keypoint-blogs

Keypoint Intelligence Is Doing More Than Just Talking About MFP and Printer Security

Written by Jamie Bsales | Feb 20, 2020 4:22:28 PM

 

There’s been no shortage of conversation around MFP and printer device security, with competing claims—and sometimes outright sniping—among major OEMs about who has which features and whose devices are more vulnerable to hackers. So, we here at Keypoint Intelligence - Buyers Lab said to ourselves, “Someone should do something to clarify all this,” a thought soon followed by the realization that, “and that someone should be us!”

 

I mean, who better than the industry’s leading authority in hardcopy device testing and research, right? We already have the trust of both office equipment makers and IT decision makers with our unbiased test results on reliability, productivity, image quality, and more. That’s why we are proud to introduce our Security Validation Testing program, which establishes industry-standard benchmarks to help level the playing field of competing, often contradictory claims. As customers would expect from us, the cornerstone of the program is hands-on testing and evaluation conducted by Buyers Lab, this time in concert with accredited security testing firms.

 

The pressing need for such a program is not theoretical. For example, in 2019, security researchers in the Microsoft Threat Intelligence Center discovered infrastructure of known Russian hackers communicating to several external devices and attempts by the hackers to compromise popular IoT devices—including an office printer—to breach networks.

 

During the two years of development of the program, Keypoint Intelligence personnel solicited input and guidance from all the key OEMs that serve the document imaging space. The result is a three-track test suite that addresses security from various vectors to ensure devices are safeguarded against vulnerabilities—and that they remain so:

 

Device Penetration:  A combination of automated tools and manual exploitation attempts are used by certified security experts to probe for potential vulnerabilities in the device firmware/OS, ports, print protocols, embedded web page, connectivity avenues, and more.

 

Policy Compliance:  Buyers Lab technicians employ the OEMs’ management tools to specify desired security settings and save those settings as a “policy” template, apply the policy across a fleet to ensure devices are in compliance, monitor those settings on an ongoing basis, automatically remediate devices that fall out of compliance, and more.

 

Firmware Resilience:  Certified security technicians use the OEMs’ tools and protocols to validate that devices are in compliance with the NIST (National Institute of Standards and Technology) SP 800-193 guidelines for platform resiliency of connected devices. The testing looks to see whether mechanisms are in place to protect the platform against unauthorized changes, and that the device can detect an attack and recover to a secure state automatically.

 

So far, three inaugural participants—Fuji Xerox, HP, Ricoh—have passed the Device Penetration track, while HP has also passed Policy Compliance.

 

For more information, about the program and details about the products that have passed, please visit https://keypointintelligence.com/security.