Small to large retail vendors are constantly aspiring to improve customer experience, resulting in more friendly point of sale (POS) interactions.
But these new, efficient payment systems present a new attack vector for data thieves attempting to capture consumer payment card information.
A more elegant and efficient containment solution would combine layered defense with whitelisting, where the application is cross-referenced with a list of trusted applications. If it is found on the whitelist, the program is released to run on the endpoint. Critical system resources are released back to critical POS applications.
If the application is not on the trusted application list, it can be examined as potential malware code, as well as cross-referenced against a blacklist database of known malware. Known malware can then be quarantined without further action required. Applications that don’t appear on either list may still run safely in the containment area. This approach minimizes any disruption to the user’s experience.
The rash of POS breaches of late have many in the industry re-thinking how to avoid malware from infecting their POS systems and accessing sensitive customer information. Even PCI compliant POS systems are not immune to data theft. For businesses to protect customer data from expert thieves, data needs to be encrypted from end-to- end using strong ciphers and algorithms so that in the event of a breach, any exfiltrated data has no value to the thief due to the data being illegible.
In the case of POS systems, just as any working endpoint, the best-practice mindset of defense-in-layers should be applied. Over and above any PCI requirements, application containment, anti-malware software, firewalls, regulated ACLs, granular event logging, incident response facilitation should all be considered as must-haves on these machines and the back-end systems they report to.
Even the best antivirus (AV) solutions on the market cannot protect your POS systems from zero-day malware exploits – when an unknown malware threat exploits your system while it is still vulnerable to attack. The default behavior of legacy security software is to allow unknown files to enter the organization.
Managing these unknown threats while maintaining operational POS systems is critical, particularly in the busy holiday season, when sales are at their peak. The next-generation approach to this problem, containment, is to isolate unknown applications in a secure environment where they can run safely without the ability to interact with the host endpoint. However, many of these solutions on the market drag down system performance by utilizing large quantities of system resources typically not available on low-end systems.
The safest approach to protecting your POS system is to assume that at some point, legacy malware detection methods will fail.
Containerization, basically creating a secure environment in a box which wraps the application, leverages new technology so that applications can operate apart from the rest of the host environment.
Essentially, you are creating an isolated environment for unknown files to operate in without any risk of infecting the host system.
Michél Bechard is director of service provider technologies at Comodo.
