The latest rash of large scale retail breaches have raised a lot of questions regarding how retailers keep their systems secure. Many are outraged that large retailers such as Target and Neiman Marcus were unable to keep their customers’ data safe.
Here at Tripwire, we know full well how difficult it is to secure large retail chains and understand the challenges retailers face.
As an authority on the implementation of PCI compliance solutions, we know a thing or two about the difficulties of securing retail store chains. Early on we realized the importance of retailers not only attaining their IROC (Initial Report on Compliance), but also to maintain compliance state and further improve their security posture over time through the implementation of key security controls.
We all know that PCI compliance does not mean security, it is a check box and only one factor in the security and compliance chain that retailers are faced with.
Most enterprise organizations only deal with a data center, which can be challenging enough, but is generally straightforward and is also something many vendors are comfortable implementing. You are usually dealing with a limited number of assets and applications and only in a few locations.
However, once you introduce multiple stores to the mix the complexity makes it much more difficult to secure and keep in compliance.
One Thousand Stores? No problem.
To give you an idea of scale and complexity retailers face, one of our customers, a large department store chain came to us with a large number of devices spread out across the country which was comprised of:
- 1,000 stores+
- 3,300 point-of-sale servers (in store)
- 40,000+ point-of-sale registers
- 200+ servers (data center)
- 2,800 work stations (call center)
Their staff had a limited amount of knowledge of PCI and security, but working with our professional services team were able to fully deploy the solution within two months of the engagement. From then on their team had the tools they needed to automate further deployments and manage the system themselves with limited assistance.
Security deployments and PCI compliance projects are not easy, but they can be implemented quickly with the right tools and team to support them. If you are curious how Tripwire can help retailers contact us, we would be more than happy to provide a demo and answer any questions you may have.
- How Target’s Point-of-Sale System May Have Been Hacked
- Stolen Target Credit Cards and the Black Market: How the Digital Underground Works
- Target: The Desolation of Fraud
- Target Data Breach: How to Perform Early Detection…
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Definitive Guide to Attack Surface Analytics
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock