We’re celebrating a big day at Tidal Cyber: the Enterprise Edition of the Tidal Platform is now generally available. The Enterprise Edition brings the full threat-informed defense experience to security teams at large organizations and provides a major expansion of capabilities from the Community Edition. You can read more in the press release here.
As MITRE ATT&CK® continues to gain global adoption as a common language for communicating adversary behaviors in a structured and normalized framework, security practitioners are increasingly relying on the knowledge base to evaluate the efficacy of their defensive capabilities. Logically, if ATT&CK can help a CISO understand what TTPs advanced adversaries are leveraging, she will immediately want to know if her organization can defend effectively against those TTPs.
At the same time, the security vendor community is leveraging ATT&CK to communicate their products’ abilities to defend against specific TTPs. By overlaying defenses against the ATT&CK Matrix of adversary TTPs, the ATT&CK Coverage Map has emerged as a useful tool to help security practitioners understand 1) which TTPs a particular threat (actor, campaign, etc.) uses, and 2) which TTP(s) a particular vendor capability defends against.
Tidal Cyber has created an approach to Coverage Mapping, available in the Enterprise Edition, that measures risk reduction with tactic, technique, and capability granularity. To evaluate risk reduction, Tidal uses Confidence Scoring, an analytically rigorous and scalable approach that comparatively ranks your risks (threat behaviors) against your risk management (defensive capabilities). While you retain control over all key assumptions, we make it easy to get started by providing you with a regularly reviewed set of weightings. Confidence Scoring gives Coverage Mappings depth and value that evolves contemporaneously as adversaries and defensive capabilities evolve.
With the Tidal Enterprise Edition, security decision-makers now have the ability to:
- Make rational decisions around which defensive capabilities are most important to add immediately. Because Confidence Scoring integrates knowledge of the relative importance of a given technique and the relative efficacy of a defensive capability, security teams are able to prioritize day-to-day decision-making toward the reduction of the greatest risks first.
- Optimize defensive coverage to ensure defense in depth where it’s needed most. Sure, adding additional capabilities typically improves security. However, many security tools offer very similar capabilities and increasing redundancy is likely to also result in diminishing defensive impact of each additional capability.
- Understand the risk-reducing impact of controls required by compliance standards and rationally increase and decrease investments in those controls based on quantifiable risk reduction. For practitioners who have been in security for some time, it’s common to develop a love-hate relationship with compliance standards. The impact of regulatory requirements to implement controls related to security hygiene and defensive capabilities has been positive. As an industry, we have collectively accepted compliance standards within the spirit of “anything is better than nothing”.
Unfortunately, accepted compliance standards have done little to provide an understanding of the relative impact of those controls in reducing the risks introduced to an enterprise by aggressive cyber adversaries. The Tidal Enterprise Edition provides much deeper insight into the risk reduction offered by control standards and arms security leaders with a rational decision-making tool to sort through which controls can offer the greatest level of risk-reduction and which controls may be redundant or obviated by existing layers of effective defensive capabilities.
Here at Tidal Cyber, we’re excited to make the Enterprise Edition generally available to everyone. We can’t wait to show it to you. You can book a demo here, or book a meeting with us at RSA in San Francisco for a private demo.