News ReleasesCategory3 min read

Bit9 + Carbon Black Applauds PCI Security Standards Council’s Support for Application Allowlisting as a Deterrent against Credit Card Fraud

WALTHAM, Mass.—January 6, 2015Bit9® + Carbon Black®, the leader in endpoint threat prevention, detection and response, applauds the PCI Security Standards Council for its support of application allowlisting as an effective method for preventing fraud related to credit card transactions. That position is reflected in the article “Expand Your Security Strategy to Stop Data Breaches,” coauthored by Troy Leach, chief technology officer for the PCI Security Standards Council, and Christopher Strand, PCIP, director of compliance programs for Bit9 + Carbon Black. The article was published by Dark Reading.

To demonstrate its support for application allowlisting (also known as “application control” or “default deny”), the PCI Council invited Strand to coauthor the article about expanding an organization’s security strategy as a means of preventing data breaches.

“Application control solutions such as enterprise allowlisting enable merchants to specify what software is trusted for execution in their payment environment,” Leach and Strand wrote. “Allowlisting helps limit the ability for malware to be executed on computers inside a payment system. The use of allowlisting as an additional solution for preventing malware will help to provide a layered security approach to ensure deeper coverage against the sophisticated types of malware attacks that are targeting systems – particularly retail point-of-sale software. Allowlisting is an additional arrow in a ‘defense in depth’ quiver to support PCI DSS requirements, where each reinforces the other to help achieve stronger security.”

Strand praised the PCI Council for its support for application allowlisting and the positive effect it will have for the security of consumers and businesses: “PCI DSS v3 moves us in the right direction when it comes to strengthening payment systems. We commend the PCI Council for recognizing the evolving threat landscape and reacting accordingly. It’s clear that data breaches are no longer occurring haphazardly in a vacuum using nuisance malware. Today’s attacks are targeted and complex and require layered defenses, including application allowlisting.”

In the article, Leach and Strand addressed the importance of continuously monitoring new risks and implementing layered security: “The challenge of preventing data breaches will never disappear,” they wrote. “However, by deploying layered security controls and processes, continuously monitoring their effectiveness, and regularly assessing new threats and new opportunities to reduce risk, your organization can establish an effective offense that can stop malware attacks cold—and foster peace of mind for the safety of cardholder data.”

Antivirus, while as effective as it ever was against nuisance malware, is no match for today’s targeted attacks and sophisticated malware, Strand noted.

As the world’s most widely-deployed application control/allowlisting solution, Bit9 is trusted by more than 1,000 organizations, including 25 of the Fortune 100, to secure their high-risk endpoints and servers against advanced attacks. Bit9 is the first enterprise-scale, trust-based application allowlisting solution that scales up to 250,000 endpoints per console, giving you confidence that your entire enterprise is truly protected from today’s modern threats.

About Bit9 + Carbon Black
Bit9 + Carbon Black offers the most complete solution against the advanced threats that target your organization’s endpoints and servers. This makes it easier for you to see—and immediately stop—those threats.

Carbon Black’s lightweight endpoint sensor, which can be rapidly deployed with no configuration to enable detection and response in seconds, combined with Bit9’s industry-leading prevention technology, delivers four key benefits:

  • Continuous, real-time visibility into what’s happening on every computer
  • Real-time threat detection, without relying on signatures
  • Instant response by seeing the full “kill chain” of any attack
  • Prevention that is proactive and customizable

More than 1,000 organizations worldwide—from 25 Fortune 100 companies to small enterprises—use Bit9 + Carbon Black to increase security, reduce operational costs and improve compliance. Leading managed security service providers (MSSP) and incident response (IR) companies have made Bit9 + Carbon Black a core component of their detection and response services. With Bit9 + Carbon Black, you can arm your endpoints against advanced threats.

Bit9 and Carbon Black are registered trademarks of Bit9, Inc. All other company or product names may be the trademarks of their respective owners.