The Tidal Cyber Procedures Library delivers actionable, procedure-level intelligence to help defenders move from insight to impact
Tidal Cyber, the leader in Threat-Led Defense, announced the launch of its groundbreaking Procedures, an industry-first capability that delivers structured, actionable insights into how real-world adversaries operate. The launch marks a major milestone in solving one of the most critical challenges in modern defensive security. The Tidal Cyber Threat-Led Platform introduces a powerful new way for security teams to operationalize threat intelligence with precision.
“Defenders need more than just high-level tactics and techniques. They need real, observable behaviors they can act on,” said Scott Small, CTI Director at Tidal Cyber. “That’s where Tidal Cyber’s new Procedure objects come in, delivering the granular, actionable detail defenders need to build, test, and optimize defenses with precision.”
Closing the Intelligence Gap
While many security teams rely on frameworks like MITRE ATT&CK® to inform defensive decisions, gaps between coverage assessments focus on Tactics and Techniques and the critical, often missing layer of Procedures, which helps achieve deeper, actionable insight into adversary behavior. Tidal Cyber’s new Procedures Library addresses this gap by capturing the concrete, repeatable actions adversaries use to execute attacks in real environments.
Each Procedure object is structured with rich context, including relationships to relevant ATT&CK (Sub-)Techniques, operating systems, visibility components, threat actors, and most critically, defensive capabilities. This allows teams to assess how specific behaviors are defended (or not defended) within their own environment.
“Today, we are releasing the industry’s first-ever library of structured Procedures in the Tidal Cyber Knowledge Base, as well as platform features that enable analysts and defenders to immediately operationalize this Procedure-level threat intelligence for improved Threat-Led Defense,” said Rick Gordon, CEO and Co-Founder of Tidal Cyber.
Also Read: Prophet Security Raises $30M to Launch AI SOC Platform
Powered by Proprietary AI and Expert Curation
The Procedures Library is the result of deep research, platform innovation, and advanced AI. Leveraging proprietary AI technology from Tidal Cyber’s 2025 acquisition of Zero-Shot Security, the company has analyzed more than 1,500 technical reports to extract and structure over 20,000 Procedure Sightings and 2,300 Procedure Clusters at launch. These objects represent either direct observations of threat behavior or analytically grouped patterns of attack techniques.
This approach allows users to quickly navigate an ever-growing volume of intelligence and connect it to their existing threat profiles, detection logic, and control stack.
Integrated into the Tidal Cyber Platform
More than just a library, Procedures are fully integrated into the Tidal Cyber Threat-Led Defense Platform. Users can visualize Procedures within the Coverage Map and immediately understand which of their security capabilities defend against them enabling increased visibility and detection and streamlined prioritization.
Procedures represent how adversaries actually execute behaviors in the real world, bringing the clarity and specificity needed to move from high-level intel to concrete action. By mapping these behaviors to detection logic, visibility needs, and specific tools in your stack, Tidal enables defenders to operationalize threat intelligence with precision at speed and scale.
Advancing Threat-Led Defense
With Procedures, Tidal Cyber is truly changing the playing field in delivering actionable, adversary-centric solutions that move security teams beyond static, asset-based models.
“Defenders don’t just need data they need clarity,” added Small. “Procedures represent the real behaviors that attackers use, and we’re giving security teams the tools to turn that knowledge into action. This is a huge leap forward for the defender community.”
Source: PRNewswire