According to Greg Buzek of the IHL Group, "IBM 4690 POS terminal sales drove $1.02 billion in hardware, software, and maintenance in 2007, and there is a significant installed base within the category of superstores/warehouses and mass merchants that rely on this operating system with 64% of the installed base."  While IBM 4690 technology has proven itself over time, meeting the intent of PCI compliance across these platforms has been difficult to accomplish. 

Now, retailers using IBM 4690 POS environments can have the visibility, monitoring and audit reporting capabilities that needed to fulfill the PCI compliance mandates for alerting personnel to unauthorized modifications of critical system or content files. Solidcore's POS Check and Control solution is the first of its kind to monitor and alert on changes to IBM 4690 POS Controllers, which provide both the application and operating system images to the client terminals in many of today's retail environments.   

Branden Williams, PCI practice director for VeriSign said, "The importance of file integrity monitoring cannot be overlooked when it comes to PCI compliance. File integrity monitoring is a critical aspect of understanding the changes within payment systems and should be deployed as a best-practice regardless of the version of POS systems or terminals or terminals in use."

Tony Thompson
tthompson@solidcore.com

Retailers today are under great pressure to meet PCI compliance mandates across their stores and networks, despite facing enormous budget and resource constraints.  As such, retailers cannot afford to deploy and manage disparate security products from multiple vendors across their distributed store locations and point-of-sale (POS) systems.  Solidcore’s POS Check and Control provides retailers with a single-solution that can easily and cost-effectively address all of the PCI and security requirements for business-critical POS systems.

Solidcore POS Check and Control software combines whitelisting, file integrity monitoring and configuration assessment capabilities to give retailers a “single solution” for meeting the PCI Data Security Standard requirements on retail store POS systems.  This single-solution benefits retailers by shortening the time, simplifying the effort, and lowering the cost to verify PCI compliance at the store.

According to Mike Lewis, executive vice president and CIO for Giant Tiger, one of the largest family discount store chains in Canada, “We needed one product to secure our POS systems while also ensuring comprehensive coverage of the PCI compliance requirements across our distributed store systems. Solidcore’s POS Check and Control quickly emerged as the most effective security solution that addresses PCI compliance for our POS environment. Solidcore allows us to meet the lock-down, file monitoring and alerting requirements for PCI compliance, and helped us avoid any costly and cumbersome multi-vendor project for meeting PCI compliance on store systems.”

Hiroshi Komura, general manager, i-Appliance division for NEC Infrontia Corporation said, “We identified uncontrolled change as the primary cause of POS unavailability issues and maintenance costs for our POS devices. Embedding Solidcore into our POS systems gives us complete control and certainty over what changes on each device.”

Solidcore POS Check and Control Features

• Dynamic Whitelisting -- Solidcore dynamic whitelisting goes beyond the capabilities of traditional whitelisting to provide the most complete protection and PCI compliance coverage across retail store systems.  It ensures only pre-authorized applications and code run on POS systems, and unlike other whitelisting approaches, Solidcore accommodates secure authorized updates without having to rely on access to a centralized inventory.  These capabilities ensure retailers quickly and cost-effectively meet the PCI requirements for antivirus outlined in Section 5 of the PCI DSS, and the required alerting that is outlined in Section 12.

• CFIM (Continuous File Integrity Monitoring) -- Solidcore’s continuous file integrity monitoring goes beyond “periodic” file integrity monitoring tools of the past that only detect changes through resource-intensive system scans.  Solidcore’s “continuous” file integrity monitoring has minimal impact on store system resources and eliminates the need to perform repeat system scans.  This allows retailers to easily and more-effectively meet the file integrity monitoring and audit trail requirements outlined is Sections 10 and 11 of the PCI DSS.

• Configuration Assessment -- Retailers often rely on hardening standards published by the Center for Internet Security (CIS), a non-profit organization with a mission to help organizations reduce the risk of business disruptions resulting from inadequate security controls.  Solidcore provides security configuration assessment capabilities that allow for regular comparisons against the CIS benchmarks.  This capability enables retailers to quickly identify incorrectly configured server and application settings for quick repair. Compliance scores are calculated based on the configuration assessment, and a comparison of scores from different hosts is supported through dashboards.

Solidcore CEO Anne Bonaparte said, “Retailers simply cannot afford to source combinations of file monitoring, audit and list-based security tools from different vendors to become PCI compliant at the store – they need a single solution to do it all quickly and effectively. Solidcore has focused on providing these essential security capabilities in a single solution for point of service systems since our inception.  While you might see more security companies partnering to offer retailers a PCI compliance solution for store systems, customers will find that Solidcore is the preferred solution for the POS environment.”

Tony Thompson
tthompson@solidcore.com