October 13, 2017
HP Labs have unveiled the new HP Connection Inspector, an intelligent embedded security feature for enterprise printers which will aid HP-networked printers in facing the challenges of malware, through advanced ‘self-healing’ capabilities.
Cyber-attackers are continually seeking new, vulnerable points to enter an enterprise’s IT network. The HP Security Lab, keen to ensure that networked printers did not become that entry point, have developed a new approach to network traffic monitoring, specifically designed to detect threats and respond to them immediately.
Where many previous examples of malware detection rely on libraries of known hostile programmes, or network addresses known to be associated with an attack, the HP Connection Inspector instead focuses on detecting anomalous behaviours, before acting to secure the printer before the malware is even confirmed as present.
Connection Inspector, which was unveiled at the HP World Partner Forum in Chicago earlier this month, maintains a continuous look-out for occasions when malware is attempting to make contact with the printer’s command and control server. As it does this, it learns what regular network traffic looks like; resultantly, it can recognise suspicious outbound requests, even when those requests aren’t sent to previously flagged-up ‘bad’ web addresses. Upon detecting suspicious activity, the software will enter a protected mode, which halts any further unfamiliar requests and sends an alert to the IT administrators.
Adrian Baldwin, one of HP’s Bristol, UK-based researchers behind the innovation, outlined the thinking that drove the development: “A lot of security technology that gets put into printers simply copies what is put into PCs. HP Connection Inspector has been developed from the outset with the mechanics of how printers work – and the needs of printer users – in mind.”
Furthermore, the software is designed to trigger a printer reboot when it detects specific, customer-determined levels of malware-like behaviour. This reboot will then initiate a ‘self-healing’ procedure without requiring IT involvement.
“Printers need to be on all the time,” explained project manager Jonathan Griffin. “By automatically rebooting the computer, printers aren’t idled while waiting for IT support; that also helps reduce downtime, which is a high priority for all enterprise print users.”
Baldwin continues: “One thing that’s hard about doing this is avoiding false alarms. We do that by restricting what the printer is allowed to do if we get suspicious, but not stopping it completely until we know that we need to. That makes the solution much more reliable than usual.”
Additionally, and crucially, Connection Inspector had to be developed to ensure that the new security capabilities would not negatively impact overall printing or networking performance. “A lot of research went into creating this, but we’re quite pleased with how little space the final code actually takes up,” said Baldwin.
Having developed the technology, the HP Labs team worked with colleagues from HP’s Office Printing Solutions groups in Bangalore, India, and Boise, Idaho, to prepare the solution for commercial use. It is set to be included in all HP Enterprise LaserJet printers by the end of this year.
Categories : Products and Technology