McAfee Embedded Control for Retail

Similar documents
McAfee Embedded Control

McAfee Embedded Control

McAfee Embedded Control for Healthcare

McAfee Embedded Control for Aerospace and Defense

McAfee Public Cloud Server Security Suite

Comprehensive Database Security

The McAfee MOVE Platform and Virtual Desktop Infrastructure

McAfee Endpoint Security

McAfee Application Control/ McAfee Change Control Administration

McAfee Host Intrusion Prevention Administration Course

Security and PCI Compliance for Retail Point-of-Sale Systems

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection

Defend Against the Unknown

United Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security

Building Resilience in a Digital Enterprise

McAfee epolicy Orchestrator

McAfee Endpoint Threat Defense and Response Family

Protecting the Internet of Things

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.

McAfee Web Gateway Administration

McAfee Virtual Network Security Platform

Symantec Endpoint Protection 14

Total Protection for Compliance: Unified IT Policy Auditing

Understanding the McAfee Endpoint Security 10 Threat Prevention Module

Ritz Camera Leverages Whitelisting for Picture Perfect Security

McAfee Endpoint Security

Symantec Endpoint Protection

Intelligent, Collaborative Endpoint Security

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

Petroleum Refiner Overhauls Security Infrastructure

GDPR: An Opportunity to Transform Your Security Operations

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

McAfee Network Security Platform Administration Course

The Convergence of Security and Compliance

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Changing face of endpoint security

Services solutions for Managed Service Providers (MSPs)

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

NIST Compliance Controls

Securing the Software-Defined Data Center

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

Security by Default: Enabling Transformation Through Cyber Resilience

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Carbon Black PCI Compliance Mapping Checklist

Power, Patch, and Endpoint Managers Expand McAfee epolicy Orchestrator Platform Capabilities While Cutting Costs

BUFFERZONE Advanced Endpoint Security

McAfee MVISION Endpoint 1811 Installation Guide

CA Security Management

Sustainable Security Operations

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

For Businesses with more than 25 seats.

McAfee MVISION Endpoint 1808 Installation Guide

McAfee Advanced Threat Defense

SIEM: Five Requirements that Solve the Bigger Business Issues

Symantec Client Security. Integrated protection for network and remote clients.

McAfee Skyhigh Security Cloud for Amazon Web Services

White Paper. New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

Expand Virtualization. Maintain Security.

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

SECURITY & PRIVACY DOCUMENTATION

McAfee MVISION Cloud. Data Security for the Cloud Era

Wireless and Network Security Integration Solution Overview

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Imperva Incapsula Website Security

Securing Your Amazon Web Services Virtual Networks

IT-Security Symposium in Stuttgart. Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen

Ethical Hacking and Prevention

McAfee Skyhigh Security Cloud for Citrix ShareFile

AT&T Endpoint Security

Securing the Next-Generation Data Center

Network Security Platform Overview

Endpoint Security for DeltaV Systems


BUFFERZONE Advanced Endpoint Security

Securing Your Microsoft Azure Virtual Networks

McAfee Total Protection for Data Loss Prevention


McAfee Endpoint Security

McAfee Drive Encryption Administration Course

Securing Today s Mobile Workforce

The threat landscape is constantly

Product Guide. McAfee Web Gateway Cloud Service

SIEM Solutions from McAfee

SIMATIC. Process Control System PCS 7 V7.0 SP1 Security Information Note: Setting up antivirus software. Preface. Using virus scanners 2

Security: The Key to Affordable Unmanned Aircraft Systems

Symantec Enterprise Solution Product Guide

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Release Notes McAfee Application Control 6.1.2

McAfee Network Security Platform

REMOTE IT MANAGEMENT SOLUTIONS: MANAGE REMOTE OFFICES WITHOUT LEAVING YOURS

McAfee EMM Best Practices Document Upgrading your High Availability EMM installation

McAfee Endpoint Security

Combating Today s Cyber Threats Inside Look at McAfee s Security

Transcription:

