Analysis

The importance of endpoint security

Enterprise grade firewalls and rock solid server security is all well and good, but what about your printers?

Network security is a huge issue, one which has gained significant public awareness after the WannaCry ransomware attack of May 2017 so badly affected the UK's National Health Service. But this was just the highest-profile incursion of the last few years. The potential dangers are there every day, for every company. Research by business ISP Beaming calculated that cyber security breaches cost UK businesses 30 billion in 2016.

The most common areas where hackers focus their attention when trying to gain access to a corporate network are endpoints, which often sit outside the control of the corporate network. Traditionally, endpoints would be portables like laptops, and most recently smartphones. But printers can be endpoints too, and extremely vulnerable to attack. Most companies don't even realise their printers are so exposed, nor how dangerous it can be if these devices are compromised. 

An endpoint device can in theory be any computer device with Internet connectivity hooked up to a TCP/IP network, and the range of kit fitting into this definition is growing all the time. Attention has recently been focusing on Internet of Things IoT - devices, which can have cheap mass-produced firmware that's as easy to hack into as a watermelon. Corporate network printers might not be as exposed to the outside world as a Wi-Fi-connected lightbulb from an unheard-of brand, since a printer will probably sit behind an industrial-strength firewall. But most network printers have a combination of features that make them ideal endpoints for attack.

The processing power required for handling multi-page, sometimes full colour print jobs as quickly as possible means printers have fast CPUs, plenty of memory, and sizeable local storage. Yet, whilst they may be running software that keeps print jobs private to the owner via passcode or NFC-chipped identity card, the device itself may not be so impervious, and that can lead to all manner of issues. This possibility was brought to the fore when a UK teenager recently hacked into around 150,000 Internet-connected printers and configured them to output ASCII art and other messages.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Once the printer itself is compromised, everything going through it will be too. Even if a job was sent to the printer in a secure fashion, it will be unencrypted and any password protection negated as the user logs in. Also, if a user employs the same password for their general network login as they do for accessing a printer to run jobs, copy, or scan, then that security information could be captured by the malware infection and passed outside for criminal usage elsewhere on the network. HP's The Wolf videos illustrate how endpoints, particularly printers, can be used to find a way into a network to steal valuable data.

Even a print job itself can contain the necessary malware code to compromise a printer. A seemingly innocuous attachment to an email that looks like just a printable image might have embedded within it the necessary code in the print stream to compromise the printer's firmware. This can then be used to circumvent the company's firewall by capturing data inside the protected area as it travels unencrypted across the local area network. This could include sensitive financial information, with potentially costly implications if this is stolen.

Whilst individual endpoints can be made more secure, HP provides a fully managed infrastructural approach that protects endpoints whilst also making it possible to monitor them over the network. Laptops and printers can be secured at the BIOS level. HP SureStart, for example, is available on EliteBook laptops and HP's business printers. This is a self-healing system that restores the BIOS to a safe state if BIOS integrity has been compromised.

With printers, the next stage is checking that the firmware matches a white list of FutureSmart digitally signed versions, and if not, the device will reboot. If the firmware passes, HP JetAdvantage Security Manager will then check that device security settings are correct. Finally, run-time intrusion detection looks out for anomalies in everyday firmware and memory operations that would indicate an attack, and reboots the device if this is indicated. The process then begins again with SureStart, flushing out any compromised code in the process.

This isn't just a standalone device approach, though. HP's management software will detect attacks across a fleet of devices and provide monitoring and protection, via JetAdvantage Security Manager. This lets you create a policy that is to be applied across the fleet of devices, and then apply it. HP Security Manager will ensure that this policy is applied every time a device is reset. Any non-compliance with the policy can be detected, reported, and then corrected. It's even possible to provide risk assessment reporting across the fleet, identifying less secure devices with older firmware or that lack SureStart, whitelisting or run-time intrusion detection.

The threat of printer compromise has only recently become widely recognised, and HP is at the forefront of providing solutions that prevent these attacks from occurring. But the threat landscape is constantly evolving, and new threats are appearing all the time. It's an arms race, where new endpoints become the focus of attack, and new protections must be put in place. But with the right security partner that is dedicated to researching not just current threats but those around the corner, endpoint defence can keep pace so your company remains secure.

Advertisement - Article continues below

Find out why endpoint security is so important.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/business-strategy/mergers-and-acquisitions/354762/xerox-turns-to-public-stocks-in-merger-war-with
mergers and acquisitions

Xerox turns to public stocks in merger war with HP

12 Feb 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/hardware/354336/the-it-pro-products-of-the-year-2019-all-the-years-best-hardware
Hardware

The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/cloud/microsoft-azure/354771/microsoft-azure-is-a-testament-to-satya-nadellas-strategic-nouse
Microsoft Azure

Microsoft Azure is a testament to Satya Nadella’s strategic nouse

14 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020