Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Similar documents
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Payment Card Industry Data Security Standard

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

End-user Security Analytics Strengthens Protection with ArcSight

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

IT Security Strategy and Priorities. Stefan Lager CTO Services

Injazat s Managed Services Portfolio

PCI Solution for Retail: Addressing Compliance and Security Best Practices

The Impact of HIPAA and HITECH

A HELPING HAND TO PROTECT YOUR REPUTATION

PCI DSS Reporting WHITEPAPER

How To Secure Your Store Data With Fortinet

Clavister InSight TM. Protecting Values

How To Protect Your Cloud From Attack

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Unified Threat Management, Managed Security, and the Cloud Services Model

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

AVeS Cloud Security powered by SYMANTEC TM

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Avoiding the Top 5 Vulnerability Management Mistakes

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Global Partner Management Notice

Verve Security Center

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic

SANS Top 20 Critical Controls for Effective Cyber Defense

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Integrated Threat & Security Management.

Extreme Networks Security Analytics G2 Vulnerability Manager

PCI DSS COMPLIANCE DATA

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Readiness Assessments: Vital to Secure Mobility

The Business Case for Security Information Management

Managed Services. Business Intelligence Solutions

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Perspectives on Cybersecurity in Healthcare June 2015

Lot 1 Service Specification MANAGED SECURITY SERVICES

Client Security Risk Assessment Questionnaire

Vulnerability Management

2012 Data Breach Investigations Report

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

2012 Endpoint Security Best Practices Survey

THE TOP 4 CONTROLS.

The Hillstone and Trend Micro Joint Solution

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Nine Steps to Smart Security for Small Businesses

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Response to Questions CML Managed Information Security

Managed Security Services for Data

V1.4. Spambrella Continuity SaaS. August 2

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk

PCI Compliance for Healthcare

Security Management. Keeping the IT Security Administrator Busy

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Current IBAT Endorsed Services

ALERT LOGIC FOR HIPAA COMPLIANCE

IBM Security QRadar Vulnerability Manager

Enterprise Security Solutions

Data Access Request Service

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Defending the Database Techniques and best practices

Devising a Server Protection Strategy with Trend Micro

Enterprise Computing Solutions

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

With Great Power comes Great Responsibility: Managing Privileged Users

MANAGED SECURITY SERVICES (MSS)

Franchise Data Compromise Trends and Cardholder. December, 2010

Did you know your security solution can help with PCI compliance too?

PCI Compliance. Top 10 Questions & Answers

Best Practices For Department Server and Enterprise System Checklist

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Building a Business Case:

Caretower s SIEM Managed Security Services

Devising a Server Protection Strategy with Trend Micro

Endpoint protection for physical and virtual desktops

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

A practical guide to IT security

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Internet threats: steps to security for your small business

Click&DECiDE s PCI DSS Version 1.2 Compliance Suite Nerys Grivolas The V ersatile BI S o l uti on!

The Education Fellowship Finance Centralisation IT Security Strategy

Preemptive security solutions for healthcare

WHITE PAPER. Managed Security. Five Reasons to Adopt a Managed Security Service

5 TIPS FOR MAXIMIZING THE VALUE OF YOUR SECURITY ASSESSMENT

SecurityMetrics. PCI Starter Kit

Cloud and Data Center Security

Goals. Understanding security testing

Transcription:

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network

Executive Summary This white paper introduces the challenges retailers face as open access for employees increases and as interactive customer management systems become more global and demanding. Retail IT security challenges include protecting trade secrets, enhancing internal operations, and protecting customers privacy, while ensuring customers have a seamless experience across all purchasing channels. This paper introduces how a managed security service provider (MSSP), such as Clone Systems, can help your organization design and implement security and privacy measures that support successful customer engagement and protect the privacy of your proprietary and customer data. Analyzing Security for Retailers 2

