A Look at HP’s New Connection Inspector Security Solution with Continuous Monitoring, Printer Self Healing

HP Labs researchers recently discussed HP’s new security solution for HP enterprise printers and MFPs, HP Connection Inspector, which is designed to detect and stop security threats to HP printers and MFPs. The solution, which is embedded in the HP printer or MFP, monitors the printer or MFP’s outbound network connections, uses patterns to identify normal behavior, and then recognizes and stops suspicious outbound requests.

Announced at HP World Partner Forum held last month in Chicago, HP Connection Inspector was developed specifically for enterprise printers, notes Adrian Baldwin, one of the Bristol, UK-based researchers behind the solution.

“A lot of security technology that gets put into printers simply copies what is put into PCs,” he says. “HP Connection Inspector has been developed from the outset with the mechanics of how printers work – and the needs of printer users – in mind.”

According to HP, malicious hackers are constantly looking for less-protected gateways into an enterprise’s larger IT network. To prevent networked printers becoming that conduit, the HP Security Lab team focused on developing a new approach to network-traffic monitoring designed to detect threats and enable immediate responses.

The HP researchers say that many malware detectors need to refer to libraries of known hostile programs or network addresses known to be associated with an attack. In contrast, HP Connection Inspector focuses on detecting anomalous behaviors and then acts to secure the networked printer even before the malware is confirmed to be present.

It does this by keeping a continuous watch for moments when malware is attempting to make contact with its command and control server. In the process, HP Connection Inspector learns what “normal” network traffic looks like, meaning that it can detect suspicious outbound requests even when those requests aren’t sent to known “bad” Web addresses. When it detects suspicious activity, the software can immediately go into a protected mode, stopping any further unfamiliar requests and sending a warning to IT administrators.

“One thing that’s hard about doing this is avoiding false alarms,” says Baldwin. “We do that by restricting what the printer is allowed to do if we get suspicious, but not stopping it completely until we know that we need to – that makes the solution much more reliable than usual.”

When HP Connection Inspector detects a specific, customer-determined level of malware-like behavior, the technology can also trigger a printer reboot. This initiates a self-healing procedure without IT needing to be involved.

“Printers need to be on all the time,” says project manager Jonathan Griffin. “By automatically rebooting the computer, printers aren’t idled while waiting for IT support; that also helps reduce down time, which is a high priority for all enterprise print users.”

These capabilities also had to be developed as elegantly as possible, to ensure they would provide security without interfering with overall printing or networking performance.

“A lot of research went into creating this, but we’re quite pleased with how little space the final code actually takes up,” Baldwin notes.

After developing the technology behind HP Connection Inspector, the HP Labs team worked extensively with colleagues from HP’s Office Printing Solutions group in Bangalore, India, and Boise, Idaho, to prepare the solution for commercial use.

HP Connection Inspector will be included with all HP Enterprise LaserJet printers by the end of this year.

HP’s other security solutions for printers and MFPs include:

  • HP JetAdvantage Security Manager: A fleet-management solution that checks and fixes device security settings in a reboot.
  • HP Sure Start: In reboot, HP Sure Start detects and prevents the execution of malicious code and self-heals the BIOS.
  • Whitelisting: Helps ensure only authentic HP code is loaded into memory and will reboot and notify IT if compromised.

For more information on HP printer/MFP security solutions, visit HP here.

More Resources

%d bloggers like this: