MFP-Security_Presentation_Mike Ferris
Download
Report
Transcript MFP-Security_Presentation_Mike Ferris
Security Imperatives in a New Workplace
Partnering to Protect Digital Information in the 21st Century
Presented by Michael Ferris, Alaska Enterprise Solutions
Today’s rising security threats come in various
forms, in varying degrees of severity:
While security
othersundetected
can
be extreme…
Some
occur
breaches
but
are are
obvious
muchbut
more
relatively
severe…
harmless…
… Such as the Stuxnet virus that paralyzed Iran’s nuclear research facilities.
…Such
…
Receiving
as malicious
spam messages,
software, or
for“malware,”
example. that’s unintentionally installed by a computer
user and which causes the user’s computer to conduct illicit tasks via the network on behalf
of the malware’s owner.
2
The real costs of a security breach:
Digital information makes up 49% of
an organization’s value.*
• Average cost of each compromised
record per breach: $214**.
Security Policies
• Average organizational cost of a
data breach is $5.5 million**.
Security Breach
Costs
*2012 state of information survey.
**Source: “2010 Annual Study: US Cost of a Data Breach.” The
Ponemon Institute, LLC, March 2011.
3
By addressing security proactively,
organizations can reduce per record
cost of breaches by $80**.
End points are connected on networks with
increasing risk velocity.
Changing
Threat
Landscape
Controlled Network
Devices Go
Undetected on
the Network
4
Today’s MFPs are complex embedded network
devices with many potential security vulnerabilities:
Some MFPs have:
• An operating system with a direct
external interface
• A proprietary operating system
All MFPs have:
•
•
•
•
•
•
One or more operating systems
Network controller and firmware
One or more hard disk drives
Web server
Hardware ports
Page Description Language
interpreters (PS & PCL)
5
MFP Security cannot be an afterthought!
• In a December, 2011 lecture, “Print Me If
You Dare,” a research team from
Columbia University was able to design
malware with capabilities that include:
• Port scanning
• Network exploration
• Exfiltration data from print-jobs
• Security Levels
6
3 Levels of Security
•Perimeter
•Machine
•Documents
7
Security at the Perimeter
• McAfee Embedded Security
• Cisco TrustSec
• Service Technicians
8
What you need to protect information on the
network:
1. “Hands-off, self-protecting”
devices that are resilient to new
attacks.
2. Compliance with the most up-todate security standards and
regulations.
3. Complete visibility on the
network.
9
Hands off Protection:
McAfee Whitelisting Technology
Normal
usage
• Known users
• Approved software
Alerts
Known files
and software
• Email
• Management
Tools
• McAfee ePO
Attacks
• Unknown users
• Malicious acts
• Polymorphic
zero-day attacks
10
Unknown files
and software
Whitelisting technology allows
only approved software to run
McAfee Integrity Control
• Proactive/Always active even if
mismanaged
• Security is managed at the end point
in addition to the network
• Permits secure use of advanced MFP
features — user permissions,
scanning without fear
• Turns the unknown (bad) into known
(good)
11
Compliance: Integration with Cisco TrustSec
• Gain complete visibility on the network
• Automatically identifies printer and MFP devices
on the network
• Monitors device activity, similar to PC on the
network.
• Reports any suspicious activity and alerts IT
administrators.
• Virtually every device is TrustSec compliant –
more than any other vendor
12
Service Technicians
• Technicians
• Laptops
• Thumb Drives
• Software
13
Protecting the Perimeter: Multilayered Approach
TrustSec
Access Protection
Network
Management
Consoles
User Endpoints
MFPs
14
Security at the Machine Level
• Common Criteria Certification
– HIPAA
– Sarbanes Oxley
• Fax / Network Isolation
15
Security at the Document Level
•
Disk/Image overwrite
•
Encrypted Hard Disk
•
Audit Log
•
Secure Print
•
Standard Accounting
•
Secure Watermark
•
Password protected PDF
•
Smart Card technology
•
Secure Access
•
Follow you Print
•
Hard Disk Retention
16
The New Security Standard for a New Age
• Security cannot be an afterthought
• Information is an increasingly
valuable intellectual property
• Firewalls aren’t enough; security
policies must be holistic and
ubiquitous
• Protection for embedded devices is
now an integral part of today’s
security imperative
17