Jun 05 2018

How SIEM Solutions Protect Banks Against ATM Fraud

Security information and event management tools enable IT teams to study patterns in ATM breaches and deliver actionable insights for securing critical networks.

After a double-digit surge in ATM crime last year, the banking sector is on high alert.

According to a January report from the ATM Industry Association (ATMIA), 54 percent of survey respondents said they experienced some kind of ATM crime in 2017, up from 42 percent in 2016. The Global Fraud and Security Survey – 2017 examines trends in attacks such as ATM skimming, PIN compromise and network packet sniffing.

The survey also looks at dispenser jackpotting, a relatively new and sophisticated attack in which hijacked ATMs spit out cash much like slot machines expel big-win payouts. The first widespread jackpotting activity hit the U.S. in January when a handful of successful attacks cost banks more than $1 million in stolen cash, Reuters reports.

ATMIA CEO Mike Lee calls on the financial industry to unite behind ATM security in the face of rising threats. “Since there is now such a variety of methods of attack, technologies and tools available, our industry needs to start 2018 with an attitude of vigilance," he says in the ATMIA press release.

SIGN UP: Get more news from the BizTech newsletter in your inbox every two weeks!

A Powerful Tool for Safeguarding ATM Networks

As financial institutions work toward strengthening their defenses, security information and event management (SIEM) products — available from vendors such as HPE, IBM and Splunk — offer invaluable visibility into ATM networks.

In a post on IBM’s SecurityIntelligence blog, IBM-certified security specialist Serguei Tchesnokov explains how the technology works:

SIEM tools receive logs from a controlling network server and ATM endpoints, and employ correlation rules to help security analysts monitor things such as entries into the network, the launching of unsolicited services, software integrity and antivirus feeds. This delivers a comprehensive overview of the ATM network security posture at any moment.

Once they understand the events that led up to and followed a given breach, IT teams can use that information to not only identify the extent of the damage but also address the vulnerabilities that the attackers exploited in the first place.

Methods to Decrease SIEM Noise for Your Bank 

Although SIEM solutions offer several advantages to financial institutions, they also present challenges. Many IT teams, regardless of size, struggle to keep up with the volume of automated security alerts that SIEM tools generate — there’s just not enough time in the day to investigate every incident.

Turning off the notifications is not a solution to this problem. Instead, banks need to identify which alerts are important to them when configuring their SIEM product. Those that rank lower in priority may reasonably go unanswered.

Tapping a managed services partner that can supplement internal resources also helps combat alert fatigue. Armed with advanced SIEM tools, trained experts can deliver real-time incident response, record collection and correlation, reporting, and attack pattern analysis. They can also help banks keep up with logging compliance requirements to reduce the strain on in-house IT departments even further.

Learn more about how CDW solutions for the banking industry can keep your firm's data secure.  

eclipse_images/Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.