Analysis

The importance of endpoint security

Enterprise grade firewalls and rock solid server security is all well and good, but what about your printers?

Network security is a huge issue, one which has gained significant public awareness after the WannaCry ransomware attack of May 2017 so badly affected the UK's National Health Service. But this was just the highest-profile incursion of the last few years. The potential dangers are there every day, for every company. Research by business ISP Beaming calculated that cyber security breaches cost UK businesses 30 billion in 2016.

Advertisement - Article continues below

The most common areas where hackers focus their attention when trying to gain access to a corporate network are endpoints, which often sit outside the control of the corporate network. Traditionally, endpoints would be portables like laptops, and most recently smartphones. But printers can be endpoints too, and extremely vulnerable to attack. Most companies don't even realise their printers are so exposed, nor how dangerous it can be if these devices are compromised. 

An endpoint device can in theory be any computer device with Internet connectivity hooked up to a TCP/IP network, and the range of kit fitting into this definition is growing all the time. Attention has recently been focusing on Internet of Things IoT - devices, which can have cheap mass-produced firmware that's as easy to hack into as a watermelon. Corporate network printers might not be as exposed to the outside world as a Wi-Fi-connected lightbulb from an unheard-of brand, since a printer will probably sit behind an industrial-strength firewall. But most network printers have a combination of features that make them ideal endpoints for attack.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The processing power required for handling multi-page, sometimes full colour print jobs as quickly as possible means printers have fast CPUs, plenty of memory, and sizeable local storage. Yet, whilst they may be running software that keeps print jobs private to the owner via passcode or NFC-chipped identity card, the device itself may not be so impervious, and that can lead to all manner of issues. This possibility was brought to the fore when a UK teenager recently hacked into around 150,000 Internet-connected printers and configured them to output ASCII art and other messages.

Once the printer itself is compromised, everything going through it will be too. Even if a job was sent to the printer in a secure fashion, it will be unencrypted and any password protection negated as the user logs in. Also, if a user employs the same password for their general network login as they do for accessing a printer to run jobs, copy, or scan, then that security information could be captured by the malware infection and passed outside for criminal usage elsewhere on the network. HP's The Wolf videos illustrate how endpoints, particularly printers, can be used to find a way into a network to steal valuable data.

Advertisement - Article continues below

Even a print job itself can contain the necessary malware code to compromise a printer. A seemingly innocuous attachment to an email that looks like just a printable image might have embedded within it the necessary code in the print stream to compromise the printer's firmware. This can then be used to circumvent the company's firewall by capturing data inside the protected area as it travels unencrypted across the local area network. This could include sensitive financial information, with potentially costly implications if this is stolen.

Whilst individual endpoints can be made more secure, HP provides a fully managed infrastructural approach that protects endpoints whilst also making it possible to monitor them over the network. Laptops and printers can be secured at the BIOS level. HP SureStart, for example, is available on EliteBook laptops and HP's business printers. This is a self-healing system that restores the BIOS to a safe state if BIOS integrity has been compromised.

Advertisement - Article continues below

With printers, the next stage is checking that the firmware matches a white list of FutureSmart digitally signed versions, and if not, the device will reboot. If the firmware passes, HP JetAdvantage Security Manager will then check that device security settings are correct. Finally, run-time intrusion detection looks out for anomalies in everyday firmware and memory operations that would indicate an attack, and reboots the device if this is indicated. The process then begins again with SureStart, flushing out any compromised code in the process.

This isn't just a standalone device approach, though. HP's management software will detect attacks across a fleet of devices and provide monitoring and protection, via JetAdvantage Security Manager. This lets you create a policy that is to be applied across the fleet of devices, and then apply it. HP Security Manager will ensure that this policy is applied every time a device is reset. Any non-compliance with the policy can be detected, reported, and then corrected. It's even possible to provide risk assessment reporting across the fleet, identifying less secure devices with older firmware or that lack SureStart, whitelisting or run-time intrusion detection.

Advertisement - Article continues below

The threat of printer compromise has only recently become widely recognised, and HP is at the forefront of providing solutions that prevent these attacks from occurring. But the threat landscape is constantly evolving, and new threats are appearing all the time. It's an arms race, where new endpoints become the focus of attack, and new protections must be put in place. But with the right security partner that is dedicated to researching not just current threats but those around the corner, endpoint defence can keep pace so your company remains secure.

Find out why endpoint security is so important.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/business-strategy/mergers-and-acquisitions/355117/hp-uses-cover-of-covid-19-to-shut-the-door-on
mergers and acquisitions

HP claims Xerox takeover would be "disastrous" during coronavirus crisis

26 Mar 2020
Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020