HITRUST and Trend Micro have announced a unique partnership to create the HITRUST Cyber Threat Management and Response Center, which will expand and enhance the capabilities of the HITRUST Cyber Threat XChange (CTX), the most widely adopted and active cyber threat information sharing organization for the healthcare industry. The new center offers unique capabilities that are a significant advancement in aiding organizations across varying cybersecurity maturity levels to defend against the increasing volume and sophistication of cyber threats. It will also speed delivery of cyber threat research and education to improve organizational cyber threat management. You can view the official press release here.
Today, cyber threat information sharing is generally defined in terms of a broad set of activities, ranging from collecting, analyzing and distributing indicators of threats and compromise to education and awareness around cyber hygiene and response. However, little consideration is given to the ability of the recipient to consume the information and react, commensurate with the maturity of its information security resources, security technologies and processes, more specifically, how the information impacts their ability to mitigate a cyber threat.
For example, recent global ransomware events such as WannaCry and Petya left many organizations scrambling to determine their risk and to sort fact from fiction from multiple sources. Through the CTX, HITRUST tracked both outbreaks closely and initiated outreach early after detection to the industry – providing thousands of participants with timely information updated frequently as the threats emerged. In fact, the HITRUST CTX reported on WannaCry and distributed the threat indicators almost 14 days prior to the first reported organization impacted. However, despite this early outreach, many organizations were not able to effectively consume and leverage the information and mitigate risk from this cyber threat.
HITRUST believes it is important to ensure there are options available to aid organizations, regardless of resources, in mitigating cyber threats and this requires an investment in significant resources, including hundreds, if not thousands, of research staff, timely and broad access to IOCs and other cyber threat intelligence, and in-depth knowledge of how organizations respond to cyber threats. The new world class HITRUST Cyber Threat Management and Response Center represents an exponential step forward for the industry and delivers on the information sharing key imperatives outlined in the recent HHS Cybersecurity Task Force report.
HITRUST has focused the last 18 months on expanding its collection of indicators of threat and compromise through its Enhanced IOC Collection program, which continues to lead the industry in identification of unique IOCs. HITRUST has also been evaluating opportunities to better serve the industry in cyber threat management and has identified several key areas including – advanced hunting for the latest cyber threats, faster and more detailed analysis, reporting, integration, education and collaboration – all with consideration for organizational maturity. Specifically, the HITRUST Cyber Threat Management and Response Center will deliver capabilities to address cyber threat management, defense, and response based on an organization’s cyber maturity level.
After a review and analysis, taking into consideration a number of factors such as costs, skill sets, resources availability and current capabilities in market, HITRUST determined that existing resources already have these capabilities, that those capabilities should not be duplicated, and that the best approach was to partner or integrate with a qualified, established cyber research lab.
As part of the announcement, HITRUST is outlining the Cyber Threat Management and Response Center’s first phase to expand its resources through a partnership and integration with Trend Micro. This partnership will enable unique collaboration and access to the world’s best threat research lab to offer:
- Access to additional tens of millions of sensors collecting IOCs, and numerous world-wide labs dedicated to multiple types of cyber research
- Faster, more detailed and more accurate analysis and research geared to varying maturity levels
- Access to more vulnerability and threat information that is specific to the healthcare industry and linked to existing vulnerability and threat research
- Expanding vulnerability information and IOC and TTP linkage with the HITRUST Threat Catalogue
- Resources to provide more responsive community engagement and assistance, including inquiry response and IOC submission analysis
- Better tracking and monthly reporting of cyber threats targeting healthcare information and organizations
Through the HITRUST CSF, cyber threat catalogue, tens of thousands of assessments and its existing information sharing program, HITRUST understands the challenges organizations face and the role cyber maturity plays in leveraging cyber threat intelligence. This knowledge was key in Trend Micro’s decision to partner with HITRUST. The combined effort will make a positive difference in improving cyber defenses for organizations of all sizes and for the nation’s overall cybersecurity posture.
HITRUST has been committed to partnering with industry and government for many years to collectively improve the industry’s cyber defenses and resilience, this latest development is a continued validation of the private sector’s commitment, and HITRUST will continue to evaluate areas for improvement and acting where appropriate.
The HITRUST Cyber Threat Management and Response Center will be available beginning October 1, 2017. HITRUST will continue to offer basic access to the HITRUST CTX and the new HITRUST Cyber Threat Management and Response Center at no cost.