Defend. Detect. Defeat.

Third Rock Guardian™ provides next-generation cyber-security breach prevention and detection capabilities. Third Rock Guardian™ enables your IT staff or MSP to rapidly achieve and prove continuous compliance for the systems that deliver critical business services by generating customer scheduled, easy to understand reports with corrective actions to protect your practice.

Guardian provides two important aspects to maintaining a secure network environment.

  1. Cyber-Security Monitoring and Reporting – Next generation software that performs 3 vital security functions beyond your current perimeter defenses by monitoring and reporting HIPAA compliance, vulnerability analysis and file integrity scanning.
  2. Security Verification and Escalation. Independent 3rd Party Integrity and Compliance Monitoring performed by Third Rock to validate to you that your systems and files are protected.


Automated Vulnerability Assessment

OVAL-compliant feed subscriptions ensure that vulnerable systems are immediately detected and reported.

Security Content Automation Protocol (SCAP)

NIST-validated SCAP Authenticated Configuration Scanner, Authenticated Vulnerability and Patch Scanner, and FDCC Scanner.

Compliance Automation

Assessment policies for NIST 800-53, SOX, PCI DSS, HIPAA, NERC and FDCC with additional regulations added on a regular basis.

Actionable File Integrity Monitoring (FIM)

Third Rock Guardian’s FIM solution enables you to easily determine whether critical applications are deployed and configured consistently across systems.

Simple, Powerful Reporting

Ready-to-run reports provide proof of continuous compliance with regulatory and internal standards, historical trends and analysis, and user-defined drill-down capabilities.


Combine multiple reports into concise at-a-glance views of the current and historical state of managed systems and business services.

HIPAA regulations require that providers who implement and manage electronic Personal Health Information (ePHI) systems must follow federally mandated safeguards to protect confidential data.

hipaa-sliderThe Act was enacted to prevent health care fraud and abuse by regulating the security and privacy of electronically stored patient information. It mandates that IT organizations establish access control, audit control, and change monitoring processes to protect patient information.

Third Rock Guardian™  has proven experience in simplifying healthcare organizations’ process of HIPPA IT audit certification. We equip provider IT staff with software solutions that are easy to implement and maintain, broad in application and deep in coverage.

Intelligent in design, our automated solutions reduce the manpower and cost requisite to achieve and maintain ongoing HIPAA compliance.

Simply affordable

Third Rock Guardian™ automates the ability to prove HIPAA compliance by actively assessing the state of IT systems against standard references, dramatically reducing the cost of audits while providing a more predictable and stable IT environment.

Third Rock Guardian™ proves HIPAA compliance by:

  • Assessing the state of systems against HIPAA standard references
  • Detecting and alerting when unauthorized changes are made to monitored systems
  • Generating reports that demonstrate historical HIPAA compliance

Third Rock Guardian™ proves PCI compliance by assessing deployed systems against approved references.

View PCI-DSS Solutions

View PCI-DSS Solutions

The PCI Data Security Standard (PCI DSS) mandates that all systems involved in credit card transaction processing have controls in place to validate that applications and configurations are securely deployed. Additionally, PCI requires that organizations must detect and notify when unauthorized changes are made to critical system files and configurations.

Third Rock Guardian™ proves PCI compliance by assessing deployed systems against approved PCI references, detecting and reporting on any deviations. By generating an audit trail which proves that only approved and documented changes are being deployed to managed systems, our solutions dramatically reduce the cost of audits.

Proving PCI compliance

  • Verifying that systems are compliant with PCI standards
  • Detecting and alerting when unauthorized changes are made to monitored systems
  • Generating reports that demonstrate historical PCI compliance

PCI controls covered...

  • 02.2.2 Disable all unnecessary and insecure services and protocols
  • 02.2.3.c Configure system security parameters to prevent misuse
  • 07.2.3 Confirm that the access control systems has a default “deny-all” setting
  • 08.4.a Verify that passwords are unreadable during transmission and storage
  • 08.4.b Password files to verify that customer passwords are encrypted
  • 08.5.08.a Generic user IDs and accounts are disabled or removed
  • 08.5.09 Change user passwords at least every 90 days
  • 08.5.10 Require a minimum password length of at least seven characters
  • 08.5.11 Use passwords containing both numeric and alphabetic characters
  • 08.5.12 Do not allow a new password that is the same as any of the last four passwords
  • 08.5.13 Limit repeated access attempts by locking out the user ID after not more than six attempts
  • 08.5.14 Set the lockout duration to a minimum of 30 minutes or until administrator enables the user ID
  • 08.5.15 Session Idle Timeout
  • 10.2.4 Verify invalid logical access attempts are logged
  • 10.2.5 Verify use of identification and authentication mechanisms is logged
  • 10.2.6 Verify initialization of audit logs is logged
  • 10.5.5 Use file integrity monitoring and change detection software
  • 10.4.a Verify that NTP is being used to synchronize clocks
  • 11.5.a Deploy file-integrity monitoring tools
  • 12.3.8 Verify usage policies require automatic disconnect of sessions for remote-access after inactivity