POS and Store Systems Security

Control Change, Block Advanced Threats, Secure Customers with Bit9

Harry-On-CnnBit9’s Point of Sale (POS) and Store Systems security solution continuously monitors and records all activity on POS, store systems, fixed function devices, and corporate endpoints for real-time detection and denial of unauthorized software.

With Bit9 you can control change, block advanced threats, and secure your customers’ personal and financial information to significantly minimize attack surfaces and comply with key Payment Card Industry (PCI) Data Security Standard (DSS) requirements with less administrative effort and cost than ineffective antivirus tools.


  • Prevention: Create policies for software that you trust to run on your POS systems, workstations, fixed-function machines and servers, and prevent anything else from running.
  • Advanced device control: Ban/approve portable storage devices from reading, writing and executing down to a specific serial number to prevent data leakage and unintentional or intentional direct loading of malware. This includes USB drives, CDs, iPods, etc.
  • Complete audit trail: Gain real-time intelligence about all of your file assets, so you can report on any asset for an audit, a pre-compliance assessment, or security intelligence gathering.
  • File integrity monitoring: Continuous, real-time file monitoring protects your critical configuration files from unauthorized changes to meet file integrity monitoring and control and audit trail rules.
  • Extend the life of your store systems: Free your organization from the hassles of antivirus—no more scanning, signature updates or holiday freezes.

The Bit9 Security platform helps you achieve all of your project goals:

Improve Security – Stop Advanced Threats and Malware

  • Create policies so only the software you trust can run on your enterprise systems including POS devices, workstations, fixed-function machines and servers. Prevent everything else from running.
  • Detect advanced threats and malware that evade antivirus and other signature-based detection tools with Bit9’s real-time sensors, Advanced Threat Indicators, and cloud-based Software Reputation Service.
  • Get advanced device control for thumb drives, CDs, iPods, etc., to ban/approve these portable storage devices from reading, writing and executing at a serial number level. Prevent data leakage and unintentional or intentional direct loading of malware.
  • Consolidate your enterprise security stack and eliminate the need for and costs associated with other security software.

Lower Your Administrative Effort

  • Reduce support and IT costs by eliminating frequent patching, scanning and signatures updates required by antivirus and other signature-based detection tools.

Demonstrate Ongoing PCI DSS Compliance

  • Build intelligence around all of your file assets, including their prevalence, trust rating, and inherited vulnerabilities. Report on any asset for an audit, a pre-compliance assessment or security intelligence gathering.
  • Meet file integrity monitoring and control and audit trail rules with continuous, real-time file monitoring. Protect your critical configuration files from unauthorized changes.
  • Enforce your trust policies whether your systems are online or offline.
  • Focus only on those events that are relevant to your business and lower the cost of obtaining compliance data.

Extend the Life of Your Systems

  • Keep your operating systems in a compliant state after their end-of-life and eliminate
    • Financial penalties and brand damage associated with failed audits, data breach, or non-compliance
    • The need to upgrade to newer operating systems
    • The high costs of extended support contracts and hardware upgrades
  • For PCI compliance, deploy Bit9 as a compensating control in lieu of regular operating system patches and updates that are no longer available.

Easily implement and demonstrate ongoing compliance with many requirements of the PCI DSS standards.

Requirement Bit9 Solution

Section 2:
Systems configuration and default tracking

Bit9 helps retailers control the execution of software, ensure that systems are prevented from drifting from their desired state, track changes to system configurations and allow only approved services and software to run according to the policy established for each endpoint. This enables your organization to detect in real time what is arriving, executing and propagating in your environment so you can better protect company assets and measure compliance risk at any time.

Section 5:
Malware protection

Bit9’s real-time sensor and recorder and real-time enforcement engine stop advanced threats that evade traditional defenses including zero-day and targeted attacks.

Requirement 6:
Secure systems and applications

Bit9 enables organizations to apply real-time, proactive threat and trust measurements to the asset inventory, discover potential risky files, enforce control on the endpoints and provide immediate low-friction analysis and risk ranking of any potential file vulnerabilities discovered. Bit9 can secure the system configuration and be a compensating control to extend the life of systems that are required to run unsupported versions of operating systems.

Requirement 7 and 9:
Restrict data access

When users log into a system protected by Bit9, they are restricted to run only preapproved applications. Bit9 also can restrict access to portable storage devices containing cardholder data and ensure only authorized staff are allowed to copy cardholder data to portable storage devices.

Requirement 10:
Regularly monitor and track access

Bit9′s file-integrity control capability tracks all changes and events by users, blocks unauthorized activities and ensures that only authorized processes can write to log data files. Plus, Bit9 easily integrates with SIEM consoles to provide immediate intelligence about monitored assets and compelling security events—all from a single pane of glass.

Section 11:
Protect critical system files

Bit9 file-integrity control prevents unauthorized modification of critical system and content files while ensuring only authorized processes can write to these files. With Bit9, organizations receive analyzed data in real time so they can act immediately to guard and protect all critical systems and data.

Section 12:
Policies and procedures

Bit9′s automated reporting features provide the real-time, actionable intelligence organizations need to monitor compliance, identify any unexpected activity or event, notify end users and company personnel of updated and recent security policy changes, and proactively improve their security postures. In addition, Bit9′s compliance services provide the security awareness training needed to ensure that policies are up to date, disseminated and understood by the parties that are most affected by PCI compliance.
Video: 10 Ways to Protect Your Company From a Data Breach
Bit9 Whiteboard - 9 Ways to Secure Your Store Systems and Ensure PCI Compliance

Bit9 POS Security Assessment

POS secure against memory-scraping? Bit9 can tell you.

Request Now

USA Today: How to Boost Security of Your Payment Cards

Read Article

Whitepaper: The Convergence of Security and Compliance

View Now