Solidcore 'runtime control' secures the POS

CUPERTINO, Calif. — Solidcore Systems Inc., provider of software to detect and prevent unwanted change, has released POS Check and Control for easily securing and controlling distributed retail POS systems and kiosks. The solution is based on Solidcore's "runtime control" technology that is designed to solve the rigors of POS security, malware protection and Payment Card Industry Data Security Standard (PCI DSS) compliance with minimal system and operational overhead.

Solidcore is an established leader for securing POS systems and is the chosen protection solution for nearly 100,000 POS systems worldwide. Unlike application whitelisting, host intrusion prevention systems (HIPS) and anti-virus, Solidcore provides runtime control capabilities that deliver comprehensive security with low overhead. Runtime control ensures only pre-authorized software and code can run on POS systems while securely allowing software updates from trusted sources, such as those generated by retail coupon engines. Solidcore's runtime control also prevents disk tampering, and provides advanced memory protection to authorized software to defend against buffer overflow vulnerability attacks and zero-day exploits.

"Financially motivated, targeted attacks are definitely focusing on POS systems," said John Pescatore, vice president and distinguished analyst for Gartner. "As with all business-critical systems, merchants must ensure they start with secure POS software and configurations, and then implement and enforce strong change control and vulnerability management processes to make sure that only authorized updates are allowed."

A retailer can use Solidcore's POS Check and Control to quickly validate field-deployed POS images against a gold image standard. Once POS systems are established as "clean" systems, Solidcore's runtime control works to prevent any malicious code or other unauthorized programs from executing. This unique security solution will allow an in-store technician to login as an administrator and perform routine maintenance while simultaneously preventing that technician from adding to or tampering with the set of software that is authorized to execute on the POS device.

This level of protection extends across all forms of access, from network to USB key. Once secure, POS Check and Control reports on POS system changes in real-time for continuous PCI DSS compliance verification. This includes providing continuous information about change events such as who is making changes, where changes were made, when the change was made, how the change was implemented, and what content changed.