Hackers go where the money is, so it is not surprising that attacks against Automated Teller Machines are rising. To thwart the bad guys, banks can deploy Security Information and Event Management (SIEM) solutions. These products study patterns in ATM interactions and deliver actionable insights that help financial institutions secure their networks.
The number of attacks against ATMs grew by double-digits, according to the ATM Industry Association (ATMIA). More than half of banks (54%) experienced ATM criminal activity, such as network packet sniffing, PIN (Personal Identification Number) compromises, ATM skimming, and dispenser jackpotting, an emerging attack where ATMs dispense cash like winning slot machines on a casino floor.
How Do SIEM Solutions Work?
SIEM products and services combine Security Information Management (SIM) and Security Event Management (SEM) solutions to protect these transactions. These products start by collecting security-related data, like configuration information, device state data, network traffic, performance metrics, and system availability. In fact, the tools have become quite powerful and flexible. They gather data for hundreds of operating systems, hardware platforms, applications, and network devices. If a bank has a proprietary platform, a software development kit enables the bank to connect the application to the SIEM.
These products do more than collect information. SIEM solutions correlate data to help security analysts monitor activities, such as entries into the network, the launching of unsolicited services, software attacks, and antivirus feeds. These features create a comprehensive overview of the ATM network security posture at each moment.
SIEM solutions examine all incoming network and system traffic. The tools help you detect suspicious activity as it occurs. They examine logs from a controlling network server and ATM endpoints. The product monitors file modifications, deletions, and permission changes. In addition, the system oversees registry, file, and folder activity, constantly looking for suspicious -- and possibly malicious -- behavior.
These systems include data analytic capabilities. After system configuration and network activity information is collected, companies determine if anything unusual has taken place with their ATMs. Because data comes from a variety of sources, SIEMs collect it, collate it, and then present it in easy-to-understand dashboards that can be customized to the viewer's needs.
Data can be divided into different categories. For example, if the bank wants to see any configuration changes over the previous 24 hours, the system generates a report based on that parameter. In this case, if someone changed an ATM or a group of ATMs, say they patched a group of systems or updated the underlying hardware, the report identifies the transactions. The IT team then takes a closer look at the alterations and responds, such as turning a machine off, if necessary.
Real Time Mediation
ATM malware has become so sophisticated that a hacking team can quickly clean out all of the money from the machine. So, any lag from the time a possible threat is detected to a response from the security team is extremely costly to a business. SIEM solutions identify threats in real time.
Automated Threat Remediation
The number of alerts sent to operations teams can be overwhelming. Many IT teams, regardless of size, struggle to keep up with the volume of automated security alerts that SIEM tools generate — there’s just not enough time in the day to investigate every incident.
Consequently, businesses need tools that separate the noise from actionable information. SIEM products conduct security event investigations and generate forensics that lead to problem mitigation. They simplify threat remediation with automated responses that block IP addresses, change privileges, disable accounts, and kill applications when necessary.
Compliance is a top management issue nowadays for financial services companies. Various reporting regulations, such as Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA), and the European Union’s General Data Protection Regulation (GDPR), demand that your company take steps to protect sensitive information.
SIEM solutions help you prepare for and create reports that illustrate your company’s regulatory compliance. The system includes the information needed to demonstrate audit compliance. Your ability to illustrate that you have taken steps to limit the potential of and the impact of a possible security incident helps to protect the business from potential fines, penalties, and legal actions.
Protecting ATM networks is challenging. Banks often lack the technical expertise needed to identify and respond to threats. DataComm is available to help. The company has worked with numerous financial institutions to secure their ATM transactions.
The company has a robust suite of SIEM security services. DataComm offers 24/7 network monitoring, windows event log monitoring, firewall management, intrusion detection and prevention, data loss prevention, spam filtering, and encryption services.
The company’s solutions keep your ATM traffic safe. Learn more about how DataComm can protect your business’ ATM transactions.