The HITRUST IOC Sharing Program was established by HITRUST in coordination with industry leaders to help healthcare orga
HITRUST IOC Sharing Program About The HITRUST IOC Sharing Program The HITRUST IOC Sharing Program was established by HITRUST in coordination with industry leaders to help healthcare organizations address information protection challenges and advanced cyber attacks. The program leverages Advanced Breach Detection solutions that can be implemented, managed and operated cost effectively by organizations while giving them the ability to anonymously contribute and consume cyber threat information or indicators of compromise (IOCs) with the HITRUST Cyber Threat XChange (CTX) for rapid industry cyber protection and situational awareness.
Program Requirements To participate in the program, organizations will need to join the HITRUST CTX program, acquire an approved Breach Detection System, and work with a vendor to properly implement and connect to HITRUST CTX. Trend Micro’s Deep Discovery was selected for the initial phase of the program based on its industry-leading detection performance and its integration with HITRUST CTX.
Secure Anonymous IOC Sharing The system is designed to allow organizations to securely communicate IOC information with HITRUST CTX. The information shared is stripped of information that would identify the originating organization when shared with others in the program, leaving the valuable security information that all members can use to improve their own situational awareness and level of protection.
Program Benefits Program participants gain all the benefits of HITRUST CTX, which optimizes the way organizations defend against cyber attacks. By complementing traditional signature- and anomaly-based technologies, CTX delivers a data-driven security approach that enables your existing security investments to function more effectively. HITRUST CTX is available in multiple subscription levels—the basic subscription is available free of charge to qualified organizations*. In addition, a limited number of participating members that signed up during the initial phase of the program will receive one single Trend Micro Appliance including hardware and software as well as services associated with Enhanced IOC Sharing free of charge for a period of six months. All participants benefit from a HITRUST negotiated program discount on additional appliances, support and maintenance as required. Trend Micro Professional Certification onsite training is included for all participating organizations.
Page 1 of 2
IOC Sharing Program Highlights—Initial Pilot Group Data from the IOC Collection Pilot demonstrated the ability to address many of the gaps identified in the Health Industry Cyber Threat Information Sharing and Analysis Report (October 2015), specifically: • Percentage of IOCs Seen First: In the past 30 days, 88% of the IOCs collected were unique and not seen or known by any other open source, commercial, DHS CISCP, or user contributed feeds available to the HITRUST CTX. • Percentage of Organizations Contributing IOCs: 100% of organizations reported IOCs to the HITRUST CTX compared to only a small percentage of organizations – 5% – that previously contributed IOCs. • Average Time IOCs Seen First: IOCs were reported to the HITRUST CTX on average 1.2 days before being seen or identified by any other open source, commercial, DHS CISCP, or user contributed feeds to the HITRUST CTX. • Average Time From Detection to Submission: IOCs were submitted in a matter of minutes to the HITRUST CTX compared to an average of seven (7) weeks after detection by those submitted previously. In addition, many organizations were not effectively identifying IOCs at all. • Percentage of Actionable IOCs: 95% of the IOCs contributed to the HITRUST CTX had metadata (i.e. malicious IPs, URLs or domains) that made them actionable for use by others, defined as being useful in allowing preventative or defensive action to be taken without a significant risk of a false positive. Previously, only 50% of the IOCs contributed to the HITRUST CTX were considered actionable.
Why Choose Trend Micro for Security? • 28+ years of security expertise • Trend Micro solutions protect over 500,000 businesses worldwide • Trend Micro’s Smart Protection Network processes over 16 billion threat queries and blocks over 250 million threats per day
Key Benefits: • Better detection • Multiple detection techniques • Monitors network traffic on any port and over 100 protocols • Custom sandbox analysis • Comprehensive threat intelligence
Program Comparison Highlights—With Phase II Group
Detects and Protects Against:
At the end of the Phase II Enhanced Pilot Program, HITRUST compared results of IOC reporting from the two groups—the 800-member CTX group, and the eight-member Enhanced IOC Sharing group using automated advanced threat detection for the most recent three months. The following are summary highlights:
• Targeted attacks and advanced threats
• Despite its relatively small size, the Enhanced Pilot group reported more IOCs than the CTX group, at a much higher rate. • At an organizational level, the Enhanced Pilot group reported, on average, more than 2500 IOCs per organization compared with only 18 for the 800 member CTX group. • In addition, the Enhanced Pilot found and reported IOCs that posed a potential threat up to seven weeks faster.
• Known and Unknown Ransomware attacks • Zero-day malware and document exploits • Attacker behavior and other network activity • Web threats, including exploits and drive-by downloads • Phishing, spear phishing, and other email threats • Data exfiltration
• When compared to commercial threat feeds, the Enhanced Pilot group provided advanced notification up to 100+ days before they were captured elsewhere.
• Bots, Trojans, worms, keyloggers
• The Phase II group reported many more healthcare-specific IOCs.
Tangible ROI
• The Phase II group also reported site-specific IOCs, indicative of potential targeted attacks and ransomware.
• Research shows 145% ROI in 10 months1
• Disruptive applications
• Enhances existing investments • Easy and flexible deployment options
About the HITRUST Cyber Threat XChange
• Automation of manual tasks 1
ESG, Economic Value Validation: October 2015
The HITRUST Cyber Threat XChange (CTX), powered by Trend Micro and Anomali, was created to significantly accelerate the detection and response to cyber threats targeted at the healthcare industry. HITRUST CTX automates the process of collecting and analyzing cyber threats and distributing actionable indicators in electronically consumable formats that organizations of varying sizes and cyber security maturity can utilize to improve their cyber defenses. Page 2 of 2
