MedISAO’s Large Language Model-based approach will allow organizations to maintain the ability to manage and respond to vulnerabilities as the National Vulnerability Database works on a solution
MedISAO, an organization composed of members of the medical device manufacturer community dedicated to improving medical device security through education, awareness, and advocacy, today announced a Large Language Model (LLM)-approach to analyze medical device vulnerabilities. Microsoft OpenAI Azure Service is being used as mitigation for the recent disruptions in the National Institute of Standards’ (NIST) National Vulnerability Database (NVD) updates, which have raised significant concerns in the cybersecurity community.
A recent report from VulnCheck found that NIST has analyzed less than 1 out of 10 vulnerabilities published in the NVD since mid-February of this year. According to the report, since February 12, 2024, 12,720 new vulnerabilities were added to NVD. However, over 11,000 of these vulnerabilities have not been analyzed, making it challenging for security professionals to determine vulnerabilities within their software. In response, MedISAO is leveraging advanced AI to maintain the flow and quality of vulnerability data to ensure that organizations can still access crucial vulnerability data.
By using an LLM agent, MedISAO’s system processes vulnerability information from NVD, MITRE, and other external sources, constructing CPE product and version match data to ensure continuous vulnerability enrichment, crucial for maintaining robust cybersecurity practices. This AI-driven approach is supported by Medcrypt’s Software Bill of Materials (SBOM) and vulnerability management tool, Helm. Historical data and a custom grammar parser are used to reduce inaccuracies and improve reliability. Daily updates enhance speed and efficiency in managing newly released vulnerabilities.
“Without NVD’s timely processing, managing and responding to newly disclosed vulnerabilities becomes severely hampered. Our approach is a crucial interim measure to ensure continuity and resilience in cybersecurity practices,” said Daniel Beard, MedISAO. “MedISAO remains committed to supporting the cybersecurity community by providing innovative solutions that address current challenges. As the industry awaits the full resumption of NVD operations, MedISAO’s AI-powered service stands as a vital resource for maintaining robust cybersecurity defenses.”
In May 2024, MedISAO announced its endorsement by the Food and Drug Administration (FDA) through a renewed Memorandum of Understanding (MOU) signed on April 18, 2024, marking a continued collaboration and highlighting the importance of improving the security posture of the medical device ecosystem and the healthcare industry at large. For more information, please visit www.medisao.com.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!
