SOURCE: Cylance


December 01, 2015 11:00 ET

CylancePROTECT™ Achieves HIPAA Security Rule Compliance Certification

CylancePROTECT™ Tested by HIPAA Security Assessors to Be Significantly Superior to Any Other Antivirus or Anti-Malware Product in Finding Malicious Software; Cylance's Flagship Product Achieved 100 Percent Compliance With HIPAA/HITECH Malicious Software Security Standards

IRVINE, CA--(Marketwired - Dec 1, 2015) - Cylance, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent, rather than just reactively detect, advanced persistent threats and malware, today announced that CylancePROTECT™ has been certified 100 percent compliant with HIPAA/HITECH malicious software protection, detection and reporting requirements. The certification is made by DirectDefense, a leading provider of HIPAA/HITECH security assessment services to industries, such as healthcare and insurance, that process, store or transmit electronic protected health information (EPHI).

HIPAA and HITECH are federal laws establishing standards and requirements for transmitting certain health information, including protective measures to ensure patient privacy. Part of the HIPAA/HITECH security standards, HIPAA Security Rule 164.308(a)(5)(ii)(B) specifies provisions for the protection, detection and reporting of malicious software. Compliance with this rule requires organizations to run antivirus software on computers that have operating systems known to be vulnerable to malware.

"Enterprises in possession of patient healthcare information are frequent targets for cyberattacks, many of which are successful, suggesting organizations need to go above and beyond the basic requirements set forth by the HIPAA Security Rules," said Stuart McClure, CEO of Cylance. "Today's accepted cybersecurity standards are insufficient and do not adequately protect enterprises from cyberattacks. However, CylancePROTECT™ enables organizations to meet much higher cybersecurity standards."

In its evaluation and certification report of CylancePROTECT™ for HIPAA Security Rules, DirectDefense noted the following:

"DirectDefense found CylancePROTECT™ to be significantly superior in finding malicious software than any other antivirus or anti-malware product we have encountered."

CylancePROTECT™ sends alerts of threats or abnormal executable behavior to the client as well as the management portal to be displayed at the dashboard level. Details for each flagged executable are available as well as the ability to override any potential false positives.

DirectDefense tested CylancePROTECT™ and found it does more than just protect against all known types of malicious software. The certification company reported that CylancePROTECT™ is also updated continually, has self-learning capabilities, and performs a pre-execution quick scan of all modules in real time (10 - 100 ms). In addition, CylancePROTECT™ was also tested successfully with Microsoft's VB100 program.

The DirectDefense report also provides the following summary of its testing process and results:

To properly gauge the accuracy of the CylancePROTECT™ solution, DirectDefense used a private sampling of malware that Cylance maintains, in addition to the company's own custom exploit payloads that are leveraged during the course of penetration tests designed to bypass most antivirus solutions. 

For this review, the CylancePROTECT™ solution block was configured to alert on malicious memory actions, automatically flag malicious or abnormal executables with the file actions, and scan all new files, as well as periodically scan the test system's entire disk.

In each test case, CylancePROTECT™ properly flagged and blocked all samples of un-obfuscated malware, polymorphic (constantly changing versions of code) malware, metamorphic (the decrypted code changes with each instance) malware and custom-packed (compressed to obfuscate) malware code. Additionally, CylancePROTECT™ flagged Cylance's own custom exploit payloads and had 100 percent accuracy in detecting all CryptoLock samples. 

The complete DirectDefense HIPAA/HITECH assessor's report can be found here.

CylancePROTECT™ also achieved 100 percent PCI DSS Requirement 5 compliance certification in November 2014. The complete DirectDefense assessor's report can be found here.

About Cylance, Inc.

Cylance is the only company to offer a preventive cybersecurity solution that stops over 99% of advanced threats and malware at the most vulnerable point: the endpoint. Applying a revolutionary artificial intelligence approach, the Cylance endpoint security solution, CylancePROTECT™, analyzes the DNA of code prior to its execution on the endpoint to find and prevent threats others can't, while using a fraction of the system resources associated with endpoint anti-virus and detect and respond solutions that are deployed in enterprises today. For more information visit:

Contact Information


    Bill Fallon
    keating/co for Cylance
    Email Contact
    O: 212 925 6900
    M: 973 768 6764