Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Over the past year, there have been an alarming number of high profile data breaches of customer cardholder and personal information through compromises of retail Point-of-Sale (POS) systems. In December 2013, retail giant Target revealed that a breach of their Point-of-Sale systems in the early weeks of the holiday shopping season had compromised the personal data of as many 110 million customers, including the information needed to duplicate credit/debit cards.
Despite heightened awareness of the vulnerability of POS and the impact of POS breaches, 2014 has been a banner year for hacker attacks on POS. As each month has rolled by, the “body count” has piled up: Michaels, Neiman Marcus, PF Chang and Sally Beauty all reporting compromises to their POS and the loss of cardholder and customer personal information.
Then in August, a deluge. After Homeland Security warned of the Backoff malware that targets POS, there has been a flood of high profile POS compromise revelations. The US Secret Service has reported that at least 1,000 retailers have been compromised by Backoff and that the 7 largest makers of Point-of-Sale systems report having their customer systems infected. Breaches at the UPS Store and 2 of the largest owners of Supermarket chains, Supervalu and AB Acquisition are just a few of the large retailers believed compromised by Backoff.
In September the wave continued with a monster breach at Home Depot. The highly respected blog krebsonsecurity.com reported that banks have been that a large number of counterfeit credit cards were already available on the black-market that are connected to a breach of Home Depot POS.
And it hasn’t stopped. Dairy Queen and Staples have been revealed to be victims in recent weeks.
Are you going to be next?
The Target data breach provides an example of how severe the impact can be of a compromised POS system. In August, Target revealed that it had spent $148 million dollars in the second quarter, on top of $200 million in the first quarter, in cleaning up the immediate problem, such as cleaning the
malware from the network, reissuing cards and offering customer’s free identity theft services.
While this is offset by a $38 million insurance policy against such events, this does not include Target’s exposure to financial losses incurred by the cardholders and the issuing authorities. Target is currently defending itself against numerous law suits claiming billions of dollars in damages from the POS breach. In the aftermath of the breach, Target experienced a decline in the stock price and in year over year sales. While it is difficult to correlate, a loss of consumer confidence due to the breach is clearly a concern.
Shortly after the breach was revealed, Target’s Chief Information Officer resigned. In May, its Chief Executive Officer stepped down, at least partly due to the fallout from the breach. You can only imagine the impact that this incident and the leadership turmoil have had on the rest of Target’s Information Technology and Business organization.
Do you want to be dealing with such a situation in your organization?
Most POS systems consist of desktop computer running the Windows operating system and several POS devices directly connected. Windows is a well understood and high profile target for hackers. In too many cases, the POS computer is treated like all other desktops on the operator’s network, with the standard endpoint protection of antivirus software and personal firewall.
The traditional approach to protecting endpoints focuses on detecting threats. The leaves most endpoint security vulnerable to zero day malware, where the threat has not yet been discovered by the vendor and their signature files not yet updated. Malware creators are very good at modifying the files of known malware so that, for a time, they will be undetected as a threat.
BlackPOS, the malware used in the Target Data breach, was “in the wild” at least 3 months before being discovered and most antivirus systems could be updated to deal with it. According to Verizon’s 2014 Data Breach Report, 85% of POS intrusions compromised the target for more than 2 weeks before being detected. By the time the malware is discovered it may be too late.
Comodo’ solution to the POS crisis is to begin with a radical assumption: All endpoints can be compromised, therefore your application must be able to run safely in a compromised environment. We built SecureBox to be fortress in which your application can operate normally even when the landscape is overrun with malicious programs.
Unlike existing security solutions that seek to protect POS software by protecting the host system, Comodo SecureBox assumes the host will always be vulnerable and zealously protects the application itself. SecureBox inverts the traditional security approaches by running critical applications inside a dedicated, security hardened container which cannot be modified by any other processes which are running. The core containerization technology is augmented with key-logger protection, AV scanning, Memory Scraping protection, remote takeover protection and Anti-SSL sniffing to transform existing POS computers into truly secure Point of Sale platform.
To learn more here
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats