Tidal Cyber advanced its threat-led defense strategy this week, unveiling a redesigned cyber threat intelligence architecture aligned with MITRE ATT&CK v19. The company is now explicitly separating ATT&CK framework data from its proprietary, procedure-level threat intelligence to make defenses more operational and outcome-focused.
Meet Samuel – Your Personal Investing Prophet
- Start a conversation with TipRanks’ trusted, data-backed investment intelligence
- Ask Samuel about stocks, your portfolio, or the market and get instant, personalized insights in seconds
Under the new model, ATT&CK remains the structural reference for attacker techniques, while Tidal Cyber’s CTI provides granular procedure data tied to customers’ specific controls and assets. This separation is intended to eliminate ambiguity from blended intelligence feeds, highlight where real-world attacks bypass defenses, and guide clearer remediation priorities.
The rollout coincides with ATT&CK v19’s restructuring, including the retirement of the Defense Evasion tactic in favor of Stealth and Impair Defenses, a shift that will force many organizations to retune detections and workflows. By centering procedures as the core unit of analysis, Tidal Cyber aims to help security teams remap rules more efficiently and reduce operational complexity amid these changes.
Across multiple communications, the company stressed that many security programs still focus on technique categorization rather than understanding how attacks unfold in practice. Tidal Cyber argues that procedure-level insight better supports measuring whether defenses actually disrupt adversary behavior, positioning its platform as a tool for defense validation and risk-based decision-making.
The firm also promoted a webcast, “The Next Evolution of Security: Threat-Led Defense Built on Procedures,” featuring executives Frank Duff and Cat S. The session underscores the company’s move up the value chain from reference mapping toward higher-fidelity, behavior-based detection analytics that could appeal to mature enterprises and security operations centers.
For investors, these steps indicate a deliberate push to differentiate in a crowded threat intelligence and security analytics market by emphasizing measurable security outcomes. If customers adopt the new architecture and procedure-led methodology to improve detection and response performance, the strategy could support stronger platform stickiness, upsell potential, and longer-term growth prospects for Tidal Cyber.