HITRUST, a leader in information security, risk, and compliance assurance, has officially announced a renewed version of its Cyber Threat Adaptive engine to increase accuracy and timeliness of HITRUST CSF updates and more effectively address emerging cyber threats. According to certain reports, the stated development leverages HITRUST’s partnership with Microsoft to conceive a set of advanced AI capabilities. This involves integrating Microsoft Azure OpenAI Service and Microsoft Defender Threat Intelligence. Before we dig any deeper, though, we must do a little recap to understand what the stated product does in its current shape and form. Basically, HITRUST’s Cyber Threat Adaptive is a patent-pending engine which is designed to analyze cyber threat intelligence, breach, and loss data against the control specifications in the HITRUST CSF®, thus ensuring that the cybersecurity control specifications in the framework are appropriate to address current and emerging cyber threats. Having referred to what the product does in general, we can now turn our focus towards how new updates in question will make the given proposition better. The answer to that begins from the presence of Microsoft Azure OpenAI Service. You see, by getting its generative AI technology to embrace the Azure OpenAI’s principles, HITRUST will help its engine achieve accelerated analytical capabilities. This acceleration, once achieved, should tread a long distance to align control requirements with the latest threat intelligence.
Next up, we have the prospect of availing Microsoft Defender Threat Intelligence, something which expands HITRUST engine’s tested indicators of attack and compromise, empowering it to hold its own against broader and significantly smarter attack types.
“We are particularly impressed with how HITRUST regularly updates its prescriptive controls in response to the shifting threat landscape. This is something the cyber insurance community collectively ventures to accomplish through application revamps, but these can feel static against the pace at which threats change. Cyber Threat Adaptive not only enhances our depth of knowledge around actual threats in the wild but can also aid in tailoring commercial insurance products to withstand these risks,” said Sidney Passe, Partner at McGill and Partners, a specialty cyber insurance broker.
Moving on, the update also brings cross-referencing MITRE ATT&CK’s tactics, techniques, and procedures (TTPs) to meet requirements in the HITRUST CSF. Another detail regarding the given update that we cannot go without mentioning is rooted in the transition to a high frequency analysis (up from the previous quarterly review cycle). The idea behind this is to more proactively inform HITRUST assessments and threat bulletins for the purpose of keeping users on top of any threats on the horizon.
The entire effort delivers a rather interesting to HITRUST’s inaugural Trust Report, which revealed that less than 1% of HITRUST certified environments experienced a breach over the past 2 years. On top of that, the report also revealed how HITRUST CSF versions 11.2 and 11.3 cover 100% of the addressable TTPs (Tactics, Techniques, and Procedures), in the MITRE ATT&CK framework.
“Adapting to the rapid pace of cyber threats is critical for maintaining effective standards and frameworks and it is imperative to maintaining trust. Our collaboration with Microsoft and the integration of their threat intelligence and generative AI technologies marks a significant advancement in our ongoing commitment to this goal,” said Robert Booker, Chief Strategy Officer at HITRUST.