Andrew Hollister
Director of LogRhythm Labs (EMEA);

Security Measures Retailers Should Have in Place

It’s the most wonderful time of the year!

As the rush towards Christmas continues and spending reaches fever pitch, those tasked with protecting retail networks, Point-of-Sale (POS) systems, and online shopping sites might be tempted to think it’s the most stressful time of the year!

The list of brands suffering breaches continues to grow, which reminds us that it really is when, not if you will be breached—and the time between the initial breach and the subsequent detection and response remains critical in protecting both cardholder data and personally identifiable information in general.

Given the high-profile breaches over the past few years, retailers know they need to do more than just ticking the compliance box. Continuous monitoring across all assets is required so that potential breach activity can be identified and migrated as early as possible.

So What Do Retailers Need to Do?

Well, to start with, they need to make better use of the log data that is generated by the entire infrastructure involved in credit card processing—whether that be POS systems, Web shops, back office infrastructure or networking equipment. All of these devices and applications can generate logs. And by properly monitoring them, you can gain insights on what is going on from end to end.

Furthermore, both POS systems and online shopping sites can be good candidates for installing agents for generating additional forensic data beyond that which is created by the operating system natively (e.g., file integrity monitoring plus registry monitoring on Windows).

POS endpoints and Web shops are usually running on purpose-specific hosts. This offers up the ability to create standard behavioral baselines (perhaps using a gold image). Using whitelisting or peer trending to detect when one or more systems exhibit behavior that is unusual or that deviates in some way from the other hosts in the environment are other tactics.

POS systems and e-tail shops should typically communicate across the network with specific peers. This is where network monitoring becomes very valuable—as you gain further visibility into each system’s communications—and it can quickly make any unusual communication visible to the appropriate personnel.

Retailers Need Actionable Insight

You don’t want to spend your valuable time trying to separate the signal from the noise—and a flood of alerts isn’t going to help. Security intelligence is all about using the data from the environment to generate actionable insight in order to detect and mitigate those threats that pose real harm to the environment. It allows you to discover previously unseen threats through advanced machine analytics.

LogRhythm’s easy-to-deploy and easy-to-use Security Analytics Platform gives you the visibility you need to keep abreast of everything going on in your retail environment—from an operational, compliance audit, and security perspective. It will help you to keep your customers’ information safe—whatever the season.