Collaboration Accelerates Framework Updates to Address Emerging Cyber Threats

FRISCO, Texas, May 1, 2024 /PRNewswire/ -- HITRUST, a leader in information security, risk, and compliance assurance, today announced a comprehensive update to its Cyber Threat Adaptive engine to enable increased accuracy and timeliness of HITRUST CSF updates to address emerging cyber threats. This update introduces advanced AI capabilities through a collaboration with Microsoft, integrating Microsoft Azure OpenAI Service and Microsoft Defender Threat Intelligence. This strategic update further advances HITRUST's ability to provide adaptive assurance solutions that are among the most relevant and reliable available, empowering organizations to effectively manage internal and third-party cyber risks.

Today's constantly evolving cyber threat landscape demands information security, risk, and privacy frameworks and their assurances methodologies be adaptive and relevant to the current and emerging cyber threats and information risks. Threat actors continually modify their attack methods to defeat the latest defense strategies and to take advantage of dated or ineffective standards or best practices, which have extended development and release cycles in most cases in excess of a year. To address this issue, HITRUST pioneered Cyber Threat Adaptive, a patent-pending engine to analyze cyber threat intelligence, breach, and loss data against the control specifications in the HITRUST CSF to ensure that the cybersecurity control specifications in the framework are appropriate to address current and emerging cyber threats. This approach enables HITRUST to add, remove, or modify controls specifications to maintain maximum relevance and effectiveness in managing cyber risk.

Key upgrades to the Cyber Threat Adaptive engine include:

1. Beginning the shift of its generative AI technology to Microsoft Azure OpenAI Service, enhancing, and accelerating analytical capabilities to align control requirements with the latest threat intelligence.
   
   
2. The addition of Microsoft Defender Threat Intelligence for an expanded set of tested indicators of attack and compromise.
3. Cross-referencing MITRE ATT&CK's tactics, techniques, and procedures (TTPs) to requirements in the HITRUST CSF.
   
   
4. Transition to high frequency analysis (up from the previous quarterly review cycle) to inform HITRUST assessments and threat bulletins.

Recently, the company revealed in its inaugural Trust Report that less than 1% of HITRUST certified environments experienced a breach over the past 2 years. The company attributes much of its breakthrough performance to the relevance of its control set and Cyber Threat Adaptive engine. The company further notes that the HITRUST CSF versions 11.2 and 11.3 cover 100% of the addressable TTPs (Tactics, Techniques, and Procedures), in the MITRE ATT&CK framework.

"We are particularly impressed with how HITRUST regularly updates its prescriptive controls in response to the shifting threat landscape. This is something the cyber insurance community collectively ventures to accomplish through application revamps, but these can feel static against the pace at which threats change. Cyber Threat Adaptive not only enhances our depth of knowledge around actual threats in the wild but can also aid in tailoring commercial insurance products to withstand these risks," said Sidney Passe, Partner at McGill and Partners, a specialty cyber insurance broker.

The enhancements to the Cyber Threat Adaptive program not only aim to provide immediate insights into vulnerabilities and mitigative guidance, but also lay the groundwork for future tools that will enable organizations and their vendors to conduct in-depth control assessments relative to specific threats.

Robert Booker, Chief Strategy Officer at HITRUST, emphasized the importance of this update, stating, "Adapting to the rapid pace of cyber threats is critical for maintaining effective standards and frameworks and it is imperative to maintaining trust. Our collaboration with Microsoft and the integration of their threat intelligence and generative AI technologies marks a significant advancement in our ongoing commitment to this goal."

"Microsoft is committed to empowering organizations to combat cyber threats through innovative solutions. Collaborating with HITRUST in enhancing its Cyber Threat Adaptive engine reflects our shared goal of advancing cybersecurity intelligence and technology," said David Houlding, Director, Global Healthcare Security and Compliance Strategy at Microsoft.

About HITRUST

HITRUST, the leader in information security, risk, and compliance, offers a certification assurance program for the application and validation of security, privacy, and AI controls, informed by over 50 standards and frameworks. The company's threat-adaptive approach delivers the most relevant and reliable solution, including multiple selectable and traversable control sets, over 100 independent assessment firms, centralized quality reviews and certification, and a powerful SaaS platform enabling the entire process and ecosystem. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risks management and compliance.

For more details about HITRUST and its innovative approach to cybersecurity assurance, visit .

For media inquiries, please contact:

Leslie Kesselring

Kesselring Communications for HITRUST

[email protected]

503-358-1012

SOURCE HITRUST Services Corp.