Are your customers’ printers and MFPs a potential Trojan Horse to the security of their networks? According to an HP-sponsored research report conducted by the Ponemon Institute, that very well could be the case. The report revealed that 56 percent of companies ignore printers in their endpoint security strategy. It appears that the security obsession (rightfully) prevalent in IT departments has skipped over the printing and imaging space. However, with the release of three new enterprise-class LaserJet MFP and printer series and the introduction of new security features available on new and select legacy printers, as well as updates to JetAdvantage Security Manager, HP is expanding its focus to include more printer-based security solutions.
According to the Ponemon study, the average cost to resolve an enterprise-level cyber-attack tallies in at $7.6 million. Making matters more frightening, 53 percent of IT managers polled by Ponemon realize printers are vulnerable to cyber-crime and 64 percent state their printers are likely infected with malware. Despite their knowledge and suspicions, many organizations don’t respect the risk involved in leaving networked printers vulnerable.
Ponemon’s research highlights three areas—people, processes and governance, and technology challenges—as potential spaces for security breaches. And in response to their findings, the analysts at Ponemon Institute offered several action strategies and best practices in addressing end-point device security:
● Include safeguards in security policies and practices preventing the loss of confidential and sensitive data ● Address the appropriate handling of sensitive and confidential information in regards to network-connected printers and peripheral devices ● Assess departments and functions that pose the greatest security risks based on the types of information generated and/or printed, and strengthen security practices and access controls based on findings ● Employ technology solutions that improve the ability to secure printers across the organization and assign access rights based on document sensitivity
HP’s latest combination of new LaserJet devices and embedded device security features, coupled with firmware and software updates, puts organizations in a position to check off each of Ponemon’s recommendations—ultimately reducing the odds of a catastrophic security breach.
LaserJet Enterprise Introductions The HP LaserJet Enterprise M506 series is designed for workgroups of 5–15 users in need of a monochrome printer with monthly print volumes of between 2,000 and 7,500 pages. The series offers forward-thinking organizations a modular solution which can be scaled as their printing needs grow. According to HP, the series reduces its carbon footprint by 25 percent and boasts dual-sided print speeds 71 percent faster than its predecessor. For on-the-go users, the device supports NFC touch-to-print and includes built-in wireless direct connect. To quell the nerves of security wary organizations, the series comes standard with embedded features that detect security threats from the moment the machine is powered on to the time it is shutdown.
HP LaserJet Enterprise M506x
The HP LaserJet Enterprise MFP M527 series provides monochrome printing/copying, plus single-pass, two-sided color scanning for workgroups of 5–15 people who print between 2,000 and 7,500 pages per month. Paper upgrade options are capable of holding up to 2,300 sheets, minimizing interruptions of long-run jobs. The 8" color touch-screen control panel provides users with an easy-to-use interface. An available “Flow” configuration provides upgraded scan features, such as a retractable keyboard, which is especially helpful when working with advanced workflow features.
HP LaserJet Enterprise MFP M527c
The HP LaserJet Enterprise MFP M577 series offers color printing/copying and single-pass, two-sided scanning to workgroups of up to 15 people. A “Flow” configuration that includes an 8" color touch-screen control panel and retractable keyboard, is available to provide standard integration with Flow CM software to support advanced workflows. According to HP, the M577 offers double-sided printing speeds 41 percent faster than its predecessor.
HP LaserJet Enterprise MFP M577z
Embedded Device Security HP SureStart extends the same BIOS security found on HP’s Elite line of PCs to new HP LaserJet Enterprise printers and MFPs. The new feature can detect and self-heal BIOS attacks. SureStart works off of a hardware-based root of trust which validates the authenticity of the system BIOS and embedded controller firmware. If the BIOS is attacked or corrupted, SureStart automatically restores the system BIOS to its safe state from an electrically isolated flash-memory area. SureStart’s detection of and recovery from malware can be transparent to customers.
HP Whitelisting is a feature that eliminates the execution of potential malware or tampered code, ensuring only HP-authentic code is loaded at bootup. As code is loaded into memory, the device checks and validates the code’s digital signature. If the signature does not match, the device will reboot automatically to a secure state, then simultaneously notify IT of an invalid code via control panel message and syslog alert and hold for IT intervention.
HP Run-Time Intrusion Detection is a host-based, in-memory monitoring feature to detect potential injection attacks. The feature keeps a continuous keen eye on the devices memory, looking for anomalies. If an anomaly is detected, the device reboots to a known good condition. In addition, anomalies can be tracked by Security Information and Event Management tools such as ArcSight. As with SureStart, detection and recovery can be transparent from the customer’s perspective.
According to HP, all three new security features will be enabled for the new M527, M577 andM506 series; as well as the currently available M552, M553, M604, M605 and M606 printers, and all new FutureSmart devices via the November FutureSmart Bundle 3.7 release. For legacy products manufactured since 2010, a FutureSmart release to extend White Listing and Intrusion Detection (but not SureStart) will be available in Spring 2016.
Policy-management Software HP JetAdvantage Security Manager 2.1 is the latest version of the award winning policy-based print security compliance tool. The solution delivers an embedded “best practice” template containing recommended configuration for a devices core security setting related to authentication, print, and sending functions just to name a few. The policy editor can be used to make policy adjustments per a companies use case. The solution monitors an entire MFP fleet for devices that are out of compliance with an organization’s set security policies. If a device is out of compliance, administrators can adjust 100+ security settings remotely to restore the device’s compliancy issue. Other features include the automatic generation and renewal of unique identity certificates, which can save administrators thousands of man hours, and risk-based reporting, which helps IT monitor and respond to audits.