This is Part III in a 4-part series on print security, HP printers, and how the HP Print Security Team is trying to protect your printer from both the bad actors out there, and inadvertent ineptitude within your organization. (My choice of words, not theirs. )
In this post, I list what the HP Print Security Team is doing to identify and combat the threat posed to your infrastructure by errant printers.
In the concluding document, Part IV, I will give you my thoughts on HP’s offerings, particularly highlighting where I think HP is excelling, and where they are failing.
Printers get hacked all the time.
This isn’t new.
In fact, first known printer hack occurred in 1962 when a Xerox printer was modified with a camera to snoop on the Soviets during the Cold War.
Today, printer hacking is much more sophisticated.
And as with personal computers, the ultimate goal of break-ins now is financial. Be it for IP, or direct theft, or ransomware, or as part of a botnet, or whatever.
Yet, you have the lowly networked printer. Left alone invitingly for no-gooders to access.
Print Security Ostriches
It is quite telling that in an IDC survey of 2,000 IT security professionals, 56% of them – 56%! – did NOT see printers as a source or factor in a potential breach of their networks, or infrastructure.
62% of this group also revealed that they overlook IT governance best practices and policies, and do not ensure that hard drives or memory, is wiped, and/or destroyed.
Moreover, a depressingly mind-boggling 77% of them do not have access controls or SIEM tools activated on their printer inventory!
*SIEM: Security Information & Event Management tools.
Hopefully, we won’t descend into ‘acronymania’!
These are security professionals, mind you.
These are security professionals?
This quite lackadaisical attitude towards a very real, very visible, and rather well-documented threat is almost certainly a sort of malfeasance on the part of these security professionals. And bothering on nearly criminal, if you ask me!
Bad Printer Security is a Potential Brand Killer
Against this backdrop is HP, the global leader in printers.
HP’s dominance in the printer space is the stuff of legend, as they have innovated their way to the top here, racing past the Xeroxs, IBMs, C.Itohs, everyone! They dominate from the smallest consumer printers to mammoth devices that do everything, including producing wraps for automobiles.
Anyone who has printed a document in the past going-on-30 years, as almost always used an HP printer.
For them, print security has the potential to be a brand killer.
That realization came to them early, and for over the past decade, HP has had a print security team tasked with not only imbuing their printers with the best, most unobtrusive security they can deliver, but also with detection and interdiction of malware and malefactors who focus on printers as an attack vector.
Technically a ‘fixed-function computing device’
At the dawn of personal computing, your average printer was basically a print engine receiving data already rasterized by your PC.
Today, things are different.
HP’s print security team knows this, and treats printers just the same as they treat computers on a network.
“Why?” you ask. “That’s overkill!”, you declare.
Is it?
Look at the following image, which describes the componentry in PCs, and contrasts it with those in printers.
I dare say there is some overlap.
Printing is risky
How risky?
View the image below.
It shatters the comfort we have just thinking that print security can be only about securing the hard drive in the device. From the device BIOS to the output tray, and all stops in between, your printer has vulnerabilities that can be exploited by any bad guy. (Bad guy as used here is non-gender-specific.)
Meanwhile, the threat landscape is rapidly evolving, with participants now looking for the ‘holy grail’ be it state-sponsored actors hacking for espionage or strategic spoils, or true criminal enterprises looking to break into your infrastructure for a monetary reward.
By all indications, printers are the weakest link in most networks or computing environments. And they will sadly remain so until, and unless IT professionals realize the dangers they pose if not adequately secured, and managed.
So, what is HP doing about this?
(A) Identify The Threat
After seeing the above landscape, the HP print security team set out to identify the top printing security concerns. They narrowed it down to these seven:
(B) Develop Baseline Security Metrics for Print Infrastructure
(C) Develop an industry wide framework that encompasses the position printers occupy in an enterprise.
By looking beyond just HP products, HP can stave of stagnation and myopia, and see what others are either doing or not doing, and leverage it.
(D) Develop a detailed strategy to protect HP printers, their data, and customer networks
Cyber Resilience
HP’s security efforts around print security has coalesced around a concept they dub “Cyber Resilience.
Create the world's most secure printing system
- a) Securing the device
- b) Securing the data,
- c) Securing the document by creating a secure managed print service, and
- d) Establish a Print Security Advisory Service
Securing The Device
HP’s steps to secure HP printers involve the following.
HP Sure Start requires the BIOS to verify that it is using a signed version, using whitelisting to also ensure that firmware components are also approved.
Real-time intrusion detection schemes allow the printers to detect, and reject attacks as they occur.
The lynchpin of HP’s printer hardware device security arsenal is the HP JetAdvantage Security Manager.
HP JetAdvantage Security Manager workflow is described in the graphic below.
The capabilities built into HP JetAdvantage Security manager are numerous, and keep evolving based on the evolution of the threats HP printers face, and because of innovations coming from HP.
I hope to be able to snag a JetAdvantage PM for a briefing very soon.
Securing the data
This requires a knowledge of network security, the device(s), Microsoft Windows, and of [Microsoft] Active Directory.
To help, HP enterprise MFPs have over 250 security policy settings available which allow sysadmins and security admins to adequately lock down their printer assets to suit business needs.
Securing the document by creating the HP Secure Managed Print Service
Establish a Print Security Advisory service
This is a corps of print security consultants who will work with client on
- Education and risk assessment
- Security Policy Guidance
- Solution recommendations.
The HP Print Security Advisory Service focuses on the following:
- Access Control
- Asset Management
- Build & Release
- Business Continuity
- Data Security
- Governance
- Information Security
- Log & Security Incident Management
- Logical Access
- Network Security
- Patching and Anti-Virus
- Personal Security
- Physical Security
- Security Configuration
- System Acquisition & Development
Is this enough?
Looking at this intensive list, it is obvious that HP has given printer, and print security a lot of thought, and is deploying a largish amount of resources to protect their clients’ print infrastructure.
Is this enough?
In Part IV of this series, I will give you my thoughts on it from an MSP viewpoint.
Stay tuned.
In this series
- Off to HP Print Security Bloggers Day
- Why Should Organizations Care About Print Security?
- What HP is Doing about Print Security (this blog post)
- My final thoughts on HP Efforts on Print Security.
HP Print Sec Tech Day 2017 sponsored content
© 2002 – 2017, John Obeto for Blackground Media Unlimited
Follow @johnobeto