News Releases3 min read

Coalfire Validates Bit9 Security Platform as Effective PCI DSS Control

WALTHAM, Mass. and VANCOUVER, B.C.—September 29, 2015—Bit9® + Carbon Black®, the leader in Next-Generation Endpoint Security, today announced that Coalfire Systems, Inc., a leading provider of IT advisory services for security, has validated the Bit9 Security Platform as an effective Payment Card Industry Data Security Standard (PCI DSS) control. Bit9 + Carbon Black is the first next-generation endpoint security company to receive this validation. The company made the announcement at the PCI Security Standards Council 2015 North America Community Meeting in Vancouver, B.C.

Coalfire is certified by the Payment Card Industry Security Standards Council (PCI SSC) as a Qualified Security Assessor Company and is a leading industry provider of IT security, governance and regulatory compliance services. Coalfire conducted an independent assessment of the Bit9 Security Platform architecture as it pertains to security and Payment Card Industry Data Security Standard (PCI DSS) scope.

In its report, Coalfire says: “Bit9 provides the flexibility to enable, manage, and meet PCI DSS requirements in many areas. Bit9 helps organizations with various PCI requirements, including:

  • File-Integrity monitoring /control
  • Change monitoring and alerting
  • Audit trail retention

The report continues, “The solution can also support the development of compensating controls for requirements such as anti-virus and patching (protection of unpatched systems).”

PCI DSS is a proprietary information security standard for organizations that handle branded credit cards from the major card organizations. PCI DSS applies to all organizations that store, process or transmit cardholder data. This includes entities such as merchants, service providers, payment gateways, data centers and outsourced service providers. PCI DSS is mandated by the card brands and administered by the PCI SSC.

Coalfire conducted the Bit9 Security Platform validation through rigorous technical testing in the group’s compliance validation labs using common PCI environmental scenarios.

“The outcome of this testing provides verification that customers implementing Bit9 will be able to meet specific PCI DSS control requirements in their real world cardholder data environments,” according to the report. “Each PCI requirement was assessed by validating the output or state of the Bit9 product as deployed in our lab scenario. A broad spectrum of network, system and application scenarios was used in our validation testing.”

Chris Strand, Bit9 + Carbon Black’s senior director of compliance, said: “It’s no secret that point-of-sale devices are under increased attack and scrutiny. And while ‘compliant’ does not always mean ‘secure,’ compliance with the PCI DSS is a necessary first step for organizations looking to better protect their customers’ critical data. To receive this validation from an independent entity, especially one as esteemed as Coalfire, is further evidence that Bit9 + Carbon Black is committed to helping organizations meet, and exceed, the PCI DSS requirements. Those same capabilities also enable Bit9 + Carbon Black to secure devices—including POS machines—whose operating system, such as Windows XP or Windows Server 2003, has reached end of life, enabling organizations to avoid a costly extended service agreement or OS upgrade.”

The Bit9 Security Platform provides coverage across eight of the 12 requirements of the PCI DSS and supports critical security goals, including:

  • Stop all types and forms of malicious software.
  • Protect and secure in-scope, integrated, and out-of-scope systems.
  • Ensure that security policies and operational procedures are documented, in use, and known to all affected parties.
  • Establish a process to immediately identify security vulnerabilities and assign a risk ranking.
  • Control change, resulting in less data to analyze, which reduces administrative efforts.
  • Receive real-time alerts so you can act immediately to protect all of your critical systems and data.

About Bit9 + Carbon Black
Bit9 + Carbon Black is the market leader in Next-Generation Endpoint Security. We have sold more licenses, have more experience, and more customers than any other NGES company because our solution is the most effective way to prevent, detect and respond to advanced threats that target users, servers, and fixed-function devices. That’s why more than 60 MSSP and IR leaders, including Dell SecureWorks, EY, Optiv, Solutionary and Trustwave, have chosen our technology as a key component of their security offerings, and 25 of the Fortune 100 rely on us as a critical element of their advanced threat defense and compliance strategies. By the end of 2015, we expect to achieve $70M+ in annual revenue, 70 percent growth, 7 million+ software licenses sold, and almost 2,000 customers worldwide. We were voted Best Endpoint Protection by security professionals in the SANS Institute’s Best of 2014 Awards, and a 2015 SANS survey found that 68 percent of IR professionals are using or evaluating Carbon Black.

Bit9 and Carbon Black are registered trademarks of Bit9, Inc. All other company or product names may be the trademarks of their respective owners.