| Software hardens POS systems |
Aug. 18, 2008
 Solidcore has announced Windows XP-based change control software targeting POS (point-of-service) systems. "POS Check and Control" validates newly deployed POS images, locks down images to prevent unauthorized change, and helps ensure PCI DSS (payment card industry data security standard) compliance, the company says.
POS Check and Control is apparently based on Solidcore's S3 Control software, which, the company says, has already been installed on nearly 100,000 POS systems worldwide. S3 Control software comprises endpoint software installed on Windows XP-based computers, along with a central console server that runs on the combination of Windows Server 2003 and Oracle Database Sever 10g. This "provides real-time change tracking with minimal consumption of CPU, memory, disk and network resources," says Solidcore.
Solidcore says POS Check and Control works by comparing newly deployed POS system images against a known "gold standard." Once new systems are certified as clean, a runtime control works to prevent any malicious code or other unauthorized programs from executing, the company claims.
The protection provided by POS Check and Control is touted as extending across all forms of access to a device, from a network to a USB key. The software is said to provide continuous PCI DSS compliance verification by reporting on any system changes in real time. Reports detail what content has changed, where and when the changes were made, and who made them. In-store technicians can log in as an administrator and perform routine maintenance, while simultaneously being prevented from modifying the set of software that is authorized to execute on a POS device, the vendor says.
Solidcore adds that while POS Check and Control blocks the execution of unauthorized software, it does not require creating an application whitelist. Rather, it accepts any new software as long as that software is added via a "specific process," apparently involving an "authorized update window," "authorized update agent," and "signed update." Existing change processes can easily be accommodated, whether a device is connected to a network or stand-alone, the vendor says.
Finally, POS Check and Control's centralized management console is advertised as providing an overall view of mass-deployed POS systems, and offering detailed reporting on any image deviations. The software protects retailers from internal and external threats, going beyond PCI DSS standards, the company says.
Anne Bonaparte, president and CEO of Solidcore, said, "With both margin pressure and the number of publicized and unpublicized data breaches on the rise, retailers cannot afford to cobble together combinations of audit, antivirus, and list-based security tools on their critical POS system. POS Check and Control gives retailers the power to ensure their POS systems remain secure, and only change when the merchant wants them to."
Further information
Solidcore did not release pricing or hardware requirements for POS Check and Control, which is said to be available now for Windows XP Embedded and WEPOS (Windows Embedded for Point of Sale). The S3 Control sister product requires 256MB of RAM on each monitored device.
More information may become available from the Solidcore website, here.
Related stories:
(Click here for further information)
|
|
|
|
|
|
|
news feed