Can Your Printer Block a Cyber Assault?

HP has armed its devices with defensive technologies designed to thwart attackers’ efforts and self-heal.

istock 540848970 3

Once somebody gains access to your network, their battle is half-won; they can begin to roam around before IT security teams are aware of their presence. Being forced into a reactive posture is never an ideal strategy. Unfortunately, too many organizations don’t sufficiently account for network printers in defense strategies, even though they can be instrumental in detecting and preventing attacks in real time.

In a recent interview with SC Media UK at Infosecurity Europe 2017, Paul McKiernan, print security advisor at HP Inc., remarked on an increase in cyberattacks using printers as an intrusion vector.

“We are seeing more incidents reported to us this year than last year,” McKiernan said. According to the publication, McKiernan advised users to “integrate their printers into mainstream cyber-security tools sensibly.”

As noted in the IT Pro report, printers are extremely vulnerable endpoints.

“Once the printer itself is compromised, everything going through it will be too,” the report states. “Even if a job was sent to the printer in a secure fashion, it will be unencrypted and any password protection negated as the user logs in. Also, if a user employs the same password for their general network login as they do for accessing a printer to run jobs, copy, or scan, then that security information could be captured by the malware infection and passed outside for criminal usage elsewhere on the network.”

HP has moved beyond routine monitoring of printers, to introduce devices with defensive technologies “designed to thwart attackers’ efforts and self-heal. These features automatically trigger a reboot in the event of an attack or anomaly.” These printers include four key technologies:

  • HP Sure Start validates the integrity of the BIOS at every boot cycle. If a compromised version is discovered, the device restarts using a safe, “golden copy” of the BIOS.
  • FutureSmart firmware coordinates hardware functions, runs the control panel, determines what features are available when printing, scanning, or emailing, and provides network security. Whitelisting helps ensure only authentic, “known good” HP code that has not been tampered with is loaded into memory.
  • Run-time intrusion detection checks for anomalies during complex firmware and memory operations. In the event of an intrusion, the device automatically reboots.
  • HP Connection Inspector evaluates outgoing network connections to determine what’s normal, stop suspicious requests, and automatically trigger a self-healing reboot.

“The security profession is finally accepting this axiom: given enough resources, an attacker will eventually be successful,” Simon Shiu, director of HP’s Security Lab, and Boris Balacheff, HP chief technologist for Security Research and Innovation, write in a co-authored article. “This means designing not only security protections, but also mechanisms that detect when protections fail and help recover devices or infrastructure to a good state, at both machine speed and at scale.

It’s easy to overlook printers when mapping out cyber defenses. Unless there is a jam, or the ink or paper are running low, most sit unattended and often without monitoring.

“Printers have not received the attention that other cybersecurity threat vectors received,” says technology market research firm IDC. “The vulnerability and the corresponding threat is real, very real. Organizations of all sizes must take steps to address the concern and address it quickly.”

Now with HP’s advanced printer security technologies, printers can actually become part of an active defense. For more insights, go to HP Print Security.


Copyright © 2017 IDG Communications, Inc.