The Retailer's Guide to Becoming and Remaining PCI Compliant
A positive security approach based on trust can also set an established baseline for inventory on the retail endpoints that are under control, putting the retailer in a proactive state. This will negate the need for frequent negative, performance-consuming, periodic scanning, which can often drive the endpoint to a halt. Companies must be agile in order to face emerging threats in today's retail landscape. By adopting a positive business process-monitoring stance, response time can be drastically reduced when things go awry.
Control and Governance
It's imperative to the PCI compliance and security reporting process that retail organizations maintain a thorough real-time inventory of all business endpoints, as well as remaining in control of those endpoints from a security perspective. By using a "positive" security solution that can map to the company's business process, a known good is established (i.e., essentially an inventory of known trusted applications that can run or execute on an individual endpoint).
By adapting a solution based on trust, no potential vulnerabilities can possibly be exploited since the root of the exploit is outside the known trusted source and will not execute. A controlled environment that focuses on the BAUs can also help solve a common problem that's affecting the compliance of many retailers: unsupported systems. Retail systems are often widely distributed and geographically diverse. This also tends to be accompanied by aging operating system software and applications that can't necessarily be updated overnight.
The proliferation of Windows XP point-of-sale systems is a good example of this type of issue. By hardening systems to the business rules for the retail endpoints, retail systems that are no longer supported can remain secure and compliant. A trust-based approach helps to ensure vulnerability violations are taken out of the regulatory mix, providing a valid option to the required patching process that would be needed under traditional approaches. Patches can be applied on any pre-defined schedule rather than under the schedule of the OS or the compliance regulations. The trust-based solution deployed across the endpoints will eliminate the risk of compliance vulnerabilities and provide intelligent real-time monitoring of the file system, based on a set of "known good."