New updates have been reported about Tidal Cyber.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
Tidal Cyber is repositioning its Threat-Led Defense platform around adversary procedures, arguing that step-by-step attack execution—not high-level techniques—must become the core unit of measurement for cyber risk and defense design. The company contends that current industry reliance on technique and coverage mapping has improved visibility but failed to materially curb successful intrusions because it abstracts away how attacks are actually carried out.
Under the new model, Tidal Cyber treats procedures as structured, measurable objects that capture the concrete sequence of attacker actions from initial access through lateral movement to impact. Its platform now features a Procedures Library exceeding 20,000 entries, enabling security teams to identify where defenses fail at the execution level and to prioritize remediation based on disrupting real attack paths rather than static exposure scores.
CEO and co-founder Rick Gordon said technique-level mapping effectively became a proxy for security assurance, but that abstraction “does not stop execution,” emphasizing that organizations must model and interrupt the actual steps adversaries take. Co-founder Frank Duff added that procedures define how attackers move through environments, and that aligning defenses to those sequences gives “execution clarity,” which the company positions as the differentiator for changing incident outcomes.
Tidal Cyber is also reframing how vulnerabilities factor into risk decisions inside its platform, asserting that not every flaw is material and that only vulnerabilities which amplify specific procedures and increase the probability of successful execution should drive prioritization. This approach aims to shift spending and operational focus away from generic patch volume metrics toward issues that directly enable or strengthen adversary playbooks.
As part of the strategy shift, Tidal Cyber has expanded its NARC AI engine to convert unstructured threat intelligence—such as reports and indicator feeds—into structured adversary procedures mapped to defensive actions and prioritization guidance. Rather than stopping at indicators or campaign labels, the platform translates intelligence into procedure-led recommendations that are intended to be directly actionable for security architects and operations teams.
The company stresses that frameworks like MITRE ATT&CK remain critical for categorizing and communicating threats, but argues they lack the procedural execution specificity needed to build truly resilient defenses. Tidal Cyber’s model builds on those frameworks while adding what it describes as an execution layer that allows defender strategies, investments, and metrics to be oriented explicitly around disrupting attacker operations, with the enhanced capabilities now generally available within its Threat-Led Defense platform.