Netwrix points to the recent eBay breach that forced the company to advise 145 million active users to change their passwords to avoid financial information loss, while the breach at Target resulted in 40 million stolen credit card numbers and compromised the personal information of more than 70 million customers.
To help organizations avoid such data breaches and their consequences, Netwrix recommends six essential rules around change and configuration auditing:
1. Separate environments - Minimize your risks by reducing PCI scope within your systems and enforce separation of environments by continuously auditing access and changes to the systems where cardholder data is stored.
2. Audit access control - Ensure that permissions are adequate and access to sensitive data is limited only to people who need it. Change and configuration auditing can help by giving you precise information about the state of access rights and all changes to it, alerting you to critical issues and helping with investigation in the event of unauthorized access.
3. Audit provisioning and de-provisioning of users - Organizations should establish control over user creations and removals. A comprehensive change and configuration auditing solution will provide daily and on-demand reports as well as real-time alerts on these critical modifications.
4. Audit of privileged users' activities - A particular emphasis should be placed on changes made by administrative accounts: changes to user access rights, elevation of privileges, mistakenly changed permissions and other security related events. Daily and on-demand reports and real-time alerts provided by change auditing solutions will help organizations to stay secure.
5. Document everything - You never know what part of your system activities or during what period you will be required to demonstrate to the auditor, so keep it all. In addition to a complete audit trail, some of the more advanced change and configuration auditing solutions allow you to record video of user activities on critical systems, along with metadata, and provide search and replay capabilities. A regular review of audit trails may also assist in preventing breaches before they occur.
6. Monitor and test - Change and configuration auditing solutions will provide a complete audit trail with detailed information on access and changes with ‘who, what, where, and when' details, including after and before values for each event. This will simplify root-cause analysis and allow proactive prevention of malicious activities.
"Recent examples show that it is not enough to align your processes and policies with PCI DSS guidance," said Alex Vovk, President of Netwrix. "You must also establish mechanisms to verify these processes actually work and be able to prove that to all stakeholders: IT management, executives, and auditors. Essentially, change auditing is what makes your compliance efforts provable."