Symantec DCS: Solutions for Securing ATM Systems


The Challenge

ATM’s are a literal “pot of gold (or green)” for tech-savvy thieves.  Successfully compromising an ATM may grant thieves access to the hard cash stored within the machine itself may allow for theft of critical customer data (like swipe and pin information) from unsuspecting victims who use the compromised system.  A compromised ATM combined with its often exposed and very remote nature may make maintaining effective security a bad guy’s dream and everyone else’s nightmare.

The Solution

Symantec Critical System Protection for Embedded systems utilizes very powerful protected whitelist policies which ensures that a remote system (like an ATM) is protected against the most determined of digital attacks. What’s more, the highly static nature of these devices’ functions makes them ideal candidates for this kind of very granular protection strategy.  The Protected Whitelist Policy provides a granular and customizable set of system-wide of protections which automatically prevents execution of any process that is not known and explicitly trusted by the IT security team.  It also restricts the actions of known and trusted processes to only those actions critical to their function and/or which have been explicitly granted by IT. No unauthorized activity may be undertaken on a protected system.   These features provide a persistent, real-time, signature-free security measure which may be configured to work in conjunction with established patching processes and traditional anti-virus and ensure a strong security strategy even in less than ideal scenarios, and which cannot be readily defeated through conventional means.  Furthermore, Symantec Critical System Protection for Embedded systems enables the administrator the option of installing the agent in an un-managed configuration.  This un-managed configuration may then be readily and easily updated and configured when necessary by approved field technicians without the need for centralized management which may be impossible to receive.  

The Impact

Leveraging CSP:E for securing ATM systems requires installation of the Agent on your protected asset with the availability of a management server and database for initial agent configuration file and policy baselining for unmanaged agents.  When utilizing fully managed agents, the option of enhanced reporting services (such as NorthStar’s SOLVE solution) may and often are also implanted to enable more tailored visibility into the environment.  The Agent is a small footprint of 100MB free space and 256MB of RAM to install and run, and is available for Windows releases from NT 4.0sp6a through to current releases of Windows 10 and Windows server 2016. Additionally, Windows embedded platforms ranging from XP Embedded through to Windows 10IOT are also supported with the latest releases.  The management server ideally will support.   For questions about how Conventus can help with your Symantec DCS environment, please contact us via your favorite form of communication: Email: connect@northstar.io  |   Phone: 312-421-3270  | Server Security