CyberArk Simplifies Meeting PCI DSS 3.0 Compliance to Protect ‘Keys to IT Kingdom’

May 21, 2014

New White Paper Outlines how to Lock Down Privileged Account Vulnerabilities

Newton, Mass. – May 21, 2014  In the face of increasing cyber-attacks on the retail industry, including recent attacks on Michaels Stores, Neiman Marcus, and others, CyberArk has released a new white paper demonstrating how retailers can comply with the latest Payment Card Industry Data Security Standard (PCI DSS) regulations. The paper, Securing Privileged Accounts: Meeting the Payment Card Industry Data Security Standard 3.0 with CyberArk Solutions, outlines how organizations can navigate increasingly stringent compliance regulations by locking down the most targeted attack vector – privileged accounts.

Privileged accounts have been implicated in 100 percent of advanced attacks[1], but given the volume and complexity of privileged accounts that exist throughout the payment processing and storage environment, it can be very difficult to secure them. As retailers outsource technology to third-parties, the privilege problem multiplies exponentially, expanding the attack surface. Securing privileged accounts is not only one of the most important aspects of protecting cardholder data, it is critical to maintaining control over the IT infrastructure itself.

“The building wave of massive credit card data breaches is top of mind for every organization managing credit card information in any way,” said John Worrall, CMO, CyberArk. “While compliance mandates are great guidance for preventing catastrophe, they are often complex. Our paper is aimed at simplifying PCI to make it easier to identify and remediate attacks before they cause damage.”

The newly released regulations outlined in version 3.0 underscore the importance of shared responsibility when working with third-parties and requires all entities to align with its regulations by December 31, 2014. CyberArk provides a comprehensive approach to help organizations comply with PCI DSS and protect cardholder data. With CyberArk, organizations can implement effective security to:

  • Locate, manage and control all privileged accounts – including full lifecycle management
  • Ensure only authorized users have access to privileged accounts
  • Track, monitor and record all privileged access – to sensitive servers, databases or virtual machines by internal users, resources, and third-parties
  • Uniquely identify all administrative users and restrict their use of privileged accounts to necessary job functions
  • Ensure vendor-supplied default passwords are changed and automate password changes for all privileged accounts
  • Eliminate hard-coded credentials, including passwords and encryption keys from applications, service accounts and scripts with no impact on application performance or business processes
  • Analyze, detect and alert on anomalous privileged user behavior – enabling quick response by incident response teams

The full paper, Securing Privileged Accounts: Meeting the Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 with CyberArk Solutions, is available for free download here:

[1] CyberSheath, “APT Privileged Account Exploitation,” 2013