HP Targets Security Breaches With Latest Enterprise-Class Machines

by Robert Palmer | 10/1/15

On September 22, HP introduced three new LaserJet machines aimed at the enterprise sector. The new models deliver a host of capabilities that help set them apart from previous HP products. To begin with, HP’s latest printers and MFPs are all based on the firm’s JetIntelligence cartridge technology, which was introduced earlier this year. As a result, each of the new machines has a smaller overall footprint and offers faster print speeds compared with its predecessor.

Despite significant advancements in hardware and functionality, it is the advanced built-in security features that really define HP’s latest products. “Protecting against security breaches is one of the biggest challenges our customers face,” said Tuan Tran, vice president and general manager of HP’s LaserJet and Enterprise Solutions business, in a prepared statement. “HP is helping customers secure their devices, documents, and data by defending our enterprise printers with the strongest protection in the industry.”

That is a fairly bold statement, but when you consider the depth and breadth of security technology built-in to the new devices, it is one that is hard to argue. HP says that printer security issues are rising to a level of greater importance among customers in the enterprise space. Citing a study from Ponemon Institute, HP claims that 64 percent of IT managers believe that their printers are likely infected with malware. At the same time, however, 56 percent of enterprise companies ignore printers in their endpoint security strategy.

According to vice president and general manager Jim Nottingham, HP is addressing three strategic initiatives with the launch of its latest products: establish HP as the leader in secure printing, extend its JetIntelligence technology further into the HP lineup, and reinforce a leadership position across both PCs and printing. It is the tightly integrated relationship between HP’s printer and PC businesses that helped foster some of the technological advancements achieved in the firm’s latest products.

There are three different built-in security features that have been added to HP’s latest enterprise machines. First is Sure Start, which enables detection of and self-healing recovery from malicious BIOS attacks. HP says that it is extending the same BIOS security that is used to protect its Elite line of PCs to its LaserJet enterprise printers and MFPs.  With its Sure Start technology, HP electronically isolates a portion of flash during the boot-up process to detect malicious BIOS attacks. If an attack is detected, the technology can revert back to the original state by flushing the memory and reloading the previous BIOS.

To protect printer firmware from outside attacks, HP has embedded whitelisting security features, which ensures that only known, good firmware can be loaded and executed on the device. Whitelisting is different from blacklisting, which is typically deployed for PCs and servers. Blacklisting essentially monitors the device to detect known viruses and prevent them from executing. With whitelisting technology, only approved, uninfected firmware code is allowed to execute.

Lastly, Run-Time Intrusion Detection is a new feature that provides for in-device memory monitoring for malicious attacks. Essentially, this feature performs continuous in-memory scanning to search for anomalies and ongoing malicious attacks. Once an attack is detected, the technology will reboot to put the system back in a known good state.

While these new security features will be standard on all new HP LaserJet Enterprise printers and OfficeJet Enterprise X machines, the firm says that it will also be enabled on several previous LaserJet printers with a firmware update. In addition, Whitelisting and Run-Time Intrusion Detection can be added to many existing HP LaserJet Enterprise printers and OfficeJet Enterprise X printers launched since 2011 through an HP FutureSmart service pack update.

Along with the advanced embedded security features, HP’s new devices offer support for the firm’s JetAdvantage Security Manager, which offers policy-based printer compliance and allows IT departments to establish and maintain various security settings. When a reboot occurs, the HP Instant-On Security feature checks and resets any impacted settings automatically to bring devices into compliance with the organization’s policy.

There are three different models included in HP’s latest product introduction:

·         The HP LaserJet Enterprise M506 series monochrome printer offers a 25 percent smaller footprint compared to the model it replaces, and features duplex print speeds up to 71 percent faster than its predecessor.

·         The HP LaserJet Enterprise MFP M527 series is a monochrome machine that includes single pass, two-sided scanning, an eight-inch color touchscreen control panel to support advanced workflow features, and first page out speeds up to 33 percent faster than its predecessor.

·         The HP Color LaserJet Enterprise MFP M577 series includes single pass, two-sided scanning, an eight-inch color touchscreen control panel and optional keyboard to support advanced workflow, as well as dual-sided print speeds up to 43 percent faster than its predecessor.

The HP LaserJet Enterprise M506 series will be generally available on October 1, while the LaserJet Enterprise MFP M527 and HP Color LaserJet Enterprise MFP M577 series machines are expected to be generally available by November 2, 2015.

For more on HP’s latest announcement, see press release here .

Our Take

Network security has become a major concern for businesses of all sizes, but in the enterprise space it is now a top strategic priority. Today, IT security includes everything from securing computing devices to protection of data, networks, and processing power. Mobile devices and cloud-based computing have become common platforms in the enterprise, which makes securing the network and protecting access to data much more challenging.

As HP points out, however, printers and MFPs have more or less been treated as an afterthought when it comes to network security. This is somewhat surprising considering the growing number of major cyberattacks that can be traced back to network access gained through a non-traditional connected device. Today’s office-class printers are not just network peripherals — they are intelligent devices that serve as on-ramp and off-ramp to the Internet. Indeed, features such as embedded Web servers, support for cloud integration, and the ability to run downloadable apps make these devices even more vulnerable to outside attacks.

Meanwhile, the security risks posed by network printers and MFPs extends well beyond network access. For many businesses, the printer is one of the primary means for distributing sensitive corporate information. It is surprising how often this data is left exposed for the simplest of reasons, such as failure to remove material stored on internal hard drives or print jobs left unattended in the output tray.

HP has certainly improved the security features for its LaserJet products, especially by embedding device-level protection into the device itself. Other vendors have taken similar action. Xerox, for example, embedded whitelisting technology and partnered with McAfee to include advanced malware detection for many of its products when it unveiled its ConnectKey platform.

Today’s office-class printers and MFPs present an interesting dichotomy. On the one hand, the connected MFP is a definite security risk, particularly if it is left unmanaged and unprotected. On the other, these machines could be utilized as a front-line asset for managing content security and protecting access to information. For these reasons, we expect OEMs and software vendors to continue to promote security solutions much more aggressively.

Robert Palmer is chief analyst and a managing partner for BPO Media, which publishes The Imaging Channel and Workflow magazines. As a market analyst and industry consultant, Palmer has more than 25 years experience in the imaging industry covering technology and business sectors for prominent market research firms such as Lyra Research and InfoTrends. Palmer is a popular speaker and he presents regularly at industry conferences and trade events in the U.S., Europe, and Japan. He is also active in a variety of imaging industry forums and currently serves on the board of directors for the Managed Print Services Association (MPSA). Contact him at robert@bpomedia.com.