Who Thinks of HP for End Point Security?

Honestly, that was my first thought when I started looking at the marketing material HP put together for Black Hat 2018 this year. HP has been promoting its efforts to provide security to its enterprise printers for the past couple years and has done a great job at offering secure solutions; even involving the security research community by introducing a first-of-its kind enterprise printer bug bounty program.  But end point security? What was that all about? HP makes printers. What do they know about protecting end points like desktops or laptops?

Gone to Lunch

Determined to keep an open mind about this nagging thought, I joined several HP printer security advisors at a private luncheon during the BlackHat Conference. One of the HP advisors was introduced as a Senior Security Researcher at HP Labs. “HP has security researchers?” I thought, as I began to engage in some small talk with the gentleman. One of the first things I learned was that he had been working as a Security Researcher since the mid-90’s where he had focused mostly on hardware and motherboard security for HP PCs. That piqued my interest as I got involved heavily in computer and “Internet Security” ” (that’s what we called it back then) back in the 90’s myself. We talked about the early days of Internet Security and about how although much the technology has changed, how much of the same vulnerabilities and issues still persist to this day.

As the conversation progressed it occurred to me, “Oh yeah, HP used to make personal computers” (they still do, in fact). While I had been caught up in all the discussion about enterprise printer security, I had forgotten the fact that HP has a lot of experience in end points, being a long-time manufacturer of all kinds of desktops and personal computers. I learned that the Security Research Division of HP Labs has been around since 1985 conducting research on HP systems to assure they are providing secure devices. Turns out that much of the security features and capabilities that HP has developed for its enterprise printers is based on technologies that were first developed for their PCs.

What I figured out from this conversation was that while HP has only been promoting Printer Security for the past couple years, HP has been heavily engaged in providing secure systems and devices for quite a while. The efforts of the Security Research Lab (which has been operating in Bristol UK for over 30 years) have not only helped HP produce secure PCs but also has extended into its efforts to produce secure enterprise printers. The dedication and commitment of the researchers at the HP Security Lab is consistent with HPs overall commitment to preserve its legacy and reputation as pioneers in the world of technology. By the end of the conversation I determined that it made total sense that HP would discuss end point security as they’ve been involved in end point security for over four decades!

What are we talking about?

“Endpoint devices now include all printers – home, commercial, and 3D – as well as interactive displays and sensor-equipped devices that are part of the Internet of Things,” says Simon Shiu, head of HP’s Security Lab. “And more and more we’re seeing threats aimed directly at these network edge points where people are creating, consuming, and sharing information.”

HP has focused its efforts on securing these enterprise network printers on several key areas. First and foremost is the security of data that gets passed to the printer for, well, printing. The files sent are often stored in a queue in memory which much be protected not only from theft but also from being altered in any way. This is largely accomplished by the security settings for the printers being preset at the factory so the devices start out secure when added to the enterprise network. The HP JetAdvantage Security Manager provides inspection of security settings to make sure they have not been altered and will restore any setting that is found to be incorrect which keeps the printers secure.

Printers are also network endpoints and can be the targets of attackers over insecure network services, web interfaces, or through a malicious malware attacks. HP printers have a Connection Inspector that will detect and block any attempted connections from a compromised system to a command and control center. But perhaps the coolest and most significant aspect of HP Printer Security is the adaptation of a self-healing BIOS that has been adapted to protect the printers themselves. HP Sure Start will detect any changes to the printer BIOS, and repairs the printer by forcing a reboot from a trusted, centralized BIOS – all done transparently to any users.

Lesson Learned

My takeaway from the luncheon that day at BlackHat was that HP has a long and impressive history of conducting security research and developing smart and innovative tools that may have started with desktops and laptops, but also extends into the realm of enterprise printers. HP’s commitment to providing secure printers for the enterprise is impressive. To help spread the word about the threats to enterprise printers and how HP can help defend against all sorts of attacks, HP continues an extensive marketing campaign that revolves around a continuing series of dramatic short stories featuring a dubious character played by Christian Slater (Mr. Robot). The latest installment introduces a new and enigmatic character dubbed “The Fixer” played by the often-villainous character actor, Jonathan Banks (Beverly Hills Cop, Breaking Bad). To see the latest installment of the HP series and to learn more about printer security check out: “The Wolf: True Alpha”. #reinventsecurity




Jeff Man

Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.