The Tidal Cyber Threat-Informed Defense SaaS platform has both a Product Registry and a continually growing knowledge base of Cyber Threat Intelligence content built on the foundation of MITRE ATT&CK. Content is provided in a freely available Community Edition, and an Enterprise platform with additional Defensive Stacking, Threat Profiling, and Coverage Mapping capabilities.
Trellix is a global cybersecurity company whose expertise, AI-powered solutions, and one of the largest threat intelligence databases in the world help customers secure their organizations from advanced threats and strengthen operational resilience. Tidal Cyber partners with vendors from across the defensive and CTI sides of the cybersecurity industry to support Enterprise users and the community. We recently launched an exciting collaboration with the Trellix Advanced Research Center to bring select Trellix content to Tidal Cyber’s Enterprise and Community platforms.
The mission of Tidal Cyber’s Adversary Intelligence team is to continually survey the threat landscape and add objects (threats with metadata and relationships to ATT&CK Techniques and other threats) to its knowledge base based on publicly available information. We are especially focused on adding content around the latest, relevant threats emerging or trending in the landscape – this often means adding or extending objects not yet tracked in the MITRE ATT&CK knowledge base, such as the newest ransomware and other criminal threats and newly identified espionage or destructive actors.
Our recent collaboration with Trellix Advanced Research Center gives Tidal Cyber users an even wider and deeper understanding of the adversary behavioral landscape by adding a considerable number of new objects for notable threats not yet tracked in the Tidal Cyber knowledge base. In total, we are releasing 99 new threat objects to Enterprise and Community users, which account for 500+ Relationships to ATT&CK Techniques and other objects.
These objects fill important current knowledge gaps relevant to CTI analysts and other Threat-Informed Defense practitioners. For example, the addition of multiple China-linked espionage actors provides new visibility into some of the most prolific advanced persistent threat clusters in the landscape today. The release of Technique and Software relationships for the DragonForce and RansomHouse extortion operations provides important tactical insights on groups that claimed more than 100 victims in a wide range of sectors last year. New objects for groups like GhostSec and NoName057(16) also expand visibility within Tidal Cyber into hacktivist operations, an important, emerging set of threats in today’s landscape.
"Trellix is committed to the collective mission of shared intelligence to help organizations stay ahead of advanced threats. Our partnership with Tidal Cyber equips businesses with a deep understanding of the adversarial landscape, providing the latest insights and actionable real-time intelligence needed to prevent and manage attacks effectively” said John Fokker, Head of Threat Intelligence at Trellix.
Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber stated, “The Trellix Advanced Research Center is well known for tracking the latest, important threats and communicating their findings to the wider community. We are grateful and excited for the opportunity to collaborate with Trellix to further facilitate the sharing of timely adversary behavioral intelligence by incorporating the team’s research and insights into the Tidal Cyber platform.”