Symantec, FishNet Security Part Of Home Depot Probe

Systems integrator FishNet Security is joining forces with Symantec to help analyze Home Depot's payment systems as the company attempts to identify whether a cache of thousands of stolen credit cards is linked to a data breach at its stores.

A Home Depot spokesperson acknowledged the two companies were retained to determine whether a breach took place, and if so, help the retailer recover from the incident. FishNet, known for its security reseller and systems integration services, also maintains a consulting arm and is certified under the PCI Forensic Investigator Program.

John Van Blaricum, vice president of marketing at Kansas City-based FishNet Security, told CRN the company would not comment on the work it is performing on behalf of its customers, but acknowledged FishNet was referenced in Home Depot's statement about the incident.

[Related: Home Depot Investigates Possible Credit Card Breach]

"Like all our customers, we plan to provide them any and all the support they need as they work through this issue," Van Blaricum said.

In addition to its reseller business, FishNet has been expanding its consulting arm in recent years to provide breach response and technology support services to customers. It includes monitoring and system maintenance as well as analysis and remediation when threats are discovered. The company has 300 consultants and technicians in the field, according to Van Blaricum.

There are currently about twodozen security firms certified under the PCI Forensic Investigator Program, which is maintained by the Payment Card Industry Security Standards Council and annually reviews investigators under the program. A merchant is often required by affected payment brands to retain an outside firm to conduct an independent investigation. Other certified companies that often perform breach forensics investigations include Verizon, AT&T, FireEye's Mandiant services arm, Trustwave and Dell SecureWorks. Investigators must adhere to strict guidelines and document their findings under program rules.

A string of retail data breaches in the U.S. and Canada have kept the PCI certified breach investigators busy.

A forensics investigator at a regional managed services provider, who often performs analysis of network activity as part of an incident response team, said companies certified to perform forensics investigations on behalf of the financial industry assume authority during security incidents. Detailed reports are submitted to the card brands and other stakeholders, such as acquiring banks, as the investigation unfolds, he said.

"The process helps ensure that evidence is carefully handled and well documented," said the investigator, who wished to remain anonymous.

A similar breach investigation at Goodwill determined that a payment processor was to blame for a breach that impacted 330 Goodwill Stores in 20 states. Investigators involved in the nonprofit's investigation estimate that more than 800,000 cards were compromised during the security lapse, which lasted at the payment processor for more than a year.

Newly named FishNet Security CEO Rich Fennessy said in an interview with CRN last November the company would build up a "meaningful services business" as part of its plan to grow the company from a $700 million business to a more than $1 billion company by 2017. The company also expanded its remote monitoring and managed services offerings with the opening a Security Operations Center in Atlanta last year.

Home Depot CEO Frank Blake told investors Thursday at the Goldman Sachs Global Retailing Conference that Home Depot will be activating chip-enabled checkout terminals at all of its stores by the end of the year in an effort to bolster the security of its payment systems. Blake said the company learned about a possible breach on Tuesday and added that an investigation was ongoing, according to an Associated Press report from the conference.

Investigative reporter Brian Krebs first reported on Tuesday that multiple banks indicated to him that enough evidence existed to link Home Depot as the source of the stolen credit and debit cards. The company has acknowledged it is working with the financial industry's anti-fraud unit and the U.S. Secret Service as part of the investigation.

Home Depot apologized in a statement to customers for the period of uncertainty during the investigation and urged customers to monitor their accounts for suspicious activity.

"You will not be responsible for any possible fraudulent charges. The financial institution that issued your card or Home Depot are responsible for those charges should we confirm a breach," the company said.

PUBLISHED SEPT. 4, 2014