WALTHAM, Mass. — Bit9, provider of enterprise application white-listing, is making PCI compliance easier for retailers. According to news release, Bit9 Parity and Bit9 Parity for point-of-sale use whitelisting to help retail merchants secure payment devices, servers and self-serve kiosks in a continued focus on payment data protection in accordance with the new PCI Data Security Standard version 1.2 In the new PCI DSS, Requirement 5 remains focused on maintaining a vulnerability management program, including using and regularly updating antivirus software. But the 20-year-old antivirus technology is struggling to keep up with the exploding universe of malware variants and targeted attacks. Retailers and enterprises that manage sensitive payment data continue to look for easier, more cost-effective and secure ways to protect their systems and meet PCI DSS Requirement 5. "White-listing is becoming an attractive and cost effective way for retailers to protect both customer data and their own infrastructure. Certain retailers deploy white-listing technology and take a lockdown approach to endpoint security," said Glenn Williamson, corporate security officer for Cyberklix Inc., an approved QSA and ASV firm in North America. "Protection against known malware is currently provided, but at all times there are unknown variants that signature-based protection cannot account for. We must further protect our and our client's information and this is where we have begun to see a new market presence for whitelisting."
U.K. retailer Marks and Spencer selected Bit9 Parity to protect more than 16,000 POS systems and help the company enforce the PCIDSS. Other leading retailers using Bit9 application whitelisting to protect their systems include 7-Eleven, Ahold, Petsmart, and Ritz Camera.
POS, self-checkout, kiosks and other retail systems pose security challenges, as they are often targeted by malicious hackers for their role in handling sensitive and valuable cardholder data. Most companies, however, are unable to easily control what applications can and cannot run on these machines. Blacklisting technologies such as antivirus software cannot always protect against targeted, low profile malware making its way onto a system. Many retail systems also are unable to easily receive updates and patches, or control portable storage devices.
