Nowadays, the development vector of security technologies is quite unambiguous: effective IT systems protection is primarily a specialized protection. Just ten years ago, companies developing software security solutions for devices were doing their best to create a universal boxed solution, but now the reality requires strict segmentation.
It is no longer sufficient to ensure the banking equipment security using standard methods applicable to personal or corporate computers. A specialized solution that protects such an important part of the technical infrastructure must meet industry standards and requirements, have several levels and be adapted to different types of threats: from system vulnerabilities (exploits) and logical attacks to attempts to steal the hard drive and the technical staff abuse.
The insufficiency of action logic, specific in the industry, results the anti-virus programs inconsistency of standard with the requirements in order to secure ATMs and other banking devices. In this regard, solutions like Vynamic ™ Security Suit from Diebold Nixdorf rises above the standard anti-virus programs in many ways. The developers of Vynamic ™ Security compare their product with onion that has 38 layers. To overcome them is a highly complex and time-consuming task. This means that financial institutions that use this solution can in fact ensure the safety of money and personal data of their customers.
However, the advantages of specialized software, and therefore, the justification of investments in security, are very clear in compare with the usual practice. It is worth reminding that every year the banking industry bears damage in tens of millions of dollars from intruders’ attacks.
Restriction and access protection
A separate element in the security architecture of Vynamic ™ Security is a strict access restriction and clearly defined roles for each user of the system. Rights management implies strict regulation - who, when and what has access to. In this case, the user's actions are recorded in details and based on it the standard behavior model is created, where the deviation from the "norm" is estimated by the system as a potential threat.
In compare, the possibility to restrict user access offered by standard antiviruses looks at least bleak and completely inconsistent, if we consider them as the only solution used to ensure the safety of self-service devices (ATMs, payment kiosks, POS terminals, etc.)
Sensitive data encryption
Technically, the hard drives installed inside the standard computers and ATMs are no different. However, the requirements for ensuring their protection differ very radically. One of the preparatory stages for the criminal logical attack on the bank’s self-service infrastructure is the theft of the terminal’s original hard disk and its replacement with the pre-prepared hard disk including the malicious software. In this regard, hard drive protection, including data encryption, allows, on the one hand, to protect the stored data, on the other hand, to signal the changes in the device’s infrastructure.
The irrelevance of the existing methods became clear in early 2018 after the wave of repetitive logical attacks, initiated on one of the self-service network devices including the theft and replacement of the HDD. During the attempt to install an "alien" hard disk, Vynamic ™ Security preserves the integrity of the system, even when the ATM is off. The data protection occurs in offline mode continuously, which is important when the ATM is rebooting, since it ensures the operation of the device only in the specified software and hardware environment.
Meanwhile, the antiviruses protect active data, but they "do not cover" the so-called data at rest. According to the report of the world's largest anti-virus software manufacturers, standard solutions for securing data were installed on all attacked computers, but this did not stop the attackers from using the boot disk and installing a malicious program on the ATM. In this case, the activation of the computer virus occurred when the self-service device was rebooted or briefly disconnected.
Unlike anti-virus software, Vynamic ™ Security meets all PCI DSS (Payment Council Industry Data Security Standard) requirements, providing protection for both – the active data and at the rest.
Integrated Intrusion Protection
One curious observation: four out of five malicious programs used to attack the infrastructure of financial organizations in recent years were specifically created for the ATM and POS environments, while the current protection philosophy did not meet even very average industry requirements. According to Travis Smith, senior security research engineer for Tripwire, almost all ATM hackers understand that they need to adapt their methods to avoid detection. Knowing that it is extremely surprising that we have to prove to the responsible bank employees the importance of installing specialized protection.
Access protection of Vynamic ™ Security principle is to make the attack’s surface of the device as minimal as possible. The solution protects the most vulnerable points of operating systems Microsoft Windows XP, Windows 7 and Windows 10 based on recognized security standards, which makes the computer installed on the ATM quite suitable for self-service devices even after the expiration of the OS support period. Additionally, all the firmware pre-compiled by the manufacturer are removed and all system services and components that are not required for ATM operation are disabled.
The principle of forming a "black list" protecting the self-service devices has long been inadequate. Vynamic ™ Security offers the use of the so-called “Whitelisting”, to which only authorized applications are added.
Another feature of Vynamic ™ Security is the principle of using pro-active Zero-Day Protection as a preventive measure against unknown threats at the given moment, while standard antiviruses are highly dependent on updating anti-virus databases. In this regard, developers of antiviruses require from 2 to 27 days to release the necessary update to combat the newly emerging threat.
Due to this reason, the security methods that rely on classic antivirus technologies show a very mediocre result in dynamic antivirus testing.
It is worth to note that the Vynamic ™ Security system is the only so-called agnostic specialized security tool for ATMs, payment kiosks and POS terminals. This means that the solution is suitable for the devices from different manufacturers without a strict binding to the already used version of the operating system and other programs installed on the ATM.
According to the National Security Agency (NSA), the level of encryption Vynamic ™ Security (AES-256) meets security standards for solutions used in the military industry.
These characteristics allow us to assert the advantage of Vynamic ™ Security Suit over traditional anti-virus programs, which are widely used by many banks. Standard antiviruses are less effective against various kinds of threats, but they can be simply disabled if the bank’s service technician with the required access level participates in the attack.
BS/2 is the official Vynamic ™ Security provider in the CIS and Baltic countries, as well as in other regions. Contact our consultants who will explain in detail all the advantages of using this solution, developed by Diebold Nixdorf.
Penkių kontinentų bankinės technologijos (BS/2)
BS/2, a part of the Penki Kontinentai Group, has been developing software, supplying banking equipment, and providing system integration, maintenance, and full scope of outsourcing services in 80 countries around the world for more than 25 years. BS/2 is the leader in the field of banking technologies, providing innovative banking solutions and consultancy services all over the world. BS/2 clients are the largest banks in Baltic States, Central Asia, the Caucasus, Eastern Europe and other regions.