{"id":28435,"date":"2018-03-08T10:39:59","date_gmt":"2018-03-08T18:39:59","guid":{"rendered":"http:\/\/www.enxmag.com\/twii\/?p=28435"},"modified":"2018-03-08T12:12:13","modified_gmt":"2018-03-08T20:12:13","slug":"xeroxs-security-summit-takes-aim-at-customers-print-infrastructure","status":"publish","type":"post","link":"https:\/\/www.enxmag.com\/twii\/feature-articles\/2018\/03\/xeroxs-security-summit-takes-aim-at-customers-print-infrastructure\/","title":{"rendered":"Xerox\u2019s Security Summit Takes Aim at Customers\u2019 Printer Infrastructure"},"content":{"rendered":"<div id=\"attachment_28436\" style=\"width: 310px\" class=\"wp-caption alignleft\"><img aria-describedby=\"caption-attachment-28436\" loading=\"lazy\" class=\"size-medium wp-image-28436\" src=\"http:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-Opening-Bell-300x225.jpg\" alt=\"\" width=\"300\" height=\"225\" srcset=\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-Opening-Bell-300x225.jpg 300w, https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-Opening-Bell-768x576.jpg 768w, https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-Opening-Bell-1024x769.jpg 1024w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><p id=\"caption-attachment-28436\" class=\"wp-caption-text\">Xerox executives participate in the ringing of the opening bell at the New York Stock Exchange on Jan. 23.<\/p><\/div>\n<p>There\u2019s no dearth of talk surrounding the need for enhanced security for businesses when it comes to protecting the sanctity of their servers, data, storage and personal computers. But it was the desire to channel that awareness and focus it on one of the most often-overlooked elements, the printer\u2019s infrastructure, that brought more than 200 attendees to the Xerox Security Summit, held Jan. 23 at the New York Stock Exchange.<\/p>\n<p>The event featured a number of guest speakers, led by noted computer security consultant, author and hacker (!) Kevin Mitnick. From the Xerox side, presentations were given by Dr. Alissa Johnson, chief information security officer; Steve Hoover, senior vice president and chief technology officer; Ersin Uzun, vice president and director of system sciences laboratory for PARC (a Xerox Company) and Mike Feldman, executive vice president and president, North American operations.<\/p>\n<p>&nbsp;<\/p>\n<div id=\"attachment_28438\" style=\"width: 310px\" class=\"wp-caption alignright\"><img aria-describedby=\"caption-attachment-28438\" loading=\"lazy\" class=\"size-medium wp-image-28438\" src=\"http:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-NYSE-300x225.jpg\" alt=\"\" width=\"300\" height=\"225\" srcset=\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-NYSE-300x225.jpg 300w, https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-NYSE-768x576.jpg 768w, https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-NYSE-1024x768.jpg 1024w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><p id=\"caption-attachment-28438\" class=\"wp-caption-text\">Xerox executives and guests were on hand for the Jan. 23 Security Summit, which included a trip to the New York Stock Exchange.<\/p><\/div>\n<p>Feldman opened the event by delivering the keynote speech on security, then took the attendees to the floor of the NYSE, where he had the privilege of ringing the opening bell. That paved the way to a series of presentations given by a number of Xerox\u2019s key partners, including Candace Worley, chief technical strategist for McAfee; Dov Yoran, senior director of strategy and business development for Cisco; and Sergio Caltagirone, director of threat intelligence and analytics for Drago.<\/p>\n<p>\u201cOur main message was, you need to be diligent around your print infrastructure,\u201d Feldman noted. \u201cYour printers and multifunction devices are connected to your network; they are storing important information and will have access to the network, where you could have issues with malware, viruses or hacking attacks. This could create major problems if you\u2019re not thinking about things holistically.\u201d<\/p>\n<p>Feldman guided attendees through Xerox\u2019s four-pillar, multilayered approach to security, particularly in regards to printers. The points encompass:<\/p>\n<ul>\n<li>Intrusion prevention. The use of proper authentication to control access to the devices and its features enables safeguarding data and preventing malicious misuse.<\/li>\n<li>Device detection. Xerox uses verification tests to alert against harmful changes to systems firmware, employing McAfee\u2019s whitelisting technology to prevent unauthorized changes to the system firmware. Cisco\u2019s Identity Service Engine also comes into play here. Xerox has profiled more than 200 Xerox devices into the engine, which prevents non-approved printers from connecting to the network.<\/li>\n<li>Document and data protection. These capabilities include protecting printed output with a simple pin code or a card release system, such as a badge, up to the highest encryption standards to protect stored data using encrypted, password-protected styles to safeguard scans as well.<\/li>\n<li>External partnerships and certifications. Acknowledging that optimal security requires a best-in-class amalgamation of technology providers such as the aforementioned McAfee and Cisco, Xerox is using these partnerships and standards, both domestic and international (such as the NIAP common criteria certification standard), to develop an optimal security suite.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" class=\"size-medium wp-image-28441 alignleft\" src=\"http:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/exchange-floor-300x225.jpg\" alt=\"\" width=\"300\" height=\"225\" srcset=\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/exchange-floor-300x225.jpg 300w, https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/exchange-floor-768x576.jpg 768w, https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/exchange-floor-1024x768.jpg 1024w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>So why have printers and MFDs lagged behind their systems counterparts in security awareness? Feldman believes the natural tendency is for businesses to focus on their servers and data centers foremost, and rightly so. After all, for the longest time copiers were not connected to the network, and the single-function printers did not have hard drives or data. That has changed considerably in the last 5-10 years.<\/p>\n<p>\u201cThere are now multifunction devices that are connected directly to the network and connected in many cases to the cloud,\u201d Feldman said. \u201cWe\u2019re using things like the Internet of Things to monitor our devices and make sure they\u2019re functioning and have toner. Getting customers to recognize that these devices are hanging right off of their network, just like a server, and should be taken seriously has been something that we have worked hard to educate our customers on. A lot of them recognize this, but not at the same level as servers and data centers. That could be a vulnerability we need to guard against.\u201d<\/p>\n<p><img loading=\"lazy\" class=\"size-medium wp-image-28437 alignright\" src=\"http:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-Summit-300x167.jpg\" alt=\"\" width=\"300\" height=\"167\" srcset=\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-Summit-300x167.jpg 300w, https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-Summit-768x427.jpg 768w, https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2018\/03\/Xerox-Summit-1024x569.jpg 1024w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>The evolution of security standards walks hand-in-hand (or ideally, one step ahead of) the advancements and loopholes discovered and penetrated by cyberattackers. The Wannacry attack perpetrated at the onset of 2018 illustrates the ingenuity and savvy demonstrated by tech