We haven’t had a version of The TIDE: Threat-Informed Defense Education blog for a bit now, but that is largely because our team has been so busy putting what our customers need into the product more than writing about it. I’m happy to bring it back with what’s happened in the last week, and I hope that it helps those who read it better understand Threat-Informed Defense and what Tidal Cyber Community and Enterprise editions are all about.
Here is this week’s The TIDE:
Threat Highlights
- Threat Objects and Metadata: New software EDRKillShifter, which was recently observed in attacks linked to the RansomHub extortion group. The malware is designed to disable increasingly prevalent endpoint detection and response (EDR) solutions to enable more effective ransomware attacks.
- Tags: For our CTI “Threat-Informed Defense heroes,” use our curated tags to research the 100 Ransomware Enablement Tools that Tidal currently tracks and leverage them in Tidal threat profiles. Our ransomware tool intel often derives from major government advisories but also a range of other threat reporting. Most tools are also tagged with other “Technical Capability Types” (e.g., Defense Evasion or Credential Access Tool) to help users filter or prioritize based on the types of tools that might be most relevant or impactful to their environments.
Defensive Highlights
New Vendors
- Last week we happily introduced ExtraHop to our mutual Enterprise Edition customers with two available integrations: Get Capabilities and Capability Insights. These integrations allow users to get dynamic insights into their ATT&CK coverage, provided by this popular cloud-native network detect and response (NDR) solution.
- We also recently welcomed Wiz to our registry. This partnership helps to deliver the highest level of cloud security to our mutual enterprise customers. The combined value of both solutions along with our commitment to sharing prioritized security findings will enable Enterprise Edition customers to reduce cloud risk securely.
Join our community edition for free or contact us to talk about how to get access to our Enterprise Edition capabilities that can help you achieve enterprise-level Threat-Informed Defense.