Latest news with #MITREATT&CK
Cision Canada
31-07-2025
- Business
- Cision Canada
Threat Analysis Confirms HITRUST e1, i1, and r2 Controls Mitigate the Most Prevalent Attack Techniques in 2025
FRISCO, Texas, July 31, 2025 /CNW/ -- HITRUST, the leader in cybersecurity assurance, today released its Cyber Threat Adaptive (CTA) Update covering the first half of 2025. The analysis validates that the HITRUST CSF® e1, i1, and r2 assessment requirements once again cover 100% of the real-world techniques adversaries used most often from January 1 – June 30, 2025, with no control gaps identified against the five dominant MITRE ATT&CK® techniques. HITRUST's Cyber Threat Adaptive (CTA) program systematically analyzes real-world threat intelligence, breach data, and adversary behavior to ensure that control requirements in the HITRUST CSF remain effective to actual cyber threats. Key findings from the H1 2025 CTA analysis 220,000+ threat indicators compiled from 4,100+ threat-intel articles were mapped to ≈41,000 MITRE ATT&CK technique/mitigation pairs—providing the most complete view yet of attacker behavior in 2025. The e1, i1, and r2 control selections covered 100 % of the top five techniques observed—Phishing (T1566), Drive-by Compromise (T1189), Exploit Public-Facing Application (T1190), Exploitation of Remote Services (T1210), and Event-Triggered Execution (T1546). 435 publicly reported breaches were analyzed; phishing remained the lead initial-access vector, typically resulting in data exfiltration or ransomware deployment. Recommended priority actions include advanced phishing awareness training, timely anti-malware updates, disciplined vulnerability remediation, and comprehensive network/endpoint monitoring. "Attackers don't wait for annual framework updates, so neither can defenders. Our semiannual analysis shows that HITRUST-certified organizations remain a step ahead because their controls evolve at the speed of the threat landscape," said Andrew Russell, Vice President of Standards, at HITRUST. "By mapping more than 220,000 fresh indicators to MITRE ATT&CK, we verified that every high-frequency technique in H1 2025 is mitigated by our e1, i1, and r2 requirements—often by multiple overlapping controls that deliver true defense-in-depth." Why it matters HITRUST's CTA program continuously stress-tests CSF controls against live threat intelligence—ensuring organizations that certify to the e1, i1, or r2 are protected by relevant, reliable, and proven safeguards rather than static "checkbox" frameworks. It also eliminates the need for relying parties to augment a HITRUST assurance report with a questionnaire to ensure it covers relevant and emerging cyber threats as is needed with other assurance reports. This approach underpins HITRUST's commitment to: Relevant Controls – continuously evaluated to ensure effective mitigations against known and emerging cyber threats Reliable Assurance – validated by consistent, rigorous assessment standards Proven Risk Mitigation – fewer than 1% of HITRUST-certified environments reported breaches in the past two years Download the full report A detailed breakdown of technique-to-control mappings, breach case studies, and actionable mitigation guidance is available in the H1 2025 Cyber Threat Adaptive Analysis. About HITRUST HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 60 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance. For media inquiries, please contact: Leslie Kesselring Kesselring Communications for HITRUST [email protected] 503-358-1012 SOURCE HITRUST Services Corp.
