Posted on 02 September, 2019

Symantec™ Critical System Protection (CSP)

Host – Based protection for ATMs

Automated Teller Machines (ATMs) are one of the highest value customer touch points in in the banking industry. Banks and ATM operators must protect their ATMs and meet their compliance obligations for operating in this heavily regulated industry sector. Controlling what applications can run on your ATM devices is one of the most vital steps to protecting against unauthorized access and attack.

Providing a direct interface to cash inevitably makes ATMs a target in a numerous and sophisticated ways with new methods being regularly exposed. Attack methods extend from physical (such as skimming and pin cameras) to virtual through malware. Single use devices such as ATM terminals perform predictable functions, meaning the device should always be in a known state, with known applications performing known behavior. ATMs however are built using common OS and are as a result subject to vulnerabilities and exploitation similar to those experienced by laptops and workstations.

Harden your ATM systems against unauthorized attacks and access with application whitelisting control

Symantec™ Critical System Protection (CSP) addresses these pain points by providing a policy-driven host based, least privilege approach to endpoint security and compliance. Controlling what can and can’t be run on a machine is only part of the ATM protection story. Best practices like code signing and protection, secure management, authentication and encryption all play a part in a robust ATM security strategy. Symantec™ Critical System Protection policies provide thousands of pre-built rules that comprehensively monitor and harden the operating system of enterprise systems and require minimal tuning.

Symantec™ Critical System Protection Capabilities:

Symantec™ Critical System Protection has two enforcement components that can be independently activated on ATM systems: prevention and detection.

Detection - CSP Component that monitors for system activity as it occurs and can trigger event based actions

Prevention - CSP component that has proactive enforcement rules that can stop malicious activity before it occurs


  • Intrusion Prevention
  • Intrusion Detection
  • System Hardening
  • Application Whitelisting
  • Application Sandboxes
  • Vulnerability and Patch Mitigation

Detection & Compliance

  • Real-Time Monitoring and Auditing
  • Intrusion Detection
  • File Integrity Monitoring
  • Configuration Monitoring
  • Tracking and Monitoring of User Access
  • Logging and Event Reporting