Understanding Retailers Security Challenges Customers now expect purchases and exchanges to be available anytime and anywhere. As a result, the retail landscape is changing quickly and dramatically. Online shopping is increasing, as retailers of all types and sizes expand product offerings and add new services. Retailers must ensure they have security in place to support these new services. Retailers are striving to do more with fewer people and fewer resources. Implementing a robust security system provides a way to reduce costs, drive sales, improve customer satisfaction, and improve security. But cost-consciousness demands that retailers invest in solutions that employees and customers will actually use. Small and medium businesses often lack time and personnel to proactively focus on security. Management may be more concerned about compliance than with a long-term strategy. Smaller organizations may also find they lack employees with the skills to maintain adequate security. Retailers must take steps to protect themselves and their customers from attacks. Retailers can take the following measures: Implement a robust intrusion prevention solution (IPS). IPS defends networks against SQL injection attacks, web exploit kits, and downloader Trojans. Retailers should implement an IPS that can detect and block current and emerging cyber-attacks. Implement a web application firewall. Firewalls prevent web applications from infiltration. Retailers should employ a security expert to continually maintain and monitor firewalls. Monitor servers and security devices 24x7x365. Retailers should monitor servers and security devices, such as firewalls, IDS/IPS, and host antivirus, at all times to identify and fix security issues. Apply timely and actionable intelligence. Retailers should always have current, actionable intelligence about the latest threats and the IP addresses associated with them. This information allows the security team to spot any infection inside the network. Perform regular vulnerability scans and penetration tests. Vulnerability scans and network penetration tests can help retailers identify issues and improve their security, especially when defending against web attacks. But threats don t always come from external sources; often, data leaks can originate from employees, through intentional theft, lost or stolen devices, or accidental exposure. Firms that do not adequately address security issues may face fines, serious damage to their brand, and steep financial losses. Retailers who do not invest in their security provisions may find that the short-term savings are not worth the potential for huge losses should a breach occur. Cyber-security typically isn t a core competency for retailers. Savvy retailers frequently find that by partnering with an experienced service provider that they can protect themselves against current, emerging, and persistent threats. Retailers need to be constantly vigilant and aware of threats and how they might impact their business and have a plan to address them. Analyzing Security for Retailers 3

Choosing a Managed Security Service Provider The retail industry requires an end-to-end risk management process that can assess retail data systems and their IT infrastructure; determine necessary controls; and ensure compliance. An effective security management process for retailers will Target specific areas of risk Implement focused security controls for those areas Automate the monitoring and measurement of controls Before you purchase an MSSP, you need to do a thorough security and risk assessment. You ll need experienced information security personnel to perform a gap assessment that includes: Cataloging assets of your organization s production environment. Identifying the vulnerabilities or potential threats to each resource. Mitigating or eliminating the most serious vulnerabilities. Identifying and reducing IT risks. Once you have done the gap assessment, you can begin researching the right MSSP for your organization. How to identify the right MSSP An MSSP provider should: Monitor large amounts of data Be a certified scanning vendor Offer a managed IDS/IPS solution Offer a log management system that can correlate a variety of data sources Provide a centralized incident response system located at a secure operations center (SOC) Have a fully staffed, 24/7 operation with experienced information security personnel Be able to perform a gap assessment that includes o Monitoring and analyzing both user and system activities o Analyzing system configurations and vulnerabilities o Assessing system and file integrity o Finding patterns typical of attacks o Analyzing abnormal activity patterns o Tracking user policy violations; integrated change management processes; log analysis, file-integrity checking, policy monitoring, rootkit detection, and real-time alerting. Analyzing Security for Retailers 4

Key challenges and solutions The following table shows challenges retailers face and the solutions that can alleviate those challenges. Challenge Analyze exposure to internal and external data breaches. Assess risk of information lost across networks, web applications, storage, and endpoints. Discover, monitor, and protect confidential information. Demonstrate compliance with HIPAA, PCI, and state privacy laws. Encrypt data on desktops, laptops, and disks. Protect endpoints from malware and threats (antivirus, antispyware, firewall, intrusion prevention, and device and application control). Lock configuration settings and file systems. Control how removable media is used. Prepare for compliance audits. Automate policy management and check technical and procedural controls. Track and monitor security incidents. Solutions Clone Guard Scanning and Vulnerability Services Clone Guard Penetration Testing Clone Guard Scanning and Vulnerability Services Clone Guard Monitoring Services Clone Guard Managed Security Services (firewall, routers, switches, intrusion prevention, and load balancers) Clone-Guard Managed Services Analyzing Security for Retailers 5

Why Clone Systems Clone Systems advocates an end-to-end risk management approach to help ensure security and privacy for your retail organization. This approach allows Clone Systems to identify risks and find inefficiencies in your system. Clone can leverage existing infrastructure and integrate new products to automate security and ensure compliance. Clone focuses on a risk management process that Assesses information exposure and vulnerabilities Implements security controls Ensures your network is always compliant with industry standards By using Clone Systems as your MSSP, you can ensure that your network is always secure and that your proprietary and customer data is safe. Analyzing Security for Retailers 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information