The questions we get on every healthcare evaluation, answered before the call.
Honest answers, including the ones vendors typically duck. If a question you have is not here, it belongs on the demo call rather than in a chat widget.
Does PHI flow through CybrIQ?
No. We never look at the contents of network traffic. The information we work from comes from your network switches — manufacturer codes for connected devices, how devices announce themselves on the wire, port-level metadata the switch is already collecting for its own operation. Electronic protected health information does not flow through CybrIQ at any point.
Do you use SPAN ports, mirror ports, or traffic taps?
No, never. We do not copy or look at network traffic. There is no SPAN cabling, no traffic mirror, no in-line tap, and no monitoring NIC. Our information comes entirely from what your network switches already know about each port. The mechanism is the same read-only SNMP your existing network management tools already use.
Do you offer a Business Associate Agreement?
Yes, on request. The BAA is offered for procurement symmetry rather than because our processing posture requires it. Your contracts team is used to seeing one from any vendor touching the clinical environment, so we provide one.
Where does the telemetry reside?
Your choice. The data we generate — device fingerprints, identity events, change history — can be hosted in the United States, the European Union, Canada, or fully on-premise inside your own infrastructure. Cross-border egress is not a default; we deploy into the region you specify and stay there.
Do you assess whether devices are configured correctly?
No. We verify device identity. Whether a given infusion pump has up-to-date firmware, whether an imaging modality has secure-by-default settings, whether an EHR endpoint has the correct group policies — those are separate problems for separate tools. We do not claim to address them, and we do not silently underperform on them.
Can CybrIQ quarantine a port or disable an interface?
Only if you turn it on. The default deployment is purely read-only. If Clinical Engineering and IT jointly authorize it, we can use read-write SNMP against your switch to move a port to a quarantine VLAN, disable an interface, or apply an access list. The action happens on the switch, not on the medical device. We require written authorization before enabling it.
How does this work for USB attack hardware?
An optional small agent for Windows and Linux workstations identifies USB devices against a curated database of attack tools — Rubber Ducky, Flipper Zero, O.MG cables, BadUSB-class HID-spoofers, rogue USB mass-storage. The agent is opt-in per host; you decide which workstations get it (typically the high-risk ones — radiology, OR consoles, pharmacy automation, executive endpoints). When a match lands, a usb-threat-detected event reaches your existing security tools through syslog or REST. See the USB protection page for the details.
Will CybrIQ replace our network access control (NAC)?
No. NAC enforces network admission policy at the port; we supply device identity. A NAC like Cisco ISE, Aruba ClearPass, or Forescout can use our identity feed to make better decisions. The relationship is feed-and-enforce, not either-or.
How does CybrIQ compare to Claroty Medigate, Armis, Asimily, Cylera?
Those platforms are real and the named vendors do real work. Our discipline is narrower: device identity from the switch side. We do not provide the integrated risk-scoring, configuration-baseline, or threat-intelligence overlays those vendors layer on top. If your program already runs one of those platforms and the inventory is still inaccurate, we can be the identity feed underneath. If you are evaluating fresh, the choice is between a narrow feed that fits inside your existing controls and a broader suite that brings its own controls. See the compare page for the trade-offs.
What is the typical contract length?
Twelve to thirty-six months. We do not accept credit cards. Procurement runs through standard purchase orders or contract-vehicle resellers. See procurement & BAA.
What does the pilot look like?
Thirty days, no fee. We deploy a CybrIQ External Scan Engine (ESE) instance to one site or one network segment, with read-only switch access. You receive the device inventory, a change feed, and a methodology paragraph drafted for your existing risk register. The artifacts are yours regardless of whether you continue. See pilot terms.
What does CybrIQ not do?
It does not detect threats. It does not run a security operations center for you. It does not perform configuration assessment. It does not produce your HIPAA risk analysis on your behalf. It does not contract on your cyber-insurance carrier's behalf. The product is deliberately narrower than most security platforms; the narrowness is the point.
A live walk-through and a conversation about whether CybrIQ fits your environment.
Book a demo30-day pilot, no fee.