• Book Demo

Security Intelligence for Retail Organizations

Security Intelligence Helps Retailers Think Ahead About Vulnerability Management

Vulnerability management challenges in retail environments

According to the Verizon Data Breach Investigations Report, 2011 saw a 43% increase cyber attacks against retailers; 96% targeted payment card data and personal information; and 58% were launched by organized crime groups. In the same year, over 12 million retail customers were affected by breaches (Symantec Internet Security Threat Report).

It’s clear that retailers still face key vulnerability management challenges, including:

  • Mitigating reputational and financial risk – Gaps in vulnerability management process lay retailers open to breaches that damage company reputation, brand value and market capitalization.
  • Following the letter and spirit of PCI – The Payment Card Industry Data Security Standard (PCI DSS) remains a critical starting point for strengthening security, but better compliance doesn’t necessarily translate into better security.
  • Keeping ahead of web and mobile threats – Always-on transactional web applications can present attackers with an interface to web servers and backend databases.
  • Managing human vulnerabilities – Sophisticated phishing attacks targeting call center employees and supply chain vendors can open the door to malware infestations and advanced persistent threats.


Getting proactive about retail vulnerability management

Most security solutions tend to be reactive and can generate overwhelming amounts of data without providing clear information to preempt business risk. CORE Security enables retailers to take a proactive approach to revealing threats and preempting business risk. Our retail customers take the same opportunistic approach to security assessments that criminals employ – focusing on the “what” (payment card data) and without getting bogged down in the “where” (IP address, servers, applications). The result is a focused, cost-efficient vulnerability management and compliance program that aligns resources and budgets to address real business risks.


Business benefits and key capabilities for retail vulnerability management

CORE Security Business Benefits for Retail Organizations Predictive Security Intelligence Capabilities for Retail Organizations Vulnerability Management

Predict risks to customer data and other
critical assets

Take an offensive, real-world approach to assessing the security posture of your operations. Pinpoint exploitable weaknesses in your environment before breaches occur.

Proactively simulate and replicate attacks

  • Simulate threats in network environments to determine where exploit-based testing is needed
  • Safely replicate attacks targeting web applications, end-users and endpoints, network systems and devices, mobile devices and wireless networks
  • Get commercial-grade security assessment capabilities with over 30 updates per month

Validate and communicate risk in
business context

Present security data in terms that the CFO will understand. Don’t just identify technical exposures – reveal their implications on the business and relay risk in context of the organization’s unique business asset classifications, geographic locations, compliance mandates and more.

Reveal attack paths to business assets spanning multiple threat vectors

  • Reveal chains of vulnerabilities spanning from web applications and endpoints to backend customer databases, inventory management resources, etc.
  • Present dashboards and reports delineating specific at-risk assets such as POS systems, inventory databases, call center and web e-tailing systems

Increase security efficiency and effectiveness

Know where to take action and how to optimize budgets.  Focus security, IT and change management resources on addressing proven security issues – rather than on wading through endless security logs riddled with false positives.

Streamline and unify vulnerability
management processes

  • Validate data from across your security ecosystem, using real-time testing and analysis to pinpoint critical threats and eliminate false positives
  • Scale the frequency and scope of assessments across your entire infrastructure, including remote locations and web applications across store network, corporate network and back-office locations in your supply chain

Follow the letter and spirit of the PCI DSS

Don’t just check the compliance box once a year – gain ongoing predictive intelligence for continuously predicting threats and preempting business risk.

Fulfill PCI DSS Requirement 11.3 and prove compliance with several other requirements

    • Using CORE solutions can fulfill Requirement 11.3, which calls for network and application penetration testing
    • Demonstrate that security controls mandated by the following PCI Requirements are in-place and operating effectively:
      • 1: Firewalls
      • 2: Security passwords and parameters
      • 5: Anti-virus software
      • 6: Secure systems and applications
      • 11: Test security systems and processes
      • 12: Maintain an end-user security policy

Directly contribute to performance objectives and ensure security awareness

Mergers, new channels, staffing changes: Change is the only thing that is constant in retail. This environment necessitates continuous improvement in security practices and awareness to safeguard business assets and minimize downtime – so your organization can focus on customers and sell more.

Continuously assess security defenses
and awareness

  • Continuously assess large, diverse IT environments
  • Conduct security awareness testing through safe and controlled replication of social engineering threats
  • Proactively evaluate defensive technologies such as intrusion prevention systems and firewalls to keep up against real-world attacks
  • Maintain asset visibility by automatically sensing and adapt to changes in infrastructure

Next Steps

Request Info