A short list. Said carefully. Paste-able into the methodology section your assessor will read.
The most useful product description for a HIPAA risk analysis is the one an assessor can drop into the methodology section without rewriting. Here is ours.
1. Identifies every device connected to your network.
CybrIQ connects to your managed network switches using read-only SNMP — the standard read-only management protocol every enterprise switch already supports. The switch provides what it already collects: manufacturer codes for connected devices, how each device announces itself on the wire, port-level metadata. From that information we recognize the device family and model class. The library has roughly 750 million device fingerprints, including the medical-device families most healthcare programs need to identify.
2. Emits the inventory as syslog and REST.
Every change in the inventory — new device, moved device, vanished device, identity change — is timestamped and emitted to your existing security tools through standard syslog (RFC 5424) or a REST API. Your SIEM, your GRC platform, your CMMS, and your risk register can all subscribe. No vendor-specific console required.
3. Does not touch the medical device.
The default deployment is purely read-only. We do not send packets to the medical device, do not scan it, do not interrogate it. The clinical workflow does not change. The vendor support contract is not voided.
4. Does not observe PHI.
We do not look at packet contents. The information we work from is metadata the switch already collects for its own operation. Electronic protected health information does not flow through CybrIQ. A BAA is available regardless, on request.
5. Optional, opt-in USB-attack detection on workstations.
A small Windows/Linux agent for the high-risk workstations identifies USB devices against a curated attack-tool signature database. Opt-in per host. The only place CybrIQ ever puts software on an endpoint. See USB protection.
6. Optional, opt-in network action.
If the customer authorizes it, CybrIQ can use read-write SNMP against the switch to move a port to a quarantine VLAN, disable an interface, or apply an access list. The default is off. The action is on the switch, not on the medical device.
What that lets your program do.
Defend the §164.308 inventory.
The asset inventory feeding your HIPAA risk analysis is produced continuously. Identity changes are logged for §164.312(b) audit purposes. The methodology paragraph an assessor needs is right there.
Feed identity into whatever you already run.
NAC, NDR, EDR, GRC, CMMS, SIEM — the consumers of device identity can subscribe to a single source of truth. Your existing investments keep working.
Absorb acquired practices in hours instead of weeks.
Read-only switch access from the new site, inventory feed into the parent organization within hours. See M&A integration.