of cybersecurity tools and approaches to reduce risk ...
Tidal Cyber and Trellix Advanced Research Center: Collaborating for a Better Understanding of the Adversary Behavioral Landscape
The Tidal Cyber Threat-Informed Defense SaaS platform has both a Product Registry and a continually growing knowledge base of Cyber Threat Intelligence content built on the foundation of MITRE ATT&CK. Content is ...
Bringing Rigor to CTEM with Threat-Informed Defense
While vulnerability management is an essential part of good cyber hygiene, it isn’t the only defense necessary against threat actors. Even if organizations could keep all their systems patched, exploited vulnerabilities are ...
Optimize Your Security Budget and Improve Security with Threat-Informed Defense
I’ve been on the road lately asking security leaders how their teams reply to the question: Can we defend our most valuable information assets against techniques known to be used by this ...
Gen AI in Security – Improving SOC, CTI, and Red Team Tasks
A key piece of advice when starting a company that I found valuable is “solve a specific problem.” AI has unlocked opportunities for problem-solving across the technology landscape and is driving a ...
Understanding ATT&CK Coverage, Looking Beyond MITRE ATT&CK Evaluations
Last week, Forrester released analysis of the recent MITRE ATT&CK Evaluations, where Allie Mellon, Principal Analyst, provided important objective analysis of this round of evaluations. She discussed the value of data-driven insights ...
Stop Chasing Vulnerabilities, Start Asking “Then What?”
For years a vulnerability-centric approach to security has been the main focus, but this keeps teams guessing whether they are protected. It's no longer enough to defend us effectively. The growing volume ...
Answering the Most Basic Question
“Can we defend against this threat actor? If not, what should we do about it?” On the surface, it’s a basic question and senior leadership expects their CISO to give a quick ...
