HP Attacks the Printer Security Gap

Print offers a back door into the network or an easy hit and run on valuable data stored in documents sent to print.

Hewlett Packard on Oct. 17 introduced HP Secure Print Advantage, an appliance-software combination that attempts to wall off from the network an often-forgotten but growing attack vector—the printer.

An extension of its HP Secure Advantage portfolio announced the summer of 2006, HP Secure Print Advantage encrypts documents at the point of printing with a client module, inspects each sent job for malware, and then terminates the job if infected or re-encrypts it and delivers it to a secure print module if clean.

HP Secure Advantage also adds a compliance layer to protect intellectual property with an authorization required to print from the Secure Document Server, and purges the document data after printing.

The printer is becoming an increasingly tempting target for hacks and attacks both as a back door into the network and as an easy hit and run on valuable intellectual property data stored on documents sent to print, said Christian Christiansen, program vice president for security products & services at IDC. Attacks have been on the rise, he said.

"These devices have computing capabilities, are attached to a network and are only lightly protected, if at all," Christiansen said.


Click here to read more about features that are needed in enterprise printers.

"We heard from customers that printing and imaging has to be part of the security strategy…" said Gary Lefkowitz, director of marketing and operations for HP Secure Advantage, in Palo Alto, Calif. "Printers are a nesting ground for malware and viruses and have been a gaping hole … There have been lots of spectacular hacks against printers."

Because it is based on hardware that sits on the network, HPs product addresses printer security across the disparate systems, servers and clients typically found in most enterprise environments.

It combines full encryption with policy controls and audit logging designed to safeguard printed documents through the entire life cycle.

Administrators can set and enforce policies across all systems and applications, not just the print network. The solution, which acts as an overlay to HP or heterogeneous print infrastructures, integrates both FIPS (Federal Information Processing Standard) 140-2 Level 4 and Common Criteria EAL 4+ security technology.

HP Secure Advantage is based on the idea that customers dont want fragmented security and management, said Chris Whitener, chief strategist for HP Secure Advantage.


Check out eWEEK.coms for the latest printer news, reviews and analysis.