Responding to an often overlooked security risk, ICSA Labs introduced a new program to help enterprises safeguard against intrusions through network-connected devices such as printers, faxes and point-of-sale systems, as well as help device manufacturers ensure that their products are secure.
The new capabilities are designed to protect these typically stand-alone, unattended devices, which connect directly to a network but are not part of the network infrastructure itself. Also included in this product class of network-attached devices are copiers, ATM machines, digital signs, proximity readers, security cameras, and facility management systems for power, lighting and HVAC systems.
ICSA Labs has found that unprotected devices such as these can allow attackers easy access to corporate networks. According to the Verizon Business 2009 Data Breach Investigations Report, many breaches occur through what is called “unknown, unknowns,” which can involve systems such as printers and faxes. The report also points out that attackers choose the path of least resistance, targeting vulnerable systems.
ICSA Labs’ first new offering, Network Attached Peripheral Security (NAPS) certification, provides manufacturers an opportunity to work with ICSA Labs to help identify and remediate existing and potential vulnerabilities in the devices the manufacturers sell. The NAPS certification program service also applies to manufacturers whose products are still under development and are seeking recommendations to make their products safer.
The NAPS certification program includes rigorous testing that examines several different aspects of a device and how each impacts its overall security, including its core functionality, administrative interface and logging capabilities. The ICSA Labs’ certification enables manufacturers to verify that their devices are secure and assures enterprises that the certified products have passed rigorous testing and validation for security protection.
Under the second new offering, NAPS assessment, the network devices are tested and evaluated to help ensure that they are installed securely and protected from exploitation. ICSA Labs can tailor the assessment to evaluate either installed devices or ones that the enterprise plans to deploy. After the devices have been thoroughly reviewed, ICSA Labs delivers a comprehensive report that details how an enterprise can safely and effectively install these products.
“Although people usually don’t think of these devices as a potential point of vulnerability, the risk is very real,” said Amy DeCarlo, principal analyst, managed IT services at Current Analysis. “This is particularly true as devices become smarter and increasingly more network-enabled. Through its new program, the ICSA Labs can help customers ensure that their network devices are protected from potential exploitation.”