Subscribe to the "What's New" web feed.Subscription options

What's New

The Latest Postings for Solidcore Blog
May 09, 2008
Excerpt from:  IT Compliance

Retailers find the solution to PCI Compliance on POS Devices

Solidcore provides most cost effective solution for meeting critical audit trail and file integrity monitoring PCI requirements

Our PCI products launched earlier this year have been a tremendous success. The traction and pull we are seeing from the market is phenomenal.  We closed two deals with really large retailers who are interested in using our PCI products on their Point of Sale (POS) systems. Now, POS itself is an overloaded term. What we generally know as POS devices are actually called PC-based cash registers (that one you see at the counter). Retailers call even the back office server a POS. These are Windows 2003 servers with lots of disk space and they run database servers on these machines.

One of the aforementioned retailers has over 300 retail locations across the west coast. Each store has at least two cash registers and all the cash registers are connected to a back-office POS system running SQL Server 2005. This retailer has started using solidcore for creating an audit trail of all File and database changes on these critical back office systems. Our database product has the ability to track:

1. Schema changes
2. Data changes
3. Activities like Logon/Logoff, User/Role creations, privilege grants, etc, and
4. Accesses (SELECT)

While this is great, tracking all such changes would result in a very low signal-to-noise ratio. We solve this problem using our filter profiles which allows users to specify various conditions like: "Track changes made to the cardholder table ONLY when they are made by applications other than the payment processing application," or "create an audit trail of all SELECT statements that are issued by accounts (users) other than the ones used by the application." Out of the box reports also help the DBAs get a summary of all suspicious and unauthorized activity across all stores on a daily, weekly, or custom interval. I was talking to one of the leading PCI industry analysts today who was very impressed at Solidcore's capability to collect and maintain an audit-trail of all in-scope PCI servers, databases and network devices. This analyst mentioned that Section 10 was the main play of Security Information Management (SIM) vendors like Arcsight and Loglogic. So, if you are in the market looking for a SIM product for PCI Section 10, you owe it to yourself to put Solidcore on your list. 

Rajesh Rajamani
raj@solidcore.com

.
PermalinkSolidcore PCI Products
.Solidcore PCI products web page
.http://www.solidcore.com/products/pci.html
.
PermalinkCredit card thieves target flawed POS systems
.SearchSecurity.com article about cardholder theft and POS devices
.http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1311702,00.html
.
PermalinkSIM market
.Network World article about the security information management market
.http://www.networkworld.com/newsletters/nsm/2007/0827nsm2.html
Topic Tags:  , , , ,
by Erin Swanson | comment | ↑top | link to this#
Syndication OptionsRSS (Rich Site Summary) Feed Atom Feed OPML (Outline Processor Language) Feed MYST-ML (MyST Markup Language) Content Feed MS-Office Smart Tag Subscription