Collaboration Accelerates Framework Updates to Address
Emerging Cyber Threats
FRISCO,
Texas, May 1, 2024 /PRNewswire/ -- HITRUST, a
leader in information security, risk, and compliance assurance,
today announced a comprehensive update to its Cyber Threat Adaptive
engine to enable increased accuracy and timeliness of HITRUST CSF
updates to address emerging cyber threats. This update introduces
advanced AI capabilities through a collaboration with Microsoft,
integrating Microsoft Azure OpenAI Service and Microsoft Defender
Threat Intelligence. This strategic update further advances
HITRUST's ability to provide adaptive assurance solutions that are
among the most relevant and reliable available, empowering
organizations to effectively manage internal and third-party cyber
risks.
Today's constantly evolving cyber threat landscape demands
information security, risk, and privacy frameworks and their
assurances methodologies be adaptive and relevant to the current
and emerging cyber threats and information risks. Threat actors
continually modify their attack methods to defeat the latest
defense strategies and to take advantage of dated or ineffective
standards or best practices, which have extended development and
release cycles in most cases in excess of a year. To address this
issue, HITRUST pioneered Cyber Threat Adaptive, a patent-pending
engine to analyze cyber threat intelligence, breach, and loss data
against the control specifications in the HITRUST CSF® to ensure
that the cybersecurity control specifications in the framework are
appropriate to address current and emerging cyber threats. This
approach enables HITRUST to add, remove, or modify controls
specifications to maintain maximum relevance and effectiveness in
managing cyber risk.
Key upgrades to the Cyber Threat Adaptive engine include:
- Beginning the shift of its generative AI technology to
Microsoft Azure OpenAI Service, enhancing, and accelerating
analytical capabilities to align control requirements with the
latest threat intelligence.
- The addition of Microsoft Defender Threat Intelligence for an
expanded set of tested indicators of attack and compromise.
- Cross-referencing MITRE ATT&CK's
tactics, techniques, and procedures (TTPs) to
requirements in the HITRUST CSF.
- Transition to high frequency analysis (up from the previous
quarterly review cycle) to inform HITRUST assessments and
threat bulletins.
Recently, the company revealed in its inaugural Trust
Report that less than 1% of HITRUST certified environments
experienced a breach over the past 2 years. The company
attributes much of its breakthrough performance to the relevance of
its control set and Cyber Threat Adaptive engine. The company
further notes that the HITRUST CSF versions 11.2 and 11.3 cover
100% of the addressable TTPs (Tactics, Techniques, and Procedures),
in the MITRE ATT&CK framework.
"We are particularly impressed with how HITRUST regularly
updates its prescriptive controls in response to the shifting
threat landscape. This is something the cyber insurance community
collectively ventures to accomplish through application revamps,
but these can feel static against the pace at which threats change.
Cyber Threat Adaptive not only enhances our depth of knowledge
around actual threats in the wild but can also aid in tailoring
commercial insurance products to withstand these risks," said
Sidney Passe, Partner at McGill and
Partners, a specialty cyber insurance broker.
The enhancements to the Cyber Threat Adaptive program not only
aim to provide immediate insights into vulnerabilities and
mitigative guidance, but also lay the groundwork for future tools
that will enable organizations and their vendors to conduct
in-depth control assessments relative to specific threats.
Robert Booker, Chief Strategy
Officer at HITRUST, emphasized the importance of this update,
stating, "Adapting to the rapid pace of cyber threats is critical
for maintaining effective standards and frameworks and it is
imperative to maintaining trust. Our collaboration with Microsoft
and the integration of their threat intelligence and generative AI
technologies marks a significant advancement in our ongoing
commitment to this goal."
"Microsoft is committed to empowering organizations to combat
cyber threats through innovative solutions. Collaborating with
HITRUST in enhancing its Cyber Threat Adaptive engine reflects our
shared goal of advancing cybersecurity intelligence and
technology," said David Houlding,
Director, Global Healthcare Security and Compliance Strategy at
Microsoft.
About HITRUST
HITRUST, the leader in information security, risk, and
compliance, offers a certification assurance program for the
application and validation of security, privacy, and AI controls,
informed by over 50 standards and frameworks. The company's
threat-adaptive approach delivers the most relevant and reliable
solution, including multiple selectable and traversable control
sets, over 100 independent assessment firms, centralized quality
reviews and certification, and a powerful SaaS platform enabling
the entire process and ecosystem. For over 17 years, HITRUST has
led the assurance industry and today is widely recognized as the
most trusted solution to establish, maintain, and demonstrate
security capabilities for risks management and
compliance.
For more details about HITRUST and its innovative approach to
cybersecurity assurance, visit www.hitrustalliance.net.
For media inquiries, please contact:
Leslie Kesselring
Kesselring Communications for HITRUST
leslie@kesscomm.com
503-358-1012
View original content to download
multimedia:https://www.prnewswire.com/news-releases/hitrust-enhances-cyber-threat-adaptive-engine-using-microsoft-azure-openai-service-and-microsoft-defender-threat-intelligence-302133528.html
SOURCE HITRUST Services Corp.