Malaysian Reserve
17-07-2025
- Business
- Malaysian Reserve
Tidal Cyber Launches Threat-Led Defense, Redefining Detection and Defense
ARLINGTON, Va., July 17, 2025 /PRNewswire/ — Tidal Cyber, the global leader in defensive security and a pioneer in helping organizations operationalize MITRE ATT&CK, today announced the launch of its Threat-Led Defense approach, empowering cybersecurity teams to align detection and defense strategies directly to real-world adversary behavior. Built by former MITRE ATT&CK® experts and the co-founder of MITRE's Center for Threat-Informed Defense, Tidal Cyber's threat-led platform introduces a breakthrough level of specificity by mapping techniques and sub-techniques to operationalize adversary procedures. This shift transforms how organizations understand, measure, and act on threat exposure. Unlike traditional, reactive, or vulnerability-first approaches, Tidal Cyber delivers procedural-level granularity across the MITRE ATT&CK framework, offering unmatched visibility into the 'how' of attacker behavior. Their coverage mapping calculates residual risk for each technique and provides stack-specific visibility, highlighting exposures based on how real-world adversaries operate 'Cybersecurity has long been reactive, vulnerability-led, and compliance-driven,' said Rick Gordon, CEO and Co-Founder of Tidal Cyber. 'With Threat-Led Defense, we flip that model by putting adversary behavior at the center of defense. We give security teams the intelligence, specificity, and precision to identify exactly where they're exposed and how attackers actually execute TTPs. A threat-led defense first is the future of proactive cybersecurity, and we're proud to lead the charge.' Tidal Cyber's unified platform integrates adversary intelligence, procedural mapping, control validation, and compliance alignment into a single, intuitive interface. By connecting seamlessly with the defensive stack and aligning to frameworks such as MITRE D3FEND, CIS, and NIST, Tidal helps organizations prove readiness, reduce risk, and justify investments with measurable confidence. 'Detection engineering still relies too much on guesswork and static best practices,' said Frank Duff, Chief Innovation Officer and Co-Founder of Tidal Cyber. 'We built the Tidal Cyber Platform to deliver operationalized, actionable insights tied to real adversary behavior and mapped to ATT&CK. When defenders have that level of context and precision, they can stop attackers before they succeed. That's the power of Threat-Led Defense.' With the launch of Threat-Led Defense, Tidal Cyber is redefining how modern security teams think about exposure, detection, and readiness. No longer bound by CVE counts, asset inventories, or checkbox compliance, Tidal Cyber provides a level of specificity not seen before. Organizations can now reduce risk proactively with the precision to answer the most important question in cybersecurity: 'Can I defend against the latest threat?' Learn More About Tidal Cyber Threat-Led Defense at contact@ About Tidal Cyber Tidal Cyber delivers the industry's only Threat-Led Defense Platform, purpose-built to operationalize TTPs and provide procedural-level threat insights across the MITRE ATT&CK framework. Founded by cybersecurity veterans with deep roots in ATT&CK development and cyber operations, Tidal empowers organizations to reduce risk, optimize controls, and align spend with real-world threats. Learn more at
Hans India
03-06-2025
- Hans India
FDP on cyber security for faculty, researchers, professionals
Visakhapatnam: To equip institution's faculty, researchers and industry professionals with advanced knowledge and tools to combat rising cyber threats, a faculty development programme (FDP) on cyber security was held here on Monday. Organised jointly by GITAM and CDAC, the Centre for Development of Advanced Computing (C-DAC) located in Hyderabad is a Scientific Society of the Ministry of Electronics and Information Technology. The C-DAC centre head CHAS Murthy and noted cyber security expert Sarat Chandra Babu attended as resource persons and emphasised the urgent need for educational institutions to lead the charge in cyber security preparedness and human resource development. The experts briefed about current vulnerabilities, AI-driven cyber threats and the growing importance of securing digital infrastructures. They said that under the national Information Security Education and Awareness framework, the programme aims to bridge the knowledge gap between evolving threats and institutional readiness. The institution's School of Computer Science and Engineering dean S. Arun Kumar reaffirmed the institution's commitment to enhancing digital resilience and fostering academic-industry collaboration in cyber security. The School of Technology director K. Nagendra Prasad mentioned that the FDP represents the institution's continued dedication to academic excellence and national digital empowerment, creating a skilled workforce ready to tackle tomorrow's cyber challenges. The six day FDP features a well-curated line-up of expert-led sessions, hands-on workshops, and collaborative discussions on emerging cybersecurity trends, including topics like IoT security, vulnerability exploitation, the MITRE ATT&CK framework and real-world defence strategies.
