Full Report
Tidal Cyber announced a major advancement to its platform with the separation of MITRE ATT&CK intelligence from Tidal... The post Tidal Cyber updates platform for MITRE ATT&CK v19 with focus on procedure-level threat intelligence appeared first on Industrial Cyber.
Analysis Summary
# Industry News: Tidal Cyber Decouples Intelligence from MITRE ATT&CK to Focus on Procedure-Level Defense
## Summary
Tidal Cyber has announced a foundational update to its platform that separates MITRE ATT&CK framework data from its proprietary Cyber Threat Intelligence (CTI). This shift, coinciding with the release of MITRE ATT&CK v19, aims to move the industry beyond abstract "technique" mapping toward "procedure-level" execution, helping organizations prioritize defenses based on how attacks actually occur.
## Key Details
- **Date:** May 14, 2026
- **Companies Involved:** Tidal Cyber, MITRE Corporation
- **Category:** Product Launch / Platform Update
## The Story
The release of MITRE ATT&CK Version 19 introduced a significant structural overhaul, most notably retiring the "Defense Evasion" tactic and splitting it into "Stealth" and "Impair Defenses." While this provides more granular detail on how attackers degrade security controls, it adds significant operational complexity for security teams.
Tidal Cyber’s updated architecture addresses this by formally distinguishing between the MITRE ATT&CK framework (the industry-standard "skeleton") and Tidal’s own procedure-level CTI (the "muscle"). By decoupling these, Tidal allows defenders to see exactly how a technique is executed ("the procedure") rather than just knowing that a technique exists. This enables a unified model where security teams can ingest vulnerability data and asset impact to prioritize responses based on actual attacker execution rather than just CVSS severity scores.
## Business Impact
### For the Companies Involved
- **Tidal Cyber:** Solidifies its position as the leading "operationalizer" of the ATT&CK framework, moving from a visualization tool to a critical decision-support platform.
- **MITRE:** Benefits from ecosystem partners successfully translating their academic-leaning framework into commercial, actionable results.
### For Competitors
- Threat Intelligence Platform (TIP) and Attack Surface Management (ASM) vendors will face pressure to provide "procedure-level" clarity rather than just simple technique mapping.
- Competitors still relying on legacy v18 mapping may appear obsolete given the significant structural changes in v19.
### For Customers
- **Reduced Noise:** Teams can focus on common attack procedures rather than the thousands of potential techniques.
- **Operational Efficiency:** Automated reconciliation of CTI against the new v19 standards reduces manual labor for SOC analysts.
### For the Market
- This signals a market maturation where "ATT&CK compliance" is no longer the end goal; the goal is now "defensible outcomes" and reducing residual risk through execution-level clarity.
## Technical Implications
The separation allows for better **source attribution**. Security teams can now clearly see which intelligence originates from MITRE (canonical) and which is proprietary or third-party (operational). The platform specifically addresses the "Impair Defenses" tactic in v19 by connecting intelligence to the specific defensive stack, identifying where security controls are likely to be degraded by an adversary before the actual attack execution.
## Strategic Analysis
- **Market Positioning:** Tidal is pivoting from being a "mapping tool" to a "threat-led defense" platform.
- **Competitive Advantage:** Their focus on the "Procedure" level—the most granular level of the ATT&CK pyramid—provides a tactical depth that broad-spectrum security platforms often lack.
- **Challenges:** The increased structural complexity of ATT&CK v19 may lead to "framework fatigue" among smaller security teams who lack the headcount to manage such detailed intelligence.
## Industry Reactions
- **Analyst Sentiment:** General consensus suggests that the industry is ready for this shift; mapping for the sake of mapping has led to "dashboard fatigue" without necessarily improving security postures.
- **Market Response:** The move is seen as a necessary evolution to handle AI-enabled cyberattacks which execute at speeds requiring automated, procedure-based responses.
## Future Outlook
- **Predictions:** Expect more vendors to adopt the "Stealth vs. Impair Defenses" division as AI-driven attacks focus more heavily on disabling EDR/XDR tools before launching payloads.
- **What to watch for:** Integration of Tidal’s procedure-level data directly into automated SOAR (Security Orchestration, Automation, and Response) playbooks.
## For Security Professionals
Practitioners should recognize that MITRE ATT&CK v19 is more than a minor update; it changes how you should categorize "Defense Evasion." Tidal’s update suggests that practitioners should stop auditing their "coverage" of techniques and start measuring their "resilience" against specific procedures. If your current tools only map at the technique level, you are likely missing the execution details necessary to block modern, sophisticated adversaries.