The Recycler
  • Ambiente 2025 Masthead
  • Katun Masthead Nov 2024
  • Biuromax Masthead web banner March 2024
  • G&G Masthead August 2024

First-of-Its-kind security validation testing programme announced

February 19, 2020

Keypoint Intelligence – Buyers Lab announced first-of-its-kind security validation testing programme for MFPs and printers.

Buyers Lab, the industry’s leading authority in hardcopy device testing and research, unveiled its complete Security Validation Testing programme. Initially targeted to connected MFPs and printers and eventually expanding to include all “smart workplace” IoT devices, the programme establishes industry-standard benchmarks in the areas of Device Penetration, Policy Compliance, and Firmware Resilience.

Administered by Buyers Lab, long recognised as the independent source for test data for the office equipment industry, the cornerstone of the program is hands-on testing conducted by Buyers Lab in concert with accredited security testing firms.

“End-point security is top of mind for organisations of all sizes, and rightfully so,” said Randy Dazo, Keypoint Intelligence’s President and CEO. “If not properly designed and secured, a company’s output devices can be an unlocked ‘back door’ serving as a conduit between the Internet and the corporate network. Our programme establishes standards that all device manufacturers can strive to achieve, and cuts through the jargon and competing claims for purchasing decision-makers.”

During two years of programme development, Keypoint Intelligence solicited input from leading document imaging OEMs. The result is a three-track test suite that addresses security from various vectors to ensure devices are safeguarded against vulnerabilities—and that they remain so:

Device Penetration: A combination of automated tools and manual exploitation are used to probe for potential vulnerabilities in the device firmware/OS, ports, print protocols, embedded web page, connectivity avenues, and more.

Policy Compliance: Technicians employ the OEMs’ management tools to specify security settings and save those settings as a “policy” template, apply the policy across a fleet to ensure devices are in compliance, monitor those settings on an ongoing basis, automatically remediate devices that fall out of compliance, and more.

Firmware Resilience: Technicians use the OEMs’ tools and protocols to validate that devices are in compliance with the NIST SP 800-193 guidelines for platform resiliency of connected devices. The testing ascertains whether mechanisms are in place to protect the platform against unauthorised changes, and that the device can detect an attack and recover to a secure state automatically.

The pressing need for such a programme is not theoretical, Keypoint Intelligence said. In 2019, for example, security researchers in the Microsoft Threat Intelligence Centre discovered infrastructure of known Russian hackers communicating to several external devices and attempts by the hackers to compromise popular IoT devices—including an office printer—to breach networks. Once they established access, the hackers were able to uncover other unsecure devices and move across the network seeking higher-value data.

Notably, the Keypoint Intelligence – Buyers Lab programme differs from Common Criteria Certification for output devices in that there is not only verification that a device has the prescribed set of features and that they are correctly implemented, but also hands-on testing to determine if vulnerabilities remain. OEMs that submit products for testing and pass one, two, or all three tracks earn the right to license the Security Validation Testing seal to communicate to customers that the platform has passed the testing.

Keypoint Intelligence also announced that inaugural participants in the programme, HP, Fuji Xerox, and Ricoh, have passed the Device Penetration testing.

“We are thrilled that HP, Fuji Xerox, and Ricoh supported us in our initial round of testing, and just as thrilled to report that their platforms met the stringent criteria put forward in our Device Penetration test protocol,” said Dazo. “These actions are a testament to those companies’ commitment to product security and desire to raise the bar for the entire industry.”

For more information on the Buyers Lab Security Validation Testing programme and the details about the products that have passed, please visit https://keypointintelligence.com/security.

Categories : World Focus

Tags : Keypoint Intelligence Printers Security Testing

  • Biuromax Nov 2024 Web Ad
  • Ink Tank No Web advert
  • GM Technology Nov Web Ad
  • TN Core Nov Web advert
  • IR Italiana Web ad January 2021
  • G&G web advert October 2024
  • Static Control June 2022 Big & Bold Ad
  • Cartridge Web Nov Web Banner
  • Apex Web ad Nov 2024
  • Zhono Web ad March 2024
  • PCL Nov Web advert
  • Denner Feb 2024 Web Ad
  • CET Web ad December 2023
  • Mito Web banner June 2024
  • ITP Web ad January 2021
  • HYB Web banner Jan 2024
  • denner UK Web Banner Jul 2024
  • Denner Feb 2024 Web Ad
  • ITP Web ad January 2021
  • HYB Web banner Jan 2024
  • Mito Web banner June 2024
  • Zhono Web ad March 2024
  • PCL Nov Web advert
  • denner UK Web Banner Jul 2024
  • CET Web ad December 2023
  • Denner Feb 2024 Web Ad
  • Zhono Web ad March 2024
  • CET Web ad December 2023
  • Mito Web banner June 2024
  • denner UK Web Banner Jul 2024
  • HYB Web banner Jan 2024
  • ITP Web ad January 2021
  • PCL Nov Web advert

The Recycler, Wittas House, Two Rivers, Station Lane, Witney, OX28 4BH, United Kingdom | Tel: +44 (0) 1993 899800 | Fax : +44 (0) 1993 226899
©2006-2023 The Recycler - Terms & Conditions - Privacy Policy including cookie use

Web design Dorset | Websites by Mark