McAfee Embedded Control for Retail System integrity, change control, and policy compliance for retail point of sale systems McAfee Embedded Control for retail maintains the integrity of your point-of-sale (POS) systems, kiosks, or other embedded systems by only allowing authorized code to run and authorized changes to be made. It is the cost-effective, quick-to-deploy software solution that resolves software security, change control, and compliance issues for the lifetime of your retail system. McAfee Embedded Control is a small-footprint, low-overhead, application-independent solution that provides deploy-and-forget security. McAfee Embedded Control converts potentially vulnerable embedded systems built on commercial operating systems into rock-solid black boxes to look like closed proprietary operating systems. It prevents any unauthorized program that is on a disk or injected into memory from executing and prevents unauthorized changes to an authorized baseline. Executional Control With McAfee Embedded Control enabled prior to product shipment, only programs contained in the McAfee dynamic whitelist are allowed to execute. Any other programs are considered unauthorized. Their execution is prevented, and the failure is logged by default. This prevents worms, viruses, spyware, and malware that install themselves from executing illegitimately. Memory Control Memory control ensures that running processes are protected from attempts to hijack them. Unauthorized code injected into a running process is trapped, halted, and logged. This way, attempts to gain control of a system through buffer overflow, heap overflow, stack execution, and similar exploits are rendered ineffective and logged. 1 Change Control McAfee Embedded Control detects changes in real time and provides visibility into the sources of change by: Verifying that changes were deployed or attempted Providing an audit trail of all changes Allowing changes to be made only through authorized means McAfee Embedded Control enables change control enforcement by specifying the authorized means of Key Advantages McAfee Embedded Control enables retailers to maintain the integrity of POS devices, kiosks, and other embedded systems by: Preventing malware through dynamic whitelisting Solidifying gold standard images to make devices tamperproof Auditing retail system configurations Automatically unlocking systems for signed updates 1 McAfee Embedded Control for Retail

making changes. You designate the people or processes that can apply changes, which certificates are required to allow changes, and when changes may be applied. Change control agents are deployed on each node for which change data is needed. Those agents work in conjunction with these modules: Real-time change tracking module logs all changes to system state, including code, configuration, and the registry. Change events are logged as they occur, in real time, and sent to the system controller for aggregation and archival purposes. The proactive change validation module verifies each change before it is applied on target systems. With this module enabled, updates to software systems may only be made in a controlled manner. The system controller module manages communication between the system controller and the agents. It aggregates and stores change event information from the agents in the independent system of record (ISR). Audit and Policy Compliance McAfee Embedded Control and McAfee epolicy Orchestrator (McAfee epo ) software bundled as McAfee Integrity Control provides dashboards and reports that help you meet compliance requirements. These are generated through the McAfee epo console, which provides a web-based user interface. McAfee Embedded Control delivers integrated, closed-loop, real-time compliance and audit, complete with a tamperproof system of record for authorized activity and unauthorized attempts. Kiosks Thin Clients Whitelist Blacklist Application Control Servers Point-of-Sale System Figure 1. McAfee Embedded Control software extends a layer of protection to fixed-function devices such as kiosks, POS terminals, and legacy platforms to reduce customer risk exponentially. The Current Retail Environment Many of today s POS terminals, kiosks, and other retail systems are running popular Microsoft Windows, Linux, and Android operating systems. What s more, they are interconnected via Ethernet, Bluetooth, Wi-Fi, or other means. As a result, there are significant control, security, and compliance challenges. 2 McAfee Embedded Control for Retail

Operational challenges Too many people in the distribution channel have access to the inner workings of retail systems. As a result, it is difficult to enforce a validated, as shipped image. And yet manufacturers must still honor warranties when unauthorized changes are made. Support challenges Retail systems come with their own unique set of support challenges: Retail systems are vulnerable to existing and zeroday security threats, which are now key causes of in-field breakage or unavailability. Antivirus software is not sufficient to defend against these threats and degrades retail system performance. Many systems are accessed by on-site support personnel with administrative privileges for applying software updates and for break-fix support, which makes compliance auditing and assurance difficult. The product lifespan of retail systems can be 10 years or more. Even with a topnotch service model, it s difficult to defend against the constant barrage of threats to these older systems. Patching and other unauthorized changes can impede performance and affect system compliance status. Far too often, this requires putting a technician on the scene. Costs go up, and customers start looking for another vendor. Revenue stream challenges Several retail system manufacturers charge for adding or certifying that a new hardware, application, or utility version is compatible and can be installed on the retail system during production. However, these system manufacturers do not have a way to enforce this other than owning the entire professional services and support role of the distribution channel. End-customer expectation challenges Retailers expect and deserve systems that offer high availability, regulatory compliance, and foolproof security. However, when systems are vulnerable, it is difficult for system manufacturers to satisfy these expectations. About McAfee Embedded Security McAfee Embedded Security solutions help manufacturers ensure that their products and devices are protected from cyberthreats and attacks. McAfee solutions span a wide range of technologies, including application whitelisting, antivirus and anti-malware protection, device management, encryption, and risk and compliance and all leverage industry-leading McAfee Global Threat Intelligence. Our solutions can be tailored to meet the specific design requirements for a manufacturer s device and its architecture. Next Steps For more information, visit www.mcafee.com/embeddedsecurity or contact your local McAfee representative. 3 McAfee Embedded Control for Retail

