HP continues to advance print security credentials
Amidst a rapidly evolving threat landscape, where malware and exploits continue to proliferate, endpoint security often fails to adequately protect networked printer and multifunction printer (MFP) devices. Through the recent launch of its HP Studios web series called ‘The Wolf’, HP aims to elevate awareness of print security risks, highlighting how corporate networks can be compromised through insecure printers and PCs. HP is clearly looking to reinforce its leadership in print security, claiming its broad MFP portfolio offers comprehensive “best-in-class” security,
Print security moves from protection to cyber-resilience
Cyber attacks are growing in sophistication, and are often designed to inflict maximum damage to an organisation’s systems and networks. The loss of sensitive data can have huge repercussions, both financial and legal – not to mention the impact on brand reputation. Recent Quocirca research indicated 66%1 of enterprises have suffered a print-related data breach, yet there remains a misplaced level of complacency around print security compared to other IT endpoints. In today’s Internet of Things (IoT) era, as smart products such as MFPs proliferate, the need to safeguard and protect these endpoints is critical for any business. Ultimately, an unprotected networked MFP is an open door to the network – and without the proper controls an MFP can be easily compromised.
Today, it is no longer enough to focus solely on software security measures and controls such as access control and malware detection. The hardware also needs to be protected from potential hacking attempts at the device and firmware level.
HP aims to address these vulnerabilities through a range of security measures across its next generation LaserJet and PageWide platforms. Not only does it support a strong set of default security features and settings but, perhaps most importantly, includes advanced embedded security capabilities that are specific to HP devices. These include:
- HP Sure Start.To prevent an attack at the point of start-up, HP is implementing BIOS-level security. This applies the same BIOS security that has protected HP’s Elite line of PCs since 2013 to the new HP LaserJet Enterprise printers. In the event of a compromised BIOS, a hardware protected ‘golden copy’ of the BIOS is loaded to self-heal the device to a secure state.
- Whitelisting: This ensures that only HP authentic code and firmware can be installed and loaded onto devices.
- Run-time Intrusion Detection.This protects the printer by continuously monitoring memory to identify, detect and highlight potential attacks and providing feeds to Security Information and Event Management (SIEM) tools like ArcSight and Splunk. The device will automatically reboot, flushing memory and bringing it back to a safe state. This technology was developed in partnership with Red Balloon Security, a US-based embedded device security company. The integration with SIEM tools ensures enterprise IT security teams benefit from early detection, rapid response and incident investigation, and can put in place appropriate remediation.
Additionally, HP will retrofit legacy devices, allowing customers to benefit from these security features for devices manufactured from 2011 onwards. According to HP, with a firmware update, all three features can be enabled on the HP LaserJet Enterprise printers delivered since April 2015.
Notably, HP is also addressing the needs of enterprises which operate a mixed fleet environment. HP JetAdvantage Security Manager, a policy-based printer security compliance product, enables IT to establish and maintain security settings such as closing ports, disabling access protocols, auto-erase files and more. Unique to HP Security Manager, HP Instant-on Security automatically adds devices when they join the network and immediately configures them to be compliant with a specific corporate security policy
HP’s enterprise class print security services
While hardware and firmware security are an essential element of a hardened and secure fleet, it is imperative that enterprises have access to broader professional services that provide support across a typical security framework.
This framework is commonly a five phase approach to identify devices; protect devices; detect incidents; respond with a plan, and recover normal operations.
HP addresses this through HP Secure Managed Print Services, which Quocirca currently positions as one of the more advanced print security service offerings in the industry. This is due to a broad range of services which include:
- Print Security Advisory Services. HP assesses the printer fleet to evaluate an organisation’s risk profile, and recommends implementation of the appropriate secure hardware and software.
- Print Security Implementation Services. HP security trained technicians implement recommendations as required.
Two further recurring services ensure ongoing and proactive security monitoring:
- Print Security Advisory Retainer Service. A reassessment and assist service, this allows the organisation to take advantage of HP’s ongoing security expertise. It includes risk profile updates and ad-hoc support.
- Print Security Governance and Compliance Service. This provides ongoing and proactive maintenance and monitoring of the print environment.
HP has set the pace in the market at a time when cybersecurity threats are becoming more widespread and sophisticated. What sets HP apart from its competitors is its brand strength, which allows it to drive awareness of print security, along with its long-established expertise in security innovation and technology across both its print and PC products. The integration with SIEM tools can help organisations merge print and IT security through one platform. Together with what Quocirca considers to be the broadest range of professional print security solutions and services in the industry, this positions HP well to address the print security needs of organisations of all sizes.