Interview: Jim Kirkhope of NCR
This article can also be found in the Premium Editorial Download "Information Security magazine: Seven questions to ask before committing to SaaS."
Download it now to read this article plus other related content.
Securing corporate networks against insider attacks is a difficult challenge
to be sure. But how do you prevent such attacks on 1.5 million ATMs worldwide? That's the job of
Jim Kirkhope, global manager for ATM network security at NCR, who sees it as an inside-out
proposition and one that doesn't necessarily include traditional security software.
There are established ways of locking down desktops and servers. How do you
secure a network of ATMs?
With ATMs, the real threats are the insider threats. We have a number of things we do. The majority
of the ATMs are Windows-based now. We lock the machines down to the NSA guidelines and use the XP
firewall. But, really, you're never going to keep an eye on them all. There are a lot of people out
there maintaining ATMs; a lot of people are touching these machines.
What led to your decision not to integrate antivirus on your ATMs any
My feeling: AV was AV was AV. They all did the same thing. When we shipped our machines, we would
integrate what the customer wanted. But in the security industry everyone is answering a point
problem and my feeling was that no one was tackling the root cause. We found a product that was
philosophically aligned with us.
| I prefer securing from the inside out as opposed to building a
wall. They're addressing the root cause, which is the ability to run code that wasn't
How did your customers react when you told them you weren't going to
integrate AV into the machines any longer?
The customer reaction in some respects was polarizing; but it was even before we did this. People
had their preferences and you could get into religious debates about the finer points of each AV
product. But an ATM, though it's a PC in the box, doesn't have the same threat surface. We don't
have file sharing. We don't have Word documents, a lot of the things that viruses travel with. Some
customers buy into it and some don't. But the truth is you still have to clean up the system before
you lock it down anyway.
Do you think that we're going to see enterprises going without
Well, we still run it internally, but it's the bane of my life. We've had discussions about it
here. I've always been an advocate of saying, if you have a firewall and your network is protected
you can take worms and that sort of thing off the table. Pure AV, it's so resource-intensive. By
the time you take out all the things that make it run slowly, it's not worth much.
Download the complete interview with Jim Kirkhope at searchsecurity.com.
This was first published in May 2008