Feature Description Benefit Guaranteed System Integrity External threat defense Internal threat defense Advanced Change Control Secure authorized updates by manufacturer Ensure that only authorized code can run. Unauthorized code cannot be injected into memory. Authorized code cannot be tampered with. Local administrator lockdown offers the flexibility to prevent even administrators from changing what is authorized to run on a protected system, unless presented by an authentic key. Ensures that only authorized updates can be implemented on in-field embedded systems. Eliminates emergency patching, reduces number and frequency of patching cycles, enables more testing before patching, and reduces security risk for difficult-to-patch systems Reduces security risk from zero-day, polymorphic attacks via malware such as worms, viruses, Trojans, along with code injections like buffer-overflow, heap overflow, and stack-overflow Maintains integrity of authorized files, ensuring the system in production is in a known and verified state Reduces cost of operations via both planned patching and unplanned recovery downtime and improves system availability Protects against internal threat Locks down what runs on embedded systems in production and prevents change even by administrators Ensures that no out-of-band changes can be deployed on systems in the field. Prevents unauthorized system changes before they result in downtime and generate support calls Offers manufacturers the choice to retain control over all changes themselves or authorize only trusted customer agents to control changes Verify that changes occurred within approved window Ensure that changes were not deployed outside of authorized change windows. Authorized updaters Ensure that only authorized updaters (people or processes) can implement changes on production systems. Real-Time, Closed Loop, Audit and Compliance Real-time change tracking Track changes as soon as they happen across the enterprise. Comprehensive audit Capture complete change information for every system change: who, what, where, when, and how. Identify sources of change Link every change to its source: who made the change, the sequence of events that led to it, and the process/program that affected it. Prevents unauthorized change during fiscally sensitive time windows or during peak business hours to avoid operational disruption and/or compliance violations Ensures that no out-of-band changes can be deployed on production systems Ensures that no out-of-band changes can be deployed on production systems An accurate, complete, and definitive record of all system changes Validation of approved changes, quickly identify unapproved changes, increase change success rate 4 McAfee Embedded Control for Retail

Feature Description Benefit Low Operational Overhead Deploy and forget Software installs in minutes, no initial It works out of the box and is effective immediately after configuration or setup necessary and no ongoing configuration necessary. installation no ongoing maintenance overhead, thereby favorable choice for a low OPEX security solution configuration. Rules-free, signature-free, no learning period, application independent It does not depend on rules or signature databases, so it is effective across all applications immediately, with no learning period. Needs very low attention from an administrator during server lifecycle. Protects server until patched or unpatched server with low, ongoing OPEX. Its effectiveness does not depend on quality of any rules or policies. Small footprint, low runtime overhead Guaranteed no false positives or false negatives It takes up less than 20 MB disk space and does not interfere with applications runtime performance. Only unauthorized activity is logged. Ready to be deployed on any mission-critical production system without impacting its run-time performance or storage requirements Accuracy of results reduces OPEX as compared to other host intrusion prevention solutions by dramatically reducing the time needed to analyze logs daily/weekly. Improves administrator efficiency, reduces OPEX. 1. Only available on Microsoft Windows platforms. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo, epolicy Orchestrator, and McAfee epo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2017 McAfee, LLC. 35402ds_embedded-control-retail_0312B MARCH 2012 5 McAfee Embedded Control for Retail

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback