Retailers choose new proactive approach to secure systems

Waltham, MA - November 13, 2008 - Bit9, the pioneer and leader in Enterprise Application Whitelisting, is making PCI compliance easier for retailers. Bit9 Parity and Bit9 Parity for Point-of-Sale use whitelisting to help retail merchants secure payment devices, servers and self-serve kiosks in a continued focus on payment data protection in accordance with the new PCI Data Security Standard version 1.2 (PCI DSS.)

In the new PCI DSS, Requirement 5 remains focused on maintaining a vulnerability management program, including using and regularly updating antivirus software. However, it is widely acknowledged that the 20-year-old antivirus technology is struggling to keep up with the exploding universe of malware variants and targeted attacks.1,2 Retailers and enterprises that manage sensitive payment data continue to look for simpler, more cost-effective, and more secure ways to protect their systems and meet PCI DSS Requirement 5. Increasing numbers of IT managers are finding application whitelisting to be the answer.

“Whitelisting is becoming an attractive and cost effective way for retailers to protect both customer data and their own infrastructure. Certain retailers deploy whitelisting technology and take a lock down approach to end point security,” said Glenn Williamson, Corporate Security Officer for Cyberklix Inc., an approved QSA and ASV firm in North America. “Protection against known malware is currently provided,, but at all times there are unknown variants that signature-based protection cannot account for.. We must further protect our and our client’s information and this is where we have begun to see a new market presence for whitelisting.”

UK retailer Marks and Spencer selected Bit9 Parity to protect over 16,000 point of sale systems and help the company enforce the Payment Card Industry Data Security Standard. Other leading retailers using Bit9 application whitelisting to protect their systems include 7-Eleven, Ahold, Petsmart, and Ritz Camera.

Point of Sale (POS), self check out, kiosks and other retail systems pose a serious security challenge as they are often targeted by malicious hackers for their role in handling sensitive and valuable cardholder data. Yet most companies are unable to easily control what applications can and cannot run on these machines. Blacklisting technologies such as antivirus software cannot always protect against targeted, low profile malware making its way onto a system. Many retail systems are also unable to easily receive updates and patches or control portable storage devices, leaving systems open for employees or malicious hackers to install unauthorized software or copy confidential information.

Bit9 gives IT professionals the ability to identify and decide which applications and devices are approved and appropriate to run in their retail environment, while blocking any unauthorized software or storage devices. This proactive approach eliminates the risks associated with all forms of unwanted software, including targeted attacks for which no signatures exist. In addition, many retail computer systems are not made to handle the large signature files that are now needed by antivirus and anti-malware solutions for scanning. With whitelisting, Bit9 lifts that burden by preventing immediate “forklift” hardware upgrades that can cost millions and allows retailers to leverage their existing systems for a longer period of time.

“Bit9 understands that retailers are seeking the simplest, securest route possible for both PCI compliance and cardholder data protection. Bit9 is committed to providing cost effective solutions to meet customer challenges,” said Tom Murphy, Bit9 Chief Strategist and company representative to the PCI Council. “Our discussions with customers at this year’s PCI Community Meeting demonstrated that antivirus is not always that solution, and we are seeing an increasing demand for whitelisting within the retail community.”

About Bit9
Bit9 is the pioneer and leader in enterprise application whitelisting. The company's patented application control solutions ensure only trusted and authorized applications are allowed to run, eliminating the risk caused by malicious, illegal and unauthorized software. Unlike traditional, reactive controls that try to scan and prevent the never-ending list of unauthorized software, Bit9 leverages the Bit9 Global Software Registry™ -- the world's largest database of software intelligence - to ensure only authorized applications can run, delivering the highest levels of desktop security, compliance, and manageability. Bit9 customers include companies in a wide variety of industries, such as retail, financial services, healthcare, e-commerce, telecommunications, as well as government agencies. Founded in 2002, Bit9 is privately held and based in Waltham, Massachusetts. For more information, visit http://www.bit9.com or call +1 617.393.7400.