Malware detection
ThreatLockDown offers several capabilities that support malware detection. The following methods achieve these detections:
Finding patterns in the endpoint that do not match expected behavior
Using constant database (CDB) lists to detect and remove malicious files
These components of ThreatLockDown help to comply with the following HIPAA sections:
Security Awareness and Training §164.308(a)(5)(i) - Protection from Malicious Software: “Procedures for guarding against, detecting, and reporting malicious software.”
This section of the HIPAA standard requires you to have procedures to detect and remove malicious software. The ThreatLockDown malware detection capability implements this HIPAA section with the aid of out-of-the-box rules, VirusTotal and YARA integration, and the use of CDB lists. The rootcheck component of ThreatLockDown also detects abnormal behavior in monitored endpoints. These capabilities help support this HIPAA section.
We show a use case of how to detect a rootkit.