SOURCE: Tripwire Inc.

May 29, 2007 09:05 ET

Tripwire Protects Retail's Most Vulnerable Technology Areas

From POS End-Points to Servers and the Database, Tripwire Enterprise Helps Ensure PCI Compliance Across the Retail Technology Infrastructure

PORTLAND, OR--(Marketwire - May 29, 2007) - Are point-of-sale (POS) devices relevant to data security? According to recent Gartner research, a vast majority of all data breaches occur at the POS, with 80 percent occurring within the store. Helping ensure security and compliance with the Payment Card Industry Data Security Standard (PCI DSS) is Tripwire Enterprise, a solution offering retailers effective security measures around their POS end-points and throughout the retail infrastructure.

According to Gartner, "By 2009, only 30 percent of POS systems will be compliant with prevailing software security standards."(1)

Improperly installed and maintained POS systems are commonly identified as the biggest risks to data compromise. "Many companies are discovering their greatest exposure is at the endpoint where PCs deployed in the field and at stores are more susceptible to hackers and malicious software," said Stephanie Bridges, Tripwire PCI Solutions Expert. "Tripwire helps protect data at these susceptible end-points by monitoring critical files and alerting appropriate personnel of any and all unauthorized change. The growing need to validate PCI compliance has many companies scrambling to monitor activity in their infrastructure but they need to remember to protect their POS systems as well."

Unauthorized changes, whether accidental, benign, malicious or originating from inside or outside the organization, can compromise consumer data security and customer confidence and loyalty. Tripwire enables companies to analyze and remediate issues that may otherwise go unnoticed, thereby improving data protection and satisfying file integrity monitoring and change control requirements outlined in the PCI DSS.

According to Gartner, "Device vulnerabilities are often overlooked by enterprises who tend to focus on enterprise servers and systems when securing their environments."(1) The Gartner report also stated, "Typically ignored by many companies are devices that hang off of corporate networks, where data is either collected or output, particularly point-of-sale devices and printers located throughout enterprise systems."(1)

Tripwire Enterprise offers the following to help to address POS system vulnerabilities:

--  Provides evidence that access to computing resources and cardholder
    information is limited only to those individuals whose job requires such
--  Detects new user IDs as well as the modification or deletion of
    existing user IDs.
--  Validates that patches rolled out are actually deployed properly and
    can identify any systems that are not correctly or fully patched.
--  Detects and respond to any unauthorized changes to firewall rules.
--  Searches configuration files for required security settings to
    wireless networks and alerts to deviations from defined policy.  Once
    configuration files are in compliance, Tripwire will monitor and alert to
    any changes allowing review and validation of the change.
--  Monitors file integrity across the entire enterprise -- as frequently
    as desired.
About Tripwire, Inc.

Tripwire, Inc. is the recognized leader of configuration audit and control solutions, serving over 5,500 enterprises worldwide. Tripwire enables IT to control risk and increase operational efficiency through its advanced configuration audit and control solutions that detect and analyze all configuration events across the IT infrastructure. Global enterprises rely on Tripwire to strengthen their compliance and security, reduce unplanned work, increase availability, and accelerate success with CMDB initiatives. Tripwire is headquartered in Portland, Ore. with offices in the UK and Japan. For more information visit:

©2007, Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. All other marks are property of their respective owners. All rights reserved.

(1) "New Attacks: Device Vulnerabilities Stand Out" by Avivah Litan, Don Dixon and Grey Young, December 7, 2006, Gartner, Inc.

Contact Information