The importance of endpoint security

Network security is a huge issue, one which has gained significant public awareness after the WannaCry ransomware attack of May 2017 so badly affected the UK's National Health Service. But this was just the highest-profile incursion of the last few years. The potential dangers are there every day, for every company. Research by business ISP Beaming calculated that cyber security breaches cost UK businesses 30 billion in 2016.

The most common areas where hackers focus their attention when trying to gain access to a corporate network are endpoints, which often sit outside the control of the corporate network. Traditionally, endpoints would be portables like laptops, and most recently smartphones. But printers can be endpoints too, and extremely vulnerable to attack. Most companies don't even realise their printers are so exposed, nor how dangerous it can be if these devices are compromised.

An endpoint device can in theory be any computer device with Internet connectivity hooked up to a TCP/IP network, and the range of kit fitting into this definition is growing all the time. Attention has recently been focusing on Internet of Things IoT - devices, which can have cheap mass-produced firmware that's as easy to hack into as a watermelon. Corporate network printers might not be as exposed to the outside world as a Wi-Fi-connected lightbulb from an unheard-of brand, since a printer will probably sit behind an industrial-strength firewall. But most network printers have a combination of features that make them ideal endpoints for attack.

The processing power required for handling multi-page, sometimes full colour print jobs as quickly as possible means printers have fast CPUs, plenty of memory, and sizeable local storage. Yet, whilst they may be running software that keeps print jobs private to the owner via passcode or NFC-chipped identity card, the device itself may not be so impervious, and that can lead to all manner of issues. This possibility was brought to the fore when a UK teenager recently hacked into around 150,000 Internet-connected printers and configured them to output ASCII art and other messages.

Once the printer itself is compromised, everything going through it will be too. Even if a job was sent to the printer in a secure fashion, it will be unencrypted and any password protection negated as the user logs in. Also, if a user employs the same password for their general network login as they do for accessing a printer to run jobs, copy, or scan, then that security information could be captured by the malware infection and passed outside for criminal usage elsewhere on the network. HP's The Wolf videos illustrate how endpoints, particularly printers, can be used to find a way into a network to steal valuable data.

Even a print job itself can contain the necessary malware code to compromise a printer. A seemingly innocuous attachment to an email that looks like just a printable image might have embedded within it the necessary code in the print stream to compromise the printer's firmware. This can then be used to circumvent the company's firewall by capturing data inside the protected area as it travels unencrypted across the local area network. This could include sensitive financial information, with potentially costly implications if this is stolen.

Whilst individual endpoints can be made more secure, HP provides a fully managed infrastructural approach that protects endpoints whilst also making it possible to monitor them over the network. Laptops and printers can be secured at the BIOS level. HP SureStart, for example, is available on EliteBook laptops and HP's business printers. This is a self-healing system that restores the BIOS to a safe state if BIOS integrity has been compromised.

With printers, the next stage is checking that the firmware matches a white list of FutureSmart digitally signed versions, and if not, the device will reboot. If the firmware passes, HP JetAdvantage Security Manager will then check that device security settings are correct. Finally, run-time intrusion detection looks out for anomalies in everyday firmware and memory operations that would indicate an attack, and reboots the device if this is indicated. The process then begins again with SureStart, flushing out any compromised code in the process.

This isn't just a standalone device approach, though. HP's management software will detect attacks across a fleet of devices and provide monitoring and protection, via JetAdvantage Security Manager. This lets you create a policy that is to be applied across the fleet of devices, and then apply it. HP Security Manager will ensure that this policy is applied every time a device is reset. Any non-compliance with the policy can be detected, reported, and then corrected. It's even possible to provide risk assessment reporting across the fleet, identifying less secure devices with older firmware or that lack SureStart, whitelisting or run-time intrusion detection.

The threat of printer compromise has only recently become widely recognised, and HP is at the forefront of providing solutions that prevent these attacks from occurring. But the threat landscape is constantly evolving, and new threats are appearing all the time. It's an arms race, where new endpoints become the focus of attack, and new protections must be put in place. But with the right security partner that is dedicated to researching not just current threats but those around the corner, endpoint defence can keep pace so your company remains secure.

Find out why endpoint security is so important.

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.