Thycotic enables you to secure credit card data and demonstrate compliance with PCI requirements
WHAT’s the challenge
Any organization that accepts, stores or transmits credit card data must meet PCI DSS compliance requirements. Created and enforced by the credit card payment industry, this mandate establishes 12 basic requirements and 200 sub-requirements to protect against credit card fraud.
WHY it’s important
As the industry standard, PCI-DSS has specific requirements around privileged and user account password policies and protections. Failure to comply with these and other requirements can result in a costly and embarrassing data breach as well as thousands of dollars in fines.
HOW we solve it
By delivering comprehensive Privileged Access Management and Security solutions, Thycotic helps secure privileged account passwords and lock down applications, endpoints and OS configurations to demonstrate PCI-DSS compliance.
PRIVILEGED PASSWORD SECURITY
PCI compliance requirements focus on access control
With 12 main requirements and over 200 sub-controls, the PCI DSS is designed to create an auditable method of securing data that organizations of all sizes and verticals can adhere to and protect that cardholder data from both external attackers and insider threats.
Whether the attacks use exploits and vulnerabilities to break into a PCI network, or it comes from a trusted insider who has abused their access and credentials to steal the data themselves, the PCI DSS addresses securing this data at a high level in order to accommodate all types of exfiltration methods.
Because of this, many of the PCI DSS requirements revolve around access control, and specifically, privileged accounts which exist on nearly every system, device and application, and have the highest levels of access to this critical data. Leveraging an enterprise-class Privileged Account Management tool like Thycotic Secret Server to manage these privileged accounts can help your organization address a number of the PCI DSS requirements related to privileged access such as:
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
- Requirement 7: Restrict access to cardholder data by business need to know.
- Requirement 8: Identify and authenticate access to system components.
- Requirement 10: Track and monitor all access to network resources and cardholder data.
The average consolidated total cost of a data breach is $3.8 million, according to a 2015 Ponemon Institute study. With each lost or stolen record costing an average of $174, even 500 compromised payment records can exceed $75,000 in liability for a breached merchant. 1
Make PCI DSS compliance for managing and auditing privileged accounts simple and easy
Thycotic developed Secret Server Password Management Software specifically to address compliance for IT departments. The tool creates a centralized, encrypted location for password storage, the ability to restrict access by role, full auditing of credential usage and automatic password changing.
With Thycotic Secret Server, you gain these key benefits to address PCI requirements:
- Secure access to all system components, whether on premise or in the cloud, by controlling who can use the privileged accounts allowed to access those systems.
- A full audit trail of all activity, including recording of sessions, for every user or administrator who accesses a PCI-governed system.
- A holistic view of all privileged access to cardholder data and monitor it for any changes.
- Lower cost of your regular PCI audits and compliance requests with powerful, yet easy-to-use reports and dashboards.
- An alerting engine to notify key business units and data owners when systems or data is accessed and by whom.
You can add a security policy in Secret Server to automatically change passwords at required times, enforce password length and complexity requirements, and ensure sensitive systems maintain a high level of access control and oversight over privileged accounts.
Given that most data storage these days is digital, there is a major burden on IT departments to ensure networks are protected and IT administrators and employees follow policies for network and password security.
Endpoint security for
windows and Unix
Secure users with Least Privilege Access to help demonstrate PCI compliance
Local Administrator rights have become a necessary evil in IT network environments. Because of the unfettered access these rights provide, Administrator accounts and privileges are one of the most common targets of hackers and cyber-criminals. Once gained, Administrator privileges allow an attacker to install malware, steal information from the system, compromise other systems, and stage additional attacks against domains, servers and other devices within the network. Limiting access to Administrator rights, however, presents challenges that impact your trusted users since legitimate software often requires Administrator rights to be properly installed.
Thycotic offers easy-to-manage and simple solutions that can help you mitigate these risks by promoting a Least Use Privilege strategy for all users on all your Windows endpoints. Thycotic Application Control Solution, for example, enables organizations to limit the need for providing Administrator rights to end users, business users and IT admins while providing a flexible and dynamic framework for allowing safe, trusted software to be installed as required. This means that malicious software can’t be installed, even accidentally, protecting your systems from a variety of the most common hacker attacks.
Adhering to this Least Use Privilege strategy allows organizations to mitigate the risk from over 90% of the Critical-rated vulnerabilities from Microsoft for Windows and reduce the ability for hackers to infiltrate and attack these target systems.
Thycotic helps you lock down Windows applications, endpoints and OS configurations
Publicly held organizations today need to lockdown desktops and stop malware and ransomware attacks that can have devastating and costly consequences. That means removing IT admin privileges from most users to lower risk, and limiting privileges for IT admins to improve security. The powerful combination of three solutions within Thycotic’s Endpoint Security Remediation Suite help ensure that you can stop malware attacks at the end-point to limit an attacker’s ability to move beyond their initial point of entry.
Stop exploits such as malware and ransomware at the endpoint
Thycotic provides comprehensive endpoint privilege management and security solutions that:
- Assure least privilege application control.
- Enable administrative user group management.
- Demonstrate PCI-DSS compliance and automate remediation.