Are you curious about the make-up of the Tidal Cyber user community?
It may surprise you to know that our users hail from very diverse roles within the security and risk management departments of an enterprise. On the other hand, it makes complete sense. After all, MITRE ATT&CK® itself, for which the foundations of Threat-Informed Defense were formed, was built to enable communication across the security team (and their leadership). Whether a surprise or not, we want to share how these unsung heroes of Threat-Informed Defense, the practitioners in the security teams, are using the Tidal Cyber Enterprise Edition platform, so we may open your eyes to new ways you can apply Tidal Cyber within your business.
CTI Analysts: CTI analysts are using a Threat-Informed Defense approach for threat research, prioritization, and profiling. They’re saving time, managing threat intelligence at scale and keeping pace with how threats have changed and how to respond. With access to an always current hub of prioritized threat intel and mitigation strategies, they can deliver actionable intelligence packaged for specific security and IT teams so that they can stay focused on high-priority threats.
Security Architects: Threat-Informed Defense helps security architects with defensive stack optimization by mapping their sector-specific threat profile against the coverage provided by their existing security tools and configurations. Security architects can quickly see how to optimize coverage of current tools with configuration changes, assess the value of new tools against threats of concern, make a data-driven case for investing in new tools, and save money by eliminating redundancies and retiring tools.
SOC Managers: For SOC assessment and prioritization, SOC managers use a Threat-Informed Defense approach to gain a unified view into the threat and across multiple teams and functions. They can quantify their risk against the latest threats faster, quickly determine where they have or need security capabilities, streamline coordination of activities across teams, and focus resources on the highest priority threat.
Threat Hunters: To save time prioritizing and executing hunts, threat hunters are using a Threat-Informed Defense strategy to see threat profiles and coverage maps of tools in their existing stack. They receive recommendations for remediating immediately and strategies to close security gaps. A dashboard shows how their actions have mitigated risk against high-priority threats.
Red/Purple Teams: A Threat-Informed Defense helps red/purple teams streamline test development and presentation of results. They are using their organization’s threat profile and coverage map to drive prioritization of testing. And they are improving the test efficiency and the actionability of test results with data-driven recommendations based on test outcomes.
Detection Engineers: A Threat-Informed Defense helps detection engineers measure and prioritize coverage. They can quickly understand their existing coverage and gaps, where to focus their time and talent on writing detections, and when they can turn to vendors to minimize duplicate efforts. Documentation of detection engineering improvements makes it easy to demonstrate the results of their efforts and track the detection’s lifecycle from idea to implementation.
GRC Compliance Analysts: A Threat-Informed Defense approach to GRC control assessment helps analysts stay up to date with compliance, determine exposure to threats, and understand if they are covered for new threats. Getting answers to questions quickly and recommendations for how to mitigate risk and stay compliant, they can confidently respond to audits in an accurate and timely manner.
Limitless Value
Despite the applicability across so many roles in the security organization, it is important to remember that each of these personas will find independent value in Tidal Cyber. As your Threat-Informed Defense maturity grows, Tidal can help become central to supporting cross-team communication. For example, a threat-informed CTI program will prioritize your threats and therefore behaviors to care about, but with knowledge of what the detection engineering has done will make that prioritization all the better.
For more information on best practices and how to get started on your journey for these and other key use cases, contact us to learn more about Tidal Cyber and how we can help you and others in your enterprise become Threat-Informed Defense heroes.