Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Retailers, like Target, that accept bank cards are required to adhere to a strict set of standards for protecting the cardholder data, the Payment Card Industry Data Security Standards (PCIS DSS). It has been frequently asserted that there has never been a data breach found where the victim was PCI DSS compliant at the time of the breach.
Yet we have had significant data breaches in card payment systems, the recent breach of the Point of Sale System at Target department stores may be the largest ever. While there has been rampant speculation, we really do not know exactly what happened in the Target data breach yet. One thing is certain, however, Target must have passed their last compliance review in order to be accepting bank cards.
If a company can be compliant and still be breached, what good are the standards?
We do not know if the Target data breach will reveal flaws in the PCI standards, but the larger issue here is that PCI compliance reviews provide a snapshot at a point of time, while data protection is a never ending process. The bad guys don’t sit back and say “Gee, that business is PCI compliant so we will stop trying”. They are relentless.
The Target data breach is stunning because of the size of the organization and amount of data compromised, up to 40 million customers. POS data breaches generally occur in much smaller organizations, especially “mom and pop” stores that can’t afford a large IT staff of their own. They may even still view POS systems as essentially cash registers and not networked computers, which of course they are.
In fact, the most common reason a retail POS system is breached is that the business did not even add the most basic protection of a personal firewall and antivirus scanner. Every device connected to your network requires these first lines of defense.
Given the consequences of a breach, a business should work to be compliant and secure at all times, regardless of the review requirements. In fact, the business needs to view data security as broadly part of their IT security requirements and endpoint management and not just a compliance process.
For example, many POS cash registers use Windows based systems, the most popular target for hackers. They attempt to spread malware onto them the same as they do for any Windows computer.
If that was the case in the Target data breach, it could have been prevented if they were using Comodo’s Endpoint Management System with antivirus with default/deny technology. All program files that cannot be verified as safe are run in a secure virtual operating system where it cannot harm the rest of the computer.
In addition, businesses would be wise to increase the frequency of compliance and threat detection scanning beyond the PCI requirements. Comodo offers 2 great services that provide PCI compliance scanning for your web site, HackerGuardian and Web Inspector.
HackerGuardian is an on-demand, vulnerability assessment scanning solution to enable merchants and service providers to achieve PCI scan compliance. After each scan, you receive a comprehensive vulnerability report detailing any security issues with remediation advice and advisories to help fix them.
Web Inspector provides the same PCI Scanning and much more. It scans your site daily for malware and continuously monitors for other threats. Importantly, Web Inspector monitors blacklist sites that list compromised web sites. If you are listed, for any reason, on such a site search engines will block them. You lose customers because they can’t find your site.
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats