20
PRINT.IT
01732 759725
PRINTERS
HP has turned
the spotlight on printer security
with the announcement that it
will be incorporating self-healing
security features into all new HP
LaserJet Enterprise and OfficeJet
Enterprise X printers.
HP said it was building additional
security into its devices because
printers are often overlooked as a
network security risk even though
changes in working practices,
notably increased mobility, and
the interconnectedness of modern
devices make breaches more likely.
Research by the Ponemon
Institute (see box) shows that 64% of
IT managers think it likely that their
printers are already infected with
malware, with a majority expecting
the number of breaches to increase
over the next 12 months.
This is due to greater use of
mobile technologies (65%); higher
rates of malware infection (61%);
growing numbers of remote workers
(60%); more network-connected
devices (53%); and increased user
access (20%).
HP’s new security features
protect printers by detecting and
automatically recovering from
attacks. They include:
n
HP Sure Start.
Already used to
protect HP Elite PCs, HP Sure Start
automatically validates the BIOS
code used to configure and load
essential hardware modules when
the printer turns on. If it detects
that this has been compromised,
it restarts using a safe, hardware-
protected version of the BIOS;
n
Whitelisting.
This protects the
printer’s FutureSmart firmware,
which includes network security as
one of its functions. Whitelisting
ensures only known HP code that
has not been tampered with can be
loaded and executed on a printer. If
an anomaly is detected, it reboots to
a secure, offline state and alerts IT to
reload the firmware; and
n
Run-time Intrusion Detection.
Developed in partnership with Red
Balloon Security, this monitors device
memory for malicious attacks while
the printer is running. If it detects
a problem, it stops the printer and,
in conjunction with HP Sure Start,
automatically reboots the device
back to a safe state.
In the event of a re-boot, HP
JetAdvantage Security Manager
automatically checks and fixes the
affected printer’s security settings to
make sure they comply with company
policy – without having to involve IT.
500 series
The first printers to include the new
security features are the HP LaserJet
Enterprise M506 series, the HP
LaserJet Enterprise MFP M527 series
and the HP Color LaserJet Enterprise
MFP M577 series for workgroups of
5-15 users.*
In addition to its security features,
the 500 series uses low-melt
HP Colorsphere 3 and Precision
Black toner, which lowers energy
consumption by up to 53%, increases
print speeds and the first page to
print by up to 48%, boosts page yield
by 33% and has enabled HP to shrink
printer size by up to 40%.
Throw in auto duplex at the
rated speed, a larger paper supply,
an attractive all-white design and
ergonomic features like a slow-close
lid, easy slide-off glass platen and
adjustable touch-screen and it is
easy to see why HP has won red dot
design awards for the MFP M277
and the M553.
hp.com/go/PrintersThatProtect
World’s most secure printers’
launched by HP
Protect, detect, recover
The Insecurity of Network-
Connected Printers
To mark the launch of its secure
printers, HP commissioned Ponemon
Institute to conduct research into the
security risks posed by printers and
other peripheral devices. Its survey of
2,000 IT security practitioners in North
and South America, EMEA and Asia-
Pacific highlights a patchy approach to
printer security.
Printers are potentially as big a security
risk as computers
n
60% consider it likely that their
organisation has suffered a data breach
involving a network-connected printer; 67%
say the same about a PC or laptop.
n
Only 10% can say for certain that a
printer-related breach has taken place,
compared to 35% for computer-related
breaches, suggesting that security
professionals have less visibility and control
over office printers.
n
60% say printers are as likely (50%)
or more likely (10%) to be infected with
malware than desktop or laptop computers
n
57% predict that a data breach resulting
from insecure network-connected printers
will occur in the next 12 months, compared
to 51% who expect one involving an
insecure desktop or laptop computer.
Yet, printers are still overlooked as a
security risk
n
56% say their employees do not regard
printers as an area of high security risk.
n
Only 44% of organisations have security
policies that cover network-connected
printers.
n
70% do not have a process for identifying
high risk printers.
n
64% assign a higher data risk to desktop
or laptop computers than printers.
And enforcement of security policies
remains patchy
n
66% say that printer security policies are
rarely applied and enforced consistently
across the enterprise.
n
Only 34% of organisations have a
process for restricting access to high risk
printers.
n
56% say that their organisation isn’t
good at assigning access rights to printers
based on the sensitivity of the documents
printed.
* All security features can be activated on HP LaserJet Enterprise printers launched since April 2015 via a
firmware upgrade. Whitelisting and Run-time Intrusion Detection can also be added to many HP LaserJet
and OfficeJet Enterprise X printers launched since 2011 through an HP FutureSmart service pack.
