HP Connection Inspector, a new intelligent embedded security feature for enterprise printers developed at HP Labs, helps networked HP printers stay one step ahead of malware attacks by giving them advanced self-healing capabilities.
Announced at this month’s HP World Partner Forum in Chicago, HP Connection Inspector was developed specifically for enterprise printers, notes Adrian Baldwin, one of the Bristol, UK-based researchers behind the innovation.
“A lot of security technology that gets put into printers simply copies what is put into PCs,” he says. “HP Connection Inspector has been developed from the outset with the mechanics of how printers work – and the needs of printer users – in mind.”
Malicious actors are constantly looking for less-protected gateways into an enterprise’s larger IT network. To prevent networked printers becoming that conduit, the HP Security Lab team focused on developing a novel approach to network traffic monitoring designed to detect threats and enable immediate responses.
Where many malware detectors need to refer to libraries of known hostile programs or network addresses known to be associated with an attack, HP Connection Inspector focuses on detecting anomalous behaviors and then acts to secure the networked printer even before the malware is confirmed to be present.
It does this by keeping a continuous watch for moments when malware is attempting to make contact with its command and control server. In the process, HP Connection Inspector learns what “normal” network traffic looks like, meaning that it can detect suspicious outbound requests even when those requests aren’t sent to known “bad” web addresses. When it detects suspicious activity, the software can immediately go into a protected mode, stopping any further unfamiliar requests and sending a warning to IT administrators.
“One thing that’s hard about doing this is avoiding false alarms,” says Baldwin. “We do that by restricting what the printer is allowed to do if we get suspicious, but not stopping it completely until we know that we need to – that makes the solution much more reliable than usual.”
When HP Connection Inspector detects a specific, customer-determined level of malware-like behavior, the technology can also trigger a printer reboot. This initiates a self-healing procedure without IT needing to be involved.
“Printers need to be on all the time,” adds project manager Jonathan Griffin. “By automatically rebooting the computer, printers aren’t idled while waiting for IT support; that also helps reduce down time, which is a high priority for all enterprise print users.”
In addition, these capabilities had to be developed as elegantly as possible, to ensure they would provide security without interfering with overall printing or networking performance.
“A lot of research went into creating this, but we’re quite pleased with how little space the final code actually takes up,” Baldwin notes.
After developing the technology behind HP Connection Inspector, the HP Labs team worked extensively with colleagues from HP’s Office Printing Solutions group in Bangalore, India and Boise, Idaho to ready the solution for commercial use. It is now set to be included in all HP Enterprise LaserJet printers by the end of this year.
HP Connection Inspector is just the first of a number of printer-specific security analytics innovations the HP Labs team is developing to help detect and respond to malware attacks.