Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

Simplifying PCI DSS 3.2 Compliance with Preempt

If your organization handles credit cards, you are no doubt familiar with the Payment Card Industry Data Security Standard (PCI DSS) compliance. PCI DSS is a set of requirements and procedures that have been established in order to strengthen the security of cardholder transactions and data in order to reduce fraud. PCI DSS controls have been implemented for many years but as hackers have advanced their efforts, new requirements continue to emerge with updates to existing controls and reporting.

Simplify PCI DSS ComplianceMeeting the 12 requirements for the PCI DSS 3.2 framework isn’t easy. Organizations need to achieve, demonstrate, and maintain compliance at all times. Not meeting requirements expose them to liabilities and reputation.

Here are some of the ways that Preempt can help organizations with meeting a wide variety of the requirements established by PCI DSS 3.2.

Preempt allows organizations to proactively enforce policies based on identity, behavior and risk. The ability to build highly flexible policies, while also determining real-world enforcement makes Preempt uniquely capable of meeting a wide variety of requirements. Below are some of the highlights, download our full technical note here for more detail.

Build and Maintain a Secure Network and System

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

  • Preempt provides a potential compensating control to a traditional firewall by enforcing access based on identity, role, ownership and more in addition to traditional elements such as network locations

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

  • Preempt continuously monitors all passwords in the environment including passwords based on data from well-known breaches, password dictionaries, and vendors defaults. The system also restricts access to services based on membership, can force password changes for non-compliant passwords, and even trigger additional identity controls such as MFA based on policy.

Maintain a Vulnerability Management Program

Requirement 5: Protect all systems against malware and regularly update anti-virus programs

  • Preempt provides capabilities to detect the presence of malware and intrusions by observing at the network level. By analyzing traffic, Preempt can identify deviation from normal behavior in real-time, alert the owner of the account in real-time, prevent the actions, or challenge the account. These controls provide important protection for new malware variants that may not be recognized by endpoint security signatures.  

Requirement 6: Develop and maintain secure systems and applications

  • Preempt constantly monitors systems behavior in real-time, and detects vulnerabilities that don’t have a patch and are commonly used to compromise accounts and steal data. All entities are automatically scored by risk and can be controlled based on this risk score.

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need to know

  • Preempt can segment and add access control to network resources based on roles, risk levels, activity, network locations, and many other parameters resulting in a flexible rule base that adapts to almost any scenario. Policies can restrict access to systems and computers based on administrative and/or business roles.

Requirement 8: Identify and authenticate access to system components

  • Preempt adds MFA to any network resource or application without the need to change its code. Various conditions can be added to the policy basing on account attribute, risk, subnet, or other parameters and applying different actions based on the goal. This achieves network segmentation which is based on identity. Preempt detects shared accounts, the elevation of rights, creation of new privileged user accounts, automatically detects and tracks unused stale or dormant accounts.

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

  • Preempt audits all access requests to any entity on the network. This information is based on an analysis of actual network traffic and is thus not subject to log manipulation by an attacker. The solution also detects any changes to AD accounts, the creation of new accounts, rights elevation, and other types of events. Preempt monitors access activity and constantly process this data to detect security events such as excessive access, anomalous access, activity from abnormal network locations and or geographical locations, detection of attack tools, and much more.

Requirement 11: Regularly test security systems and processes

  • Preempt continuously assess the network configuration for known vulnerabilities such as weak passwords, exposed passwords in the sysvol, uses of suspicious protocol implementations, stealthy admins, new accounts, use of path the hash, and other logical vulnerabilities. This information can be used to augment the scanning reports from traditional vulnerability scanners, which don’t monitor these issues. Preempt can be used as a continuous prevention and detection solution which goes beyond the common attack vectors detected by signature-based solutions. This includes compromises of accounts with Pass the Hash, Pass the Ticket, Forged PAC, Over Pass the Hash, uses of credential spraying techniques and many more which aren’t detected by a traditional solutions

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security for all personnel

  • Preempt continuously assesses the risk of the organization as well as for individual users and entities. Preempt automatically classifies entities in the network based on role, use, and many other parameters that allow the organization to map the critical assets and set policy on them. Preempt also enables setting human authorizers for accounts – this means that when authorized account try to access specific environment the approval process can be automated and authorization must be granted explicitly.





Download the full Preempt PCI DSS Compliance technical note here. 




This blog provides a short overview of how the Preempt Platform can support PCI DSS 3.2 compliance. If you have questions or would like to learn more about specific sections of the standard, requirements, and controls, we encourage you to contact us and we can have you speak with one of our experts.

Topics: Adaptive Response, Compliance, Identity Verification, Passwords, PCI, User Behavior,

Posted by Preempt on February 9, 2018 1:21 AM


Brute Force Attacks: Denying the Attacker, Not the User

According, close to 8 billion accounts have been compromised...

Read More


What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More


A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More


10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More


Brute Force Attacks: Denying the Attacker, Not the User

According, close to 8 billion accounts have been compromised...

Read More