CYBER SECURITY SOLUTIONS

Retail

Protecting Digital Assets and Critical Infrastructure Against Growing Advanced Threats

GET IN TOUCH

Overview

As digital innovation and the need to provide omnichannel shopping experiences drive network transformation in the retail industry, cyber security becomes more vital and more complex. The industry has become a common target of cyber criminals, with many retailers having been the victim of a data breach in the past. Point-of-sale (POS) systems and other devices carrying consumers’ financial information are a common target of attack.

Plus, organisations must navigate an increasingly complex compliance environment, with retail — more than any other industry — being subject to the regulatory requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the upcoming PCI Software Security Framework (SSF). Retail cyber security solutions must provide the centralised visibility and management of security devices without sacrificing efficiency and the quality of the customer experience.

Andrew Govell

Head of Cyber Security Services

Contact

Industry drivers

As consumers increasingly turn to online retail, physical retail locations must adapt to the changing consumer landscape. By taking a strategic approach to digitalisation, Internet of Things (IoT), and customer analytics, retail stores can provide consumers with a flexible and personalised in-store experience that online retailers can’t achieve.

To accomplish this, retailers must deploy fast, reliable, and secure in-store wireless access. Powered by perimeter network security, CT Secure SD-WAN ensures businesses can meet the bandwidth and quality-of-service (QoS) requirements of a retail network while providing industry-leading security controls and centralised policy management. Coupled with our Secure Wireless Access solution, retail locations can deploy enterprise-class Wi-Fi access for guests side by side with business networks.

With these solutions in place, an organisation can deploy our location-based analytics platform. By leveraging the deep-packet inspection of our perimeter network security, our analytics platform identifies customers who are show-rooming and uses its presence analytics engine to send instant deals and special offers to phones and in-store digital signage that match offers available online.

Using our secure wireless access points with the analytics platform allows retailers to provide customers with a secure, omnichannel experience, while gaining many operational and marketing benefits:

  • Fast deployment with automated radio management
  • Rogue AP detection and reporting for PCI compliance
  • Captive portal with social login
  • Advanced visitor presence and positioning intelligence
  • Dynamic location-based advertising
  • Complete enterprise feature set without feature licenses

Retailers are operating widely dispersed store locations that may have very different network and security needs. As customers expect retailers to provide omnichannel shopping environments, retail networks continue to grow more complex due to the introduction of wireless guest networks and Internet-of-Things (IoT) devices. This means retailers face tough decisions when it comes to balancing the customer experience and addressing the unique security needs of each location.

Due to this increased complexity and the growing shortage of skilled cyber security resources, retailers must operate more efficiently. By using our wide array of solutions including our management software, our analytics platform, and our in-built cloud protection, retailers are able to operate with a high level of automation, save time with zero-touch deployment, and gain network wide visibility and control from a single pane of glass, allowing organisations to manage multiple retail locations with limited IT staff.

Our solutions provide features that help retailers cope with growing network complexity and limited IT support, such as:

  • Single-pane-of-glass view for centralised visibility and management
  • Template, script, and application programming interface (API)-based configuration management
  • A built-in suite of easily customisable security, performance, and usage reports
  • Automated reporting to track retail regulatory compliance
  • One-touch device provisioning with proven scalability to over 10,000 sites

The Payment Card Industry Data Security Standard (PCI DSS) and the upcoming PCI Software Security Framework (SSF) set out strict requirements for how retailers must protect customer payment card information. A piecemeal approach to PCI DSS compliance may force understaffed security teams to choose between protecting the network and performing the activities necessary to demonstrate PCI DSS compliance.

With the changing requirements and increased complexities of meeting regulatory compliance, it’s difficult to manually achieve network-wide visibility and enforce the required security controls. Additionally, the desire to integrate web and mobile applications, order delivery solutions, and other services directly to the point-of-sale (POS) network significantly increases the workload and responsibilities of security teams.

Our Security Fabric allows retailers to demonstrate and maintain compliance with PCI DSS and SSF by allowing CT devices and services to integrate with and gather information from third-party solutions. This includes an open application programming interface (API) ecosystem and a long list of existing third-party partners.