Business Wire
30-04-2025
- Business
- Business Wire
Cloud Range Secures 2025 SC Award for Best IT Security-Related Training Program
SAN FRANCISCO--(BUSINESS WIRE)-- Cloud Range, the industry-leading cyber range solution for cyber readiness and cybersecurity skills development, has been honored with the 2025 SC Award for Best IT Security-Related Training Program. This prestigious recognition underscores Cloud Range's commitment to equipping cybersecurity professionals with the practical, hands-on training necessary to effectively manage and respond to evolving cyber threats. The SC Awards, presented by SC Media, are among the cybersecurity industry's most esteemed accolades, celebrating excellence in security solutions, organizations, and individuals. Cloud Range's selection as a winner highlights its innovative approach to cybersecurity education and its impact on enhancing organizational resilience against cyberattacks. "Winning the 2025 SC Award is a testament to the dedication and expertise of our innovative team," said Debbie Gordon, CEO of Cloud Range. "We are honored to be recognized for our efforts in advancing cybersecurity training with live-fire simulations, and we are committed to continuing Cloud Range's mission to empower security teams with the skills and hands-on experience needed to defend against today's complex cyber threats." Cloud Range provides a full-service, customizable cyber range-as-a-service platform, providing immersive simulation training that accelerates real-world experience for enterprise SOC and incident response teams across various industries. The platform's integration with the MITRE ATT&CK framework and its focus on both technical and soft skills development ensure comprehensive preparedness for cybersecurity professionals. For more information about Cloud Range and its award-winning training solutions, please visit Find out more about today's win here. About Cloud Range Cloud Range is a pioneer in cybersecurity simulation and readiness training, providing the first-ever full-service, cloud-based customizable cyberattack simulation training platform in the world. Used by enterprise SOC and incident response teams, managed security service providers (MSSPs), governments, higher education institutions, utilities, critical infrastructure, and many other industries, Cloud Range enables organizations to accelerate the cyber defense skills of their cybersecurity professionals using its proprietary simulation training and assessment platform. Customers can train security teams, assess candidates, onboard new hires, and improve cybersecurity team skills, significantly reducing cyber risk. Cloud Range won the CISO Choice Award for security education and training, the Top InfoSec Innovator Award for Cutting Edge Cyber Defense Training, the Fortress Cyber Security Award for Best Cybersecurity Training, and the ASTORS Homeland Security Award for Best Cyber Defense Team Training. Learn more at
Associated Press
30-04-2025
- Business
- Associated Press
Cloud Range Secures 2025 SC Award for Best IT Security-Related Training Program
SAN FRANCISCO--(BUSINESS WIRE)--Apr 30, 2025-- Cloud Range, the industry-leading cyber range solution for cyber readiness and cybersecurity skills development, has been honored with the 2025 SC Award for Best IT Security-Related Training Program. This prestigious recognition underscores Cloud Range's commitment to equipping cybersecurity professionals with the practical, hands-on training necessary to effectively manage and respond to evolving cyber threats. The SC Awards, presented by SC Media, are among the cybersecurity industry's most esteemed accolades, celebrating excellence in security solutions, organizations, and individuals. Cloud Range's selection as a winner highlights its innovative approach to cybersecurity education and its impact on enhancing organizational resilience against cyberattacks. 'Winning the 2025 SC Award is a testament to the dedication and expertise of our innovative team,' said Debbie Gordon, CEO of Cloud Range. 'We are honored to be recognized for our efforts in advancing cybersecurity training with live-fire simulations, and we are committed to continuing Cloud Range's mission to empower security teams with the skills and hands-on experience needed to defend against today's complex cyber threats.' Cloud Range provides a full-service, customizable cyber range-as-a-service platform, providing immersive simulation training that accelerates real-world experience for enterprise SOC and incident response teams across various industries. The platform's integration with the MITRE ATT&CK framework and its focus on both technical and soft skills development ensure comprehensive preparedness for cybersecurity professionals. For more information about Cloud Range and its award-winning training solutions, please visit Find out more about today's win here. About Cloud Range Cloud Range is a pioneer in cybersecurity simulation and readiness training, providing the first-ever full-service, cloud-based customizable cyberattack simulation training platform in the world. Used by enterprise SOC and incident response teams, managed security service providers (MSSPs), governments, higher education institutions, utilities, critical infrastructure, and many other industries, Cloud Range enables organizations to accelerate the cyber defense skills of their cybersecurity professionals using its proprietary simulation training and assessment platform. Customers can train security teams, assess candidates, onboard new hires, and improve cybersecurity team skills, significantly reducing cyber risk. Cloud Range won the CISO Choice Award for security education and training, the Top InfoSec Innovator Award for Cutting Edge Cyber Defense Training, the Fortress Cyber Security Award for Best Cybersecurity Training, and the ASTORS Homeland Security Award for Best Cyber Defense Team Training. Learn more at View source version on CONTACT: Media Contact: Leslie Kesselring Kesselring Communications for Cloud Range Email:[email protected] Phone: 503-358-1012 KEYWORD: UNITED STATES NORTH AMERICA CALIFORNIA INDUSTRY KEYWORD: TECHNOLOGY MANUFACTURING TRAINING OTHER EDUCATION DEFENSE OTHER TECHNOLOGY OTHER DEFENSE SOFTWARE CONTRACTS EDUCATION NETWORKS INTERNET OTHER MANUFACTURING SECURITY SOURCE: Cloud Range Copyright Business Wire 2025. PUB: 04/30/2025 12:05 PM/DISC: 04/30/2025 12:04 PM
