CylancePROTECT® Achieves HIPAA Security Rule Compliance Certification

Cylance®, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent, rather than just reactively detect, advanced persistent threats and malware, today announced that CylancePROTECT® has been certified 100 percent compliant with HIPAA/HITECH malicious software protection, detection and reporting requirements. The certification is made by DirectDefense, a leading provider of HIPAA/HITECH security assessment services to industries, such as healthcare and insurance, that process, store or transmit electronic protected health information (EPHI).

HIPAA and HITECH are federal laws establishing standards and requirements for transmitting certain health information, including protective measures to ensure patient privacy. Part of the HIPAA/HITECH security standards, HIPAA Security Rule 164.308(a)(5)(ii)(B) specifies provisions for the protection, detection and reporting of malicious software. Compliance with this rule requires organizations to run antivirus software on computers that have operating systems known to be vulnerable to malware.

“Enterprises in possession of patient healthcare information are frequent targets for cyberattacks, many of which are successful, suggesting organizations need to go above and beyond the basic requirements set forth by the HIPAA Security Rules,” said Stuart McClure, CEO of Cylance. “Today’s accepted cybersecurity standards are insufficient and do not adequately protect enterprises from cyberattacks. However, CylancePROTECT enables organizations to meet much higher cybersecurity standards.”

In its evaluation and certification report of CylancePROTECT for HIPAA Security Rules, DirectDefense noted the following:

Detection

“DirectDefense found CylancePROTECT to be significantly superior in finding malicious software than any other antivirus or anti-malware product we have encountered.”

Reporting

CylancePROTECT sends alerts of threats or abnormal executable behavior to the client as well as the management portal to be displayed at the dashboard level. Details for each flagged executable are available as well as the ability to override any potential false positives.

Protection

DirectDefense tested CylancePROTECT and found it does more than just protect against all known types of malicious software. The certification company reported that CylancePROTECT is also updated continually, has self-learning capabilities, and performs a pre-execution quick scan of all modules in real time (10 – 100 ms). In addition, CylancePROTECT was also tested successfully with Microsoft’s VB100 program.

The DirectDefense report also provides the following summary of its testing process and results:

To properly gauge the accuracy of the CylancePROTECT solution, DirectDefense used a private sampling of malware that Cylance maintains, in addition to the company’s own custom exploit payloads that are leveraged during the course of penetration tests designed to bypass most antivirus solutions.

For this review, the CylancePROTECT solution block was configured to alert on malicious memory actions, automatically flag malicious or abnormal executables with the file actions, and scan all new files, as well as periodically scan the test system’s entire disk.

In each test case, CylancePROTECT properly flagged and blocked all samples of un-obfuscated malware, polymorphic (constantly changing versions of code) malware, metamorphic (the decrypted code changes with each instance) malware and custom-packed (compressed to obfuscate) malware code. Additionally, CylancePROTECT flagged Cylance’s own custom exploit payloads and had 100 percent accuracy in detecting all CryptoLocker samples.

The complete DirectDefense HIPAA/HITECH assessor’s report can be found here.

CylancePROTECT also achieved 100 percent PCI DSS Requirement 5 compliance certification in November 2014. The complete DirectDefense assessor’s report can be found here.

About DirectDefense

Since 2011, DirectDefense has been offering comprehensive computer security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Boasting a group of well-rounded and diverse consultants, DirectDefense has worked with a majority of the Fortune 100 companies, including power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and software development organizations. More information can be found at: www.directdefense.com