Trend Micro™ Deep Security Packages
By choosing one of Atlantic.Net's Managed Trend Micro Deep Security packages, you will be equipped to mitigate major security challenges in the cyber landscape.
HIPAA Security Services
Managed HIPAA security services from Atlantic.Net.
Contact Us To Get Started
Managed HIPAA-Compliant Security
Our industry-leading Managed Services let us cover cybersecurity and compliance, so you can stay focused on your core competencies. The following managed services are configured and operated by Atlantic.Net for HIPAA compliance:
- Intrusion Detection / Prevention Service
- Anti-Malware Protection
- Dedicated Firewalls and Encrypted VPN
- Network Address Translation (NAT)
- Trend Micro Deep Security Package
HIPAA Intrusion Detection Service
Our Intrusion Detection Service (IDS) works off a continually updated database of malware and other potential hazards, and features customizable security infrastructure that we tune to your specific needs. We routinely test and re-test all components of IDS/IPS and perform upgrades on an as-needed basis. Threats are monitored and prevented in real time.
Our Intrusion Detection Service also features a powerful firewall appliance that connects to each interface, monitoring everything from CPU usage to gateway response rate. If you require traffic shaping or simultaneous-connection limits, both are easily configurable.
All of this is delivered cost-effectively ‐ meaning you'll have access to world-class security at a much lower cost structure than hiring your own cybersecurity staff.
Need Help?
Anti-Malware Protection
HIPAA regulation expects healthcare organizations to use anti-malware controls as part of their security posture. Atlantic.Net's engineers deploy Trend Micro Anti-Malware to protect clients from malicious software.
Dedicated Firewalls and Encrypted VPN
In addition to intrusion detection, Atlantic.Net provides a powerful set of managed firewall components designed for affordability and security. We can build out-of-the-box solutions for almost any configuration, including Linux servers and Cisco ASA Firewalls. Reporting maintains historical information on every aspect of network security ‐ CPU utilization, firewall states, WAN gateways, and traffic shaping.
By default, we deploy a stateful firewall that lets you granularly control your states. That includes limits on states per host, new connections per second, state timeouts, state types, and simultaneous client connections. Multiple state-handling modes are available:
- Keep state ‐ works with all protocols. Default for all rules.
- Modulate state ‐ works only with TCP. Atlantic.Net's firewall appliance generates strong Initial Sequence Numbers (ISNs) on behalf of the host.
- Synproxy state ‐ proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. Includes the functionality of "keep state" and "modulate state" combined.
- None ‐ does not keep any state entries for the traffic. Rarely desirable, but available for limited circumstances.
Several state-table optimization options are also available:
- Normal ‐ the default algorithm.
- High latency ‐ useful for high-latency links such as satellite connections; expires idle connections later than normal.
- Aggressive ‐ expires idle connections more quickly. Uses hardware resources more efficiently but can drop legitimate connections.
- Conservative ‐ tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization.
Our dedicated firewalls are connected to a management service that eases the burden of monitoring. The same service lets us implement encrypted VPN connections (OpenVPN, IPsec, and PPTP supported by default) to and from your hosted servers. HIPAA compliance requirements are central to the entire process ‐ from management through maintenance and troubleshooting. Learn more on the Managed Firewall Service page.
Network Address Translation (NAT)
All Atlantic.Net Managed Services clients have access to our Network Address Translation utility, which lets them quickly and easily shape how their network functions. It features straightforward configuration for port forwarding (including port ranges and multiple public IPs), outbound NAT, and advanced load balancing for both inbound and outbound connections. Integrated with the firewall appliance, it can be set up with full redundancy via pfsync and CARP.
Need Help?
Looking for HIPAA-Compliant Hosting?
We can help with a free assessment.
IT architecture design, security & guidance.
Flexible private, public & hybrid hosting.
24x7x365 security, support & monitoring.
Trend Micro™ Deep Security Suite
Key features:
Virtual environments: Preserve performance and consolidation ratios with comprehensive agentless security built specifically to maximize protection for virtual environments.
Optimized for server environments: Optimizes security operations to avoid antivirus storms commonly seen in full system scans and pattern updates from traditional security capabilities.
Virtual patching: Shield vulnerabilities before they can be exploited ‐ eliminating the operational pains of emergency patching, frequent patch cycles, and costly system downtime.
Compliance: Demonstrate compliance with multiple regulatory requirements including PCI DSS 4.0, HIPAA, HITECH, FISMA / NIST 800-53, NERC, and more. Learn more about Trend Micro Deep Security Suite.
HIPAA Security Rule ‐ Technical Safeguards Mapped to Atlantic.Net Services
The HIPAA Security Rule (45 CFR § 164.312) requires specific technical safeguards for ePHI. The table below shows how Atlantic.Net's managed security services map to each safeguard.
| HIPAA Security Rule Safeguard | Atlantic.Net Managed Service | What It Covers |
|---|---|---|
| Access Control (§ 164.312(a)) | Dedicated firewalls, MFA, VPN, NAT | Granular firewall rules, multi-factor authentication, encrypted access paths |
| Audit Controls (§ 164.312(b)) | Log management, IDS/IPS | Centralized logs, forensic-grade audit trails, alert escalation |
| Integrity (§ 164.312(c)) | Trend Micro Deep Security (integrity monitoring), encrypted backups | File & registry change detection; verifiable backups |
| Person or Entity Authentication (§ 164.312(d)) | Multi-Factor Authentication, VPN credentialing | Verified identity for SSH, RDP, and admin access |
| Transmission Security (§ 164.312(e)) | SSL/TLS termination, encrypted VPN, FortiGate firewall | End-to-end encryption in transit, SSL inspection, DDoS mitigation |
| Anti-Malware (HIPAA Security Rule expectation) | Trend Micro Anti-Malware | Anti-malware engine deployed across managed servers |
| Contingency Plan (§ 164.308(a)(7)) | Veeam Backup & Replication, HIPAA Disaster Recovery | Backups, off-site replication, RTO/RPO-driven failover |
Get Help with HIPAA Compliance
Atlantic.Net is ready to help you reach compliance quickly across SOC 2, SOC 3, HIPAA, and HITECH ‐ all with 24x7x365 support, monitoring, and world-class data center infrastructure. For faster application deployment, free IT architecture design, and assessment, call 888-618-DATA (3282) or email us at [email protected].
Start Your HIPAA Project With a
Fully Audited HIPAA Platform Today
HIPAA-compliant compute & storage, encrypted VPN, security firewall, BAA, off-site backup, disaster recovery, and more.
Frequently Asked Questions About HIPAA Security Services
HIPAA-compliant security is the set of administrative, physical, and technical safeguards applied to systems that store, process, or transmit ePHI. The HIPAA Security Rule (45 CFR § 164.312) specifies the technical safeguards: access control, audit controls, integrity, person/entity authentication, and transmission security. Atlantic.Net's managed services map to each of those expectations.
An IDS sits out-of-band, passively monitors network traffic, and alerts. An IPS sits inline on the data path and actively blocks malicious traffic in real time. Atlantic.Net's HIPAA security stack offers both patterns; the FortiGate Firewall as a Service consolidates IPS into the firewall layer.
The HIPAA Security Rule requires covered entities to "implement procedures for guarding against, detecting, and reporting malicious software" (45 CFR § 164.308(a)(5)(ii)(B)). Atlantic.Net deploys Trend Micro Anti-Malware on managed servers as part of the security services package to satisfy this expectation.
OpenVPN and IPsec are the primary supported protocols for client-based and site-to-site VPN tunnels. PPTP is supported for legacy clients but is not recommended for new deployments due to known weaknesses. VPN sits inside the same managed-service envelope as the firewall.
Network Address Translation lets you expose only the services that need to be public while keeping the rest of the environment behind private IPs. It also enables port forwarding and outbound traffic shaping. In a HIPAA context, NAT reduces the attack surface and gives you cleaner audit boundaries between public-facing and ePHI-bearing systems.
Deep Security combines anti-malware with intrusion prevention, integrity monitoring, log inspection, and virtual patching on a single platform optimized for virtualized and cloud environments. It avoids the "AV storm" pattern and supports compliance obligations under PCI DSS 4.0, HIPAA, HITECH, FISMA / NIST 800-53, and more.
Most HIPAA hosting plans include the core security services (firewall, BAA, vulnerability scans, encrypted VPN, server management, backups). Add-ons such as Trend Micro Deep Security, Multi-Factor Authentication, Network Edge Protection, Disaster Recovery, and Load Balancing are available on the higher-tier plans or as a la carte additions.
Yes. Atlantic.Net signs a HIPAA BAA with customers handling ePHI. The BAA documents the contractual obligations Atlantic.Net assumes as a Business Associate under HIPAA. Contact the Atlantic.Net Sales Department to obtain a copy.
Atlantic.Net's hosting infrastructure is independently audited annually for HIPAA AT-C 105 / 205, SOC 2 Type II, SOC 3 Type II, HITECH, and PCI DSS 4.0. Customers can cite Atlantic.Net's audited controls in their own audits. SOC reports are available to customers under NDA; SOC 3 is public.
Pricing depends on the underlying hosting product, the data volume protected, and the bundled security and managed services. Contact our sales team for a quote tailored to your environment and compliance scope.
