Subscribe to the "Retailers Need Single Solution for Security and PCI Compliance on POS Systems" web feed.Subscription options
Excerpt from:  IT Compliance
.
November 12, 2008

Retailers Need Single Solution for Security and PCI Compliance on POS Systems

Solidcore combines whitelisting, file integrity monitoring and configuration assessment to give retailers single solution for PCI compliance at the store

Retailers today are under great pressure to meet PCI compliance mandates across their stores and networks, despite facing enormous budget and resource constraints.  As such, retailers cannot afford to deploy and manage disparate security products from multiple vendors across their distributed store locations and point-of-sale (POS) systems.  Solidcore’s POS Check and Control provides retailers with a single-solution that can easily and cost-effectively address all of the PCI and security requirements for business-critical POS systems.

Solidcore POS Check and Control software combines whitelisting, file integrity monitoring and configuration assessment capabilities to give retailers a “single solution” for meeting the PCI Data Security Standard requirements on retail store POS systems.  This single-solution benefits retailers by shortening the time, simplifying the effort, and lowering the cost to verify PCI compliance at the store.

According to Mike Lewis, executive vice president and CIO for Giant Tiger, one of the largest family discount store chains in Canada, “We needed one product to secure our POS systems while also ensuring comprehensive coverage of the PCI compliance requirements across our distributed store systems. Solidcore’s POS Check and Control quickly emerged as the most effective security solution that addresses PCI compliance for our POS environment. Solidcore allows us to meet the lock-down, file monitoring and alerting requirements for PCI compliance, and helped us avoid any costly and cumbersome multi-vendor project for meeting PCI compliance on store systems.”

Hiroshi Komura, general manager, i-Appliance division for NEC Infrontia Corporation said, “We identified uncontrolled change as the primary cause of POS unavailability issues and maintenance costs for our POS devices. Embedding Solidcore into our POS systems gives us complete control and certainty over what changes on each device.”

Solidcore POS Check and Control Features

  • Dynamic Whitelisting -- Solidcore dynamic whitelisting goes beyond the capabilities of traditional whitelisting to provide the most complete protection and PCI compliance coverage across retail store systems.  It ensures only pre-authorized applications and code run on POS systems, and unlike other whitelisting approaches, Solidcore accommodates secure authorized updates without having to rely on access to a centralized inventory.  These capabilities ensure retailers quickly and cost-effectively meet the PCI requirements for antivirus outlined in Section 5 of the PCI DSS, and the required alerting that is outlined in Section 12.

  • CFIM (Continuous File Integrity Monitoring) -- Solidcore’s continuous file integrity monitoring goes beyond “periodic” file integrity monitoring tools of the past that only detect changes through resource-intensive system scans.  Solidcore’s “continuous” file integrity monitoring has minimal impact on store system resources and eliminates the need to perform repeat system scans.  This allows retailers to easily and more-effectively meet the file integrity monitoring and audit trail requirements outlined is Sections 10 and 11 of the PCI DSS.

  • Configuration Assessment -- Retailers often rely on hardening standards published by the Center for Internet Security (CIS), a non-profit organization with a mission to help organizations reduce the risk of business disruptions resulting from inadequate security controls.  Solidcore provides security configuration assessment capabilities that allow for regular comparisons against the CIS benchmarks.  This capability enables retailers to quickly identify incorrectly configured server and application settings for quick repair. Compliance scores are calculated based on the configuration assessment, and a comparison of scores from different hosts is supported through dashboards.

Solidcore CEO Anne Bonaparte said, “Retailers simply cannot afford to source combinations of file monitoring, audit and list-based security tools from different vendors to become PCI compliant at the store – they need a single solution to do it all quickly and effectively. Solidcore has focused on providing these essential security capabilities in a single solution for point of service systems since our inception.  While you might see more security companies partnering to offer retailers a PCI compliance solution for store systems, customers will find that Solidcore is the preferred solution for the POS environment.”

Tony Thompson
tthompson@solidcore.com

.
PermalinkGiant Tiger selects Solidcore as single solution for POS security
.Giant Tiger web site
.http://www.gianttiger.com
.
PermalinkSolidcore Single Solution for POS Security and PCI Compliance
.Solidcore press release highlighting single solution for POS security and PCI compliance
.http://www.solidcore.com/news_events/release99.html
.
PermalinkPCI Data Security Standard
.PCI Security Standards Council web site
.http://www.pcisecuritystandards.org/
Topic Tags:  , , , ,
by tthompson | ↑top | link to this#
Syndication OptionsRSS (Rich Site Summary) Feed Atom Feed OPML (Outline Processor Language) Feed MYST-ML (MyST Markup Language) Content Feed MS-Office Smart Tag Subscription