NCR Highlights Software to Withstand Insider Hacking

ATM manufacturer NCR Corp. is highlighting an aspect of its machine's software that is able to withstand an "insider" placing malware on it machines.
In March, technology-focused media outlets reported that Diebold, another major ATM manufacturer, had some of its machines in Russia compromised by thieves who actually got inside the machines to place code that stole data from transactions.
Diebold never commented on the reported attacks but announced a reorganization of its security operations in the middle of the month. Media outlets also published memos from the ATM manufacturer to those that deploy its machines, warning them of the security threat.
NCR's announcement pointed out that its software was designed to help counter that risk.
"While the industry only focused on network threats such as viruses and worms, NCR recognized that the underlying risk to any system was unauthorized software from any source-particularly the growing risk of insider fraud," said Rosen Sharma, chief technology officer for Solidcore, NCR's security software package.
"NCR combined its awareness of IT threats with an in-depth knowledge of financial industry delivery channels such as the ATM and tailored the Solidcore run time control and white listing technology to the unique 24/7 needs of these self-service channels to protect them from unauthorized code."
Rather than reacting to known attacks as they arise, Solidcore for APTRA proactively allows only authorized code to run. Specifically, Solidcore for APTRA automatically creates and updates the inventory of good code and limits the run time environment to the code in that inventory, or white list.
In addition, authorized code cannot be modified, deleted or hijacked-the process in which malicious code replaces authorized code with itself.
--dmorrison@cutimes.com