Our Security Fabric provides retailers with tools for efficiently achieving PCI DSS compliance, including:

  • Centralised and consistent policy management
  • Out-of-the-box reporting for PCI DSS and other regulatory controls
  • Network wide topology mapping with device identification
  • Real-time telemetry information for our products and third-party Fabric-Ready partner solutions
  • Automated threat detection and response with automation stitching

Retailers need fast and scalable connectivity to enable seamless transactions in support of sales, inventory, purchasing, and other activities. Compared to traditional multiprotocol label switching (MPLS) lines for branch-to-branch or branch-to-headquarters connections, software-defined wide-area networking (SD-WAN) offers a more flexible approach to connectivity with faster performance at a better total cost of ownership (TCO).

While moving to an SD-WAN solution does provide increased flexibility and cost savings when compared to MPLS, retailers must now make new provisions for security. Instead of deploying firewalls and other network infrastructure in conjunction with SD-WAN devices, we offer an all-in-one SD-WAN solution with built-in security that enables retailers to achieve consistent security coverage, from the internet to the switching infrastructure. CT Secure SD-WAN has robust SD-WAN threat protection, including Layer 3 through Layer 7 security controls, as well as industry-leading performance with the industry’s first purpose-built SD-WAN chip.

Many retail branches leverage their WAN links to deploy Voice over IP (VoIP) in place of separate phone service. VoIP applications not only place bandwidth demands on the WAN but their availability and experience quality can also be threatened by cyber attacks. We also provide a flexible and easily configurable VoIP solution that can be secured and isolated from public Wi-Fi networks using the switching and access control capabilities of our SD-Branch. We can also provide a 3G/4G backup to ensure that business can continue even in the event of a network outage.

CT Secure SD-WAN has the lowest TCO in the industry and delivers a robust feature set to ensure high application performance and availability:

  • Automatic recognition and optimal routing of over 5,000 applications
  • Application database updates provide access to the latest malware signatures
  • Complete threat protection, including firewall, antivirus, intrusion prevention system (IPS), and application control
  • High-throughput secure sockets layer (SSL)/transport layer security (TLS) inspection with minimal performance degradation, ensuring that organizations do not sacrifice throughput for complete threat protection
  • Web filtering to enforce internet security without requiring a separate secure web gateway (SWG)
  • Highly scalable and high-throughput overlay VPN tunnels to ensure that confidential traffic is always encrypted

Our SD-Branch helps retailers combine their security and network access by allowing them to:

  • Discover and secure Internet-of-Things (IoT) devices on the network
  • Integrate wireless and wired networks into the security infrastructure
  • Enjoy centralised management of firewalls, Ethernet switches, and WLAN interfaces
  • Leverage single-pane-of-glass visibility and control for zero-touch device provisioning

According to the latest research, 87% of retail organisations have suffered some kind of an intrusion. Moreover, threat intelligence analysis shows that up to 40% of new malware detected on a given day is zero day or previously unknown.

Because intrusions are inevitable, retailers need to be prepared with the right response. That requires proven, real-time threat intelligence. Our threat intelligence solution collects, analyses, and classifies threats at machine speed with an exceptional degree of accuracy. Its comprehensive threat detection leverages artificial intelligence (AI) and machine learning (ML) to write signatures for new malware in real time and publishes them across our entire Security Fabric.

Retail environments that are widely distributed, offer public Wi-Fi, or deploy IoT devices are at risk of unknown threats slipping in through customer or employee mobile devices and through a variety of application and user interfaces. When our perimeter and network security solution detects suspicious content that it can’t identify as a known threat, it sends it to the CT Sandbox, which quarantines and inspects the content—including those encrypted by secure sockets layer (SSL)/transport layer security (TLS)—before they reach the network. CT Sandbox then can share information about any detected threats with the other security elements via our Security Fabric.

Advanced threat protection must cover internal activity as well. Deploying our deception-based technology allows retailers to identify malicious insiders or attackers who have gained access to the network. Our user entity and behaviour analytics (UEBA) solution, meanwhile, monitors endpoints and users for anomalous, noncompliant, or suspicious behaviour that could pose a threat to the business.

A multilayer defence is the best approach to network security and includes features such as:

  • Robust detection and protection against known and unknown threats
  • Identification and remediation of threats inside the business network
  • Automated threat analysis in isolated sandboxes
  • Use of deception for internal threat detection
  • Real-time threat intelligence leveraging AI and ML
  • Continuous updates through the our security network

By introducing digital innovations in their omnichannel shopping experiences, retailers can continue to attract and retain customers in the face of stiff competition from online retailers. However, digital innovation efforts are also needed to reduce costs and improve operational efficiency.

For instance, many retailers use headless Internet-of-Things (IoT) and radio-frequency identification (RFID) technologies to streamline processes. These additional—and often insecure—network nodes expand the attack surface. Retailers must consider a security-driven networking approach to such network expansions.

Part of this approach involves network separation and individualised security. Retailers can leverage our SD-Branch to run business and guest networks side-by-side, allowing IoT devices to be isolated from the public Wi-Fi network. Each network receives the level of security that it requires, and includes out-of-the-box access control to protect business IoT devices.

Our solutions enable digital innovation throughout the retail enterprise with a variety of features:

  • Wireless connectivity with high quality of service (QoS) and integrated security
  • Unified visibility and control in multi-cloud environments
  • One-touch device provisioning with proven scalability to over 10,000 sites
  • Integrated network access control for visibility and protection of IoT devices

Retailers operate large networks of geographically distributed branch locations, making the use of cloud services a logical choice. Public and private cloud deployments both have their advantages, and the use of a secure software-defined wide-area network (SD-WAN) solution can allow organisations to decrease latency and reduce load on the headquarters network. However, network infrastructure that sprawls over private clouds, public clouds, and on-premises data centres often creates a very siloed environment that is difficult to secure.

The first step in deploying network security that is compliant with the Payment Card Industry Data Security Standard (PCI DSS) is achieving network wide visibility and centralised configuration management. Our Security Fabric offers native integration with all major cloud service providers, meaning security teams can enforce consistent security policies across the network from a single pane of glass instead of manually configuring the individual security settings offered by different cloud providers.

We also provide security solutions designed and built for cloud-based applications. Our web application firewall (WAF) provides protection for web-based services including company websites, payment portals, and web APIs and can be deployed on-premises as a virtual machine (VM) or as a Software-as-a-Service (SaaS) offering. As DevOps teams increasingly make use of cloud environments, a WAF is a vital component of maintaining PCI DSS compliance.

Our Secure Email solution includes an email gateway that protects cloud-based SaaS email solutions like Microsoft Office 365 and on-premises email alike. Our next-generation firewalls (NGFWs) include an Infrastructure-as-a-Service (IaaS) option, offering scalable and cloud-native security for any environment.

Our adaptive cloud security solutions provide retailers with the tools to optimise the security of their multi-cloud environments, such as:

  • Native integration of cloud service provider (CSP)-provided security features
  • Single-pane-of-glass visibility and management of multi-cloud environments
  • Cloud-based firewall, email, and website protection solutions
  • Artificial intelligence (AI)-based threat intelligence distributed in real time across the security infrastructure
  • Automated traffic identification and classification, including encrypted cloud application data
  • Secure SD-WAN to provide direct, secure access to cloud resources from branch locations

Our key differentiators for Retail Organisations

Visibility

Our Security Fabric allows centralised visibility and control over geographically dispersed branch and cloud solutions and disparate security elements, including those of third-party solution providers through out-of-the-box application programming interfaces (APIs) and an open-API architecture.

Automation

The automation provided by our solutions is crucial to rapid threat detection and response, consistent and centralised policy enforcement, and efficient generation of compliance reports. This allows limited security staff to demonstrate compliance with PCI DSS while protecting the business against threats in real time.

High Performance

Our next-generation firewalls (NGFWs) offer the industry’s lowest latency and incorporate the world’s first software-defined wide-area network (SD-WAN) ASIC to provide high-performance security at the WAN edge and throughout the network. Moreover, enabling advanced features such as secure sockets layer (SSL)/transport layer security (TLS) deep inspection in the firewall has minimal impact on network performance in speed or throughput.

Proactive Threat Intelligence

Our solutions leverage artificial intelligence (AI) and machine learning (ML) capabilities to pinpoint known and unknown threats and communicate actionable intelligence across the Security Fabric in real time. These help to protect point-of-sale (POS) systems and other IoT devices against rapidly evolving threats.

Contact Us

To understand how CT can help you protect your brand reputation and customer data,
speak to us today.