Why Vynamic™ Security Suit is more effective than traditional antiviruses
Nowadays, the development vector of security technologies is quite unambiguous: effective IT systems protection is primarily specialized protection. Just ten years ago, companies developing software security solutions for devices were doing their best to create a universal boxed solution, but now the reality requires strict segmentation.
It is no longer sufficient to ensure the banking equipment security using standard methods applicable to personal or corporate computers. A specialized solution that protects such an important part of the technical infrastructure must meet industry standards and requirements, have several levels, and be adapted to different types of threats: system vulnerabilities (exploits) and logical attacks to steal the hard drive and the technical staff abuse.
The insufficiency of action logic, specific in the industry, results in the anti-virus programs’ inconsistency of standard with the requirements to secure ATMs and other banking devices. In this regard, solutions like Vynamic ™ Security Suit from Diebold Nixdorf rise above the standard anti-virus programs in many ways. The developers of Vynamic ™ Security compare their product with an onion that has 38 layers. To overcome them is a highly complex and time-consuming task. This means that financial institutions that use this solution can, in fact, ensure the safety of the money and personal data of their customers.
However, the advantages of specialized software and the justification of security investments are obvious compared to the usual practice. It is worth reminding that the banking industry bears damage in tens of millions of dollars from intruders’ attacks every year.
Restriction and access protection
A separate element in the security architecture of Vynamic ™ Security is a strict access restriction and clearly defined roles for each user of the system. Rights management implies strict regulation – who, when, and what has access to. In this case, the user’s actions are recorded in detail and based on it. The standard behavior model is created, where the system estimates the deviation from the “norm” as a potential threat.
In comparison, the possibility of restricting user access offered by standard antiviruses looks at least bleak and completely inconsistent if we consider them the only solution used to ensure self-service devices (ATMs, payment kiosks, POS terminals, etc.)
Sensitive data encryption
Technically, the hard drives installed inside the standard computers and ATMs are no different. However, the requirements for ensuring their protection differ very radically. One of the preparatory stages for the criminal logical attack on the bank’s self-service infrastructure is the theft of the terminal’s original hard disk and its replacement with the pre-prepared hard disk, including the malicious software. In this regard, hard drive protection, including data encryption, allows, on the one hand, to protect the stored data, on the other hand, to signal the changes in the device’s infrastructure.
The irrelevance of the existing methods became clear in early 2018 after the wave of repetitive logical attacks initiated on one of the self-service network devices, including the HDD theft and replacement. During the attempt to install an “alien” hard disk, Vynamic ™ Security preserves the system’s integrity, even when the ATM is off. The data protection occurs in offline mode continuously, which is important when the ATM is rebooting since it ensures the device’s operation only in the specified software and hardware environment.
Meanwhile, the antiviruses protect active data, but they “do not cover” the so-called data at rest. According to the report of the world’s largest anti-virus software manufacturers, standard solutions for securing data were installed on all attacked computers, but this did not stop the attackers from using the boot disk and installing a malicious program on the ATM. In this case, the computer virus’s activation occurred when the self-service device was rebooted or briefly disconnected.
Unlike anti-virus software, Vynamic ™ Security meets all PCI DSS (Payment Council Industry Data Security Standard) requirements, protecting both – the active data and the rest.
Integrated Intrusion Protection
One curious observation: four out of five malicious programs used to attack financial organizations’ infrastructure in recent years were specifically created for the ATM and POS environments, while the current protection philosophy did not meet even very average industry requirements. According to Travis Smith, senior security research engineer for Tripwire, almost all ATM hackers understand that they need to adapt their methods to avoid detection. Knowing that it is shocking that we have to prove to the responsible bank employees the importance of installing specialized protection.
Access protection of Vynamic ™ Security principle is to make the attack’s surface of the device as minimal as possible. The solution protects the most vulnerable points of operating systems Microsoft Windows XP, Windows 7, and Windows 10 based on recognized security standards, making the computer installed on the ATM quite suitable for self-service devices even after the expiration of the OS support period. Additionally, all the firmware pre-compiled by the manufacturer is removed, and all system services and components that are not required for ATM operation are disabled.
The principle of forming a “blacklist” protecting self-service devices has long been inadequate. Vynamic ™ Security offers the use of the so-called “Whitelisting,” to which only authorized applications are added.
Another feature of Vynamic ™ Security is the principle of using pro-active Zero-Day Protection as a preventive measure against unknown threats at the given moment. At the same time, standard antiviruses are highly dependent on updating anti-virus databases. In this regard, antiviruses developers require 2 to 27 days to release the necessary update to combat the newly emerging threat.
Due to this reason, the security methods that rely on classic antivirus technologies show a very mediocre result in dynamic antivirus testing.
It is worth noting that the Vynamic ™ Security system is the only so-called agnostic specialized security tool for ATMs, payment kiosks, and POS terminals. This means that the solution is suitable for the devices from different manufacturers without a strict binding to the already used version of the operating system and other programs installed on the ATM.
According to the National Security Agency (NSA), the encryption Vynamic ™ Security (AES-256) level meets security standards for solutions used in the military industry.
These characteristics allow us to assert Vynamic ™ Security Suit’s advantage over traditional anti-virus programs, which many banks widely use. Standard antiviruses are less effective against various threats, but they can be simply disabled if the bank’s service technician with the required access level participates in the attack.
BS/2 is the official Vynamic ™ Security provider in the CIS and Baltic countries and other regions. Contact our consultants who will explain all the advantages of using this solution, developed by Diebold Nixdorf.