Tidal Cyber just got $10 million from Bright Pixel Capital. I ran a SOC for two years and this is the first threat intel company I've seen that might actually be useful.
Most threat intel platforms dump 50,000 random IP addresses on you every morning and call it "actionable intelligence." Your feed tells you "APT29 is active in the financial sector" which is about as helpful as "bad guys exist somewhere." What I needed when I was drowning in alerts was "APT29 uses these specific WMI commands for persistence, here's how to detect it in your environment."
I spent six months trying to operationalize threat intel at my last job. It was fucking impossible. Current threat intelligence is like getting crime scene photos after the robbery instead of learning how burglars actually pick locks.
MITRE ATT&CK Looks Great on PowerPoints
The MITRE ATT&CK framework maps every known attack technique - 14 tactics, 193 techniques, hundreds of sub-techniques. We had it printed on the SOC wall and nobody knew what to do with it.
Tidal's approach maps specific threat groups to specific ATT&CK techniques and tells you which controls actually work against each one. Instead of generic "lateral movement" warnings, you get "Lazarus Group uses PsExec with -s flag to run as SYSTEM, block these specific command patterns."
Most security teams have MITRE ATT&CK as desktop wallpaper and zero idea how to turn it into detections that don't suck. Tidal might actually bridge that gap.
Alert Fatigue is Destroying SOCs
We generated 11,000 alerts per day at my enterprise SOC. Analysts could investigate maybe 1,000 if we were lucky. The rest got marked "false positive" because we literally didn't have time. Real attacks got lost in the noise constantly.
The Equifax breach ran for months while their security tools fired alerts that nobody investigated properly. Later we found out it was APT41 using web shells for persistence and escalating through unpatched Struts CVEs. If their SOC had known APT41's specific playbook, they might have connected the dots instead of drowning in generic vulnerability alerts.
That's Tidal's bet - if you understand how specific threat actors operate, their attacks become easier to spot among the bullshit alerts.
$10M is Nothing in Security
This funding round is tiny. CrowdStrike raised $200M, SentinelOne burned through $267M, most security startups need $50M+ just to survive their first few years. Tidal is betting they can compete with Recorded Future and ThreatQuotient on a fraction of their budget.
The advantage is that SOC managers are desperate for threat intel that doesn't suck. Current platforms are expensive databases of IOCs that expire in hours. We need context and prioritization, not more data to ignore.
Whether Tidal can compete with CrowdStrike's Falcon X or Mandiant's threat intel is anyone's guess. But they're solving a real problem - current threat intel helps you figure out who owned you after the fact, not how to stop them while they're doing it.