CHANNELS

Subscribe to the InfoTech eNewsletter

infoTECH News

TMCNet:  CyberArk Simplifies Meeting PCI DSS 3.0 Compliance to Protect 'Keys to IT Kingdom'

[May 21, 2014]

CyberArk Simplifies Meeting PCI DSS 3.0 Compliance to Protect 'Keys to IT Kingdom'

NEWTON, Mass. --(Business Wire)--

In the face of increasing cyber-attacks on the retail industry, including recent attacks on Michaels Stores, Neiman Marcus, and others, CyberArk has released a new white paper demonstrating how retailers can comply with the latest Payment Card Industry Data Security Standard (PCI (News - Alert) DSS) regulations. The paper, Securing Privileged Accounts: Meeting the Payment Card Industry Data Security Standard 3.0 with CyberArk Solutions, outlines how organizations can navigate increasingly stringent compliance regulations by locking down the most targeted attack vector - privileged accounts.

Privileged accounts have been implicated in 100 percent of advanced attacks1, but given the volume and complexity of privileged accounts that exist throughout the payment processing and storage environment, it can be very difficult to secure them. As retailers outsource technology to third-parties, the privilege problem multiplies exponentially, expanding the attack surface. Securing privileged accounts is not only one of the most important aspects of protecting cardholder data, it is critical to maintaining control over the IT infrastructure itself.

"The building wave of massive credit card data breaches is top of mind for every organization managing credit card information in any way," said John Worrall, CMO, CyberArk. "While compliance mandates are great guidance for preventing catastrophe, they are often complex. Our paper is imed at simplifying PCI to make it easier to identify and remediate attacks before they cause damage."

The newly released regulations outlined in version 3.0 underscore the importance of shared responsibility when working with third-parties and requires all entities to align with its regulations by December 31, 2014. CyberArk provides a comprehensive approach to help organizations comply with PCI DSS and protect cardholder data. With CyberArk, organizations can implement effective security to:

  • Locate, manage and control all privileged accounts - including full lifecycle management
  • Ensure only authorized users have access to privileged accounts
  • Track, monitor and record all privileged access - to sensitive servers, databases or virtual machines by internal users, resources, and third-parties
  • Uniquely identify all administrative users and restrict their use of privileged accounts to necessary job functions
  • Ensure vendor-supplied default passwords are changed and automate password changes for all privileged accounts
  • Eliminate hard-coded credentials, including passwords and encryption keys from applications, service accounts and scripts with no impact on application performance or business processes
  • Analyze, detect and alert on anomalous privileged user behavior - enabling quick response by incident response teams

The full paper, Securing Privileged Accounts: Meeting the Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 with CyberArk Solutions, is available for free download here: http://www.cyberark.com/contact/meeting-the-payment-card-industry-data-security-standard.

About CyberArk

CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world's leading companies - including 30 of the Fortune 100 and 17 of the world's top 20 banks - to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, MA. The company also has offices throughout EMEA and Asia-Pacific. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook (News - Alert) at https://www.facebook.com/CyberArk.

Copyright © 2014 Cyber-Ark Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

1 CyberSheath, "APT (News - Alert) Privileged Account Exploitation," 2013


[ InfoTech Spotlight's Homepage ]


blog comments powered by Disqus

FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter