SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Interlocking shields over cloud server network cyber compliance
#
Data Protection
#
SOC
#
Breach Prevention

Rapid7 & HITRUST team up on continuous compliance

Wed, 10th Dec 2025
Author image
By Kaleah Salmon, News Editor

Cybersecurity firm Rapid7 has formed a strategic partnership with assurance specialist HITRUST that links attack surface monitoring with a widely used compliance framework for regulated industries.

The agreement connects Rapid7's Surface Command platform with the HITRUST assurance framework. The partners aim to automate the validation of security controls against HITRUST standards and reduce reliance on manual audit processes.

Rapid7 said customers will be able to automatically collect, map, and validate security controls against HITRUST requirements. The companies said this will reduce the scope of formal audits and cut the time and staff effort that organisations spend on compliance work.

Both companies are targeting sectors that face strict regulatory and data protection rules. These include healthcare, financial services and other industries that handle sensitive personal or operational data.

Traditional security assurance processes often rely on point-in-time reviews and manual evidence gathering. These audits can leave gaps when threat conditions or system configurations change between assessments.

Rapid7's Surface Command product provides a view of an organisation's external attack surface. The tool tracks exposed assets, misconfigurations, and other weaknesses that attackers could exploit.

The HITRUST framework sets out control requirements and certification programmes that many organisations use for internal risk, security and compliance management. The framework is updated in response to new threats and regulatory expectations.

The integration links the data from Surface Command with HITRUST's control library and certification scheme. Customers can compare current security settings against relevant HITRUST requirements and generate evidence showing how controls perform over time.

Rapid7 said this approach supports a shift from periodic audits towards continuous, evidence-based validation of cybersecurity posture. The company said this may strengthen governance discussions with boards and external stakeholders.

"Rapid7 solutions already deliver unmatched visibility and context enabling our customers to proactively prevent and detect security incidents," said Jon Schipp, Senior Director of Product Management, Rapid7. "With this collaboration, we are now able to benchmark customers against HITRUST, ultimately reducing both the cost and burden of compliance while also enabling them to achieve continuous assurance against the comprehensive framework for greater protection from threats."

The partners said clients will gain continuous visibility into compliance across their environments. The Rapid7 platform will check systems for control drift against HITRUST framework requirements, which HITRUST updates in line with changing risks.

They also said organisations will be able to combine vulnerability and exposure management data with compliance reporting. This links threat information with mandated controls and highlights areas that may need remediation.

The companies said continuous monitoring can highlight compliance drift between formal certification cycles. They said this can support longer intervals between audits, cut the volume of ad hoc evidence collection and produce reports on changes in the environment.

They also expect effects beyond internal compliance teams. The partners said insurers could use the resulting evidence of consistent control operation when assessing cyber insurance coverage and pricing.

They said organisations that can demonstrate stable risk management may secure lower premiums and quicker policy renewals. The system logs and reports can provide insurers with a more granular view of control effectiveness across the year.

The firms also linked the new model with potential cost reductions. They said organisations may reduce expenses linked with large annual audit projects and reallocating staff from routine compliance tasks.

HITRUST recently published data about breach rates among organisations using its controls. It said this shows the impact of structured control frameworks on security outcomes.

"The 2025 HITRUST Trust Report demonstrated that organizations who implement our controls achieve a mere 0.59% averaged annual breach rate - a significant new benchmark in reliable risk mitigation for the industry," said Blake Sutherland, Executive Vice President, Market Engagement, HITRUST. "This collaboration with Rapid7 maps our controls to their proactive protections, giving joint customers the ability to maintain evidence of compliance, reduce evidence decay and ensure that the utmost security requirements are relevant, reliable and recorded for continuous assurance and even higher level of trust in security postures."

Rapid7 and HITRUST said customers will increasingly use combined technical telemetry and formal control frameworks as regulators and partners demand more frequent proof of security performance.

Related stories
Capture The Bug adds US tech leaders for North American push
Executive-level CISO titles surge amid rising scope strain
Cyb3r Operations raises $5.4m to tackle cyber risk
Asimily boosts Cisco ISE with new device microsegmentation
Deepfake boom fuels relentless wave of celebrity scams

Top stories

Rubrik launches CXO Visionaries for cyber & AI leaders
Lancom gains AoG status for New Zealand government IT
Dropzone AI hires leaders to drive EMEA & APAC push
Cloudflare: outdated apps stifle APAC AI investment gains
Rubrik unveils sovereign cloud to keep sensitive data local