Feature

Interview: Jim Kirkhope of NCR

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Seven questions to ask before committing to SaaS."

Download it now to read this article plus other related content.

Securing corporate networks against insider attacks is a difficult challenge to be sure. But how do you prevent such attacks on 1.5 million ATMs worldwide? That's the job of Jim Kirkhope, global manager for ATM network security at NCR, who sees it as an inside-out proposition and one that doesn't necessarily include traditional security software.

JIM KIRKHOPE


There are established ways of locking down desktops and servers. How do you secure a network of ATMs?
With ATMs, the real threats are the insider threats. We have a number of things we do. The majority of the ATMs are Windows-based now. We lock the machines down to the NSA guidelines and use the XP firewall. But, really, you're never going to keep an eye on them all. There are a lot of people out there maintaining ATMs; a lot of people are touching these machines.

What led to your decision not to integrate antivirus on your ATMs any longer?
My feeling: AV was AV was AV. They all did the same thing. When we shipped our machines, we would integrate what the customer wanted. But in the security industry everyone is answering a point problem and my feeling was that no one was tackling the root cause. We found a product that was philosophically aligned with us.

    Requires Free Membership to View

I prefer securing from the inside out as opposed to building a wall. They're addressing the root cause, which is the ability to run code that wasn't authorized.

How did your customers react when you told them you weren't going to integrate AV into the machines any longer?
The customer reaction in some respects was polarizing; but it was even before we did this. People had their preferences and you could get into religious debates about the finer points of each AV product. But an ATM, though it's a PC in the box, doesn't have the same threat surface. We don't have file sharing. We don't have Word documents, a lot of the things that viruses travel with. Some customers buy into it and some don't. But the truth is you still have to clean up the system before you lock it down anyway.

Do you think that we're going to see enterprises going without AV?
Well, we still run it internally, but it's the bane of my life. We've had discussions about it here. I've always been an advocate of saying, if you have a firewall and your network is protected you can take worms and that sort of thing off the table. Pure AV, it's so resource-intensive. By the time you take out all the things that make it run slowly, it's not worth much.

Download the complete interview with Jim Kirkhope at searchsecurity.com.

 

This was first published in May 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: