HP, Fuji Xerox, and Ricoh Are the First OEMs to Pass the Device Penetration Protocol
Fairfield, NJ – Keypoint Intelligence - Buyers Lab, the industry’s leading authority in hardcopy device testing and research, today unveiled its complete Security Validation Testing program. Initially targeted to connected MFPs and printers and eventually expanding to include all “smart workplace” IoT devices, the program establishes industry-standard benchmarks in the areas of Device Penetration, Policy Compliance, and Firmware Resilience. Administered by Buyers Lab, long recognized as the independent source for test data for the office equipment industry, the cornerstone of the program is hands-on testing conducted by Buyers Lab in concert with accredited security testing firms.
“End-point security is top of mind for organizations of all sizes, and rightfully so,” said Randy Dazo, Keypoint Intelligence’s President and CEO. “If not properly designed and secured, a company’s output devices can be an unlocked ‘back door’ serving as a conduit between the Internet and the corporate network. Our program establishes standards that all device manufacturers can strive to achieve, and cuts through the jargon and competing claims for purchasing decision-makers.”
During two years of program development, Keypoint Intelligence solicited input from leading document imaging OEMs. The result is a three-track test suite that addresses security from various vectors to ensure devices are safeguarded against vulnerabilities—and that they remain so:
Device Penetration: A combination of automated tools and manual exploitation are used to probe for potential vulnerabilities in the device firmware/OS, ports, print protocols, embedded web page, connectivity avenues, and more.
Policy Compliance: Technicians employ the OEMs’ management tools to specify security settings and save those settings as a “policy” template, apply the policy across a fleet to ensure devices are in compliance, monitor those settings on an ongoing basis, automatically remediate devices that fall out of compliance, and more.
Firmware Resilience: Technicians use the OEMs’ tools and protocols to validate that devices are in compliance with the NIST SP 800-193 guidelines for platform resiliency of connected devices. The testing ascertains whether mechanisms are in place to protect the platform against unauthorized changes, and that the device can detect an attack and recover to a secure state automatically.
The pressing need for such a program is not theoretical. In 2019, for example, security researchers in the Microsoft Threat Intelligence Center discovered infrastructure of known Russian hackers communicating to several external devices and attempts by the hackers to compromise popular IoT devices—including an office printer—to breach networks. Once they established access, the hackers were able to uncover other unsecure devices and move across the network seeking higher-value data.
Notably, the Keypoint Intelligence - Buyers Lab program differs from Common Criteria Certification for output devices in that there is not only verification that a device has the prescribed set of features and that they are correctly implemented, but also hands-on testing to determine if vulnerabilities remain. OEMs that submit products for testing and pass one, two, or all three tracks earn the right to license the Security Validation Testing seal to communicate to customers that the platform has passed the testing.
HP, Fuji Xerox, and Ricoh Are the First to Earn the Device Penetration Testing Seal
Keypoint Intelligence is pleased to also announce that inaugural participants in the program—HP, Fuji Xerox, and Ricoh—have passed the Device Penetration testing.
“We are thrilled that HP, Fuji Xerox, and Ricoh supported us in our initial round of testing, and just as thrilled to report that their platforms met the stringent criteria put forward in our Device Penetration test protocol,” said Dazo. “These actions are a testament to those companies’ commitment to product security and desire to raise the bar for the entire industry.”
For more information on the Buyers Lab Security Validation Testing program and the details about the products that have passed, please visit https://keypointintelligence.com/security.
About Keypoint Intelligence - Buyers Lab
Keypoint Intelligence is a one-stop shop for the digital imaging industry. With our unparalleled services and unmatched depth of knowledge, we cut through the noise of data to offer clients the independent insights and responsive tools they need in those mission-critical moments that define their products and empower their sales.
For over 50 years, Buyers Lab has been the global document imaging industry’s resource for unbiased and reliable information, test data, and competitive selling tools. What started out as a consumer-based publication about office equipment has become an all-encompassing industry resource. Buyers Lab evolves in tandem with the ever-changing landscape of document imaging solutions, constantly updating our methods, expanding our offerings, and tracking cutting-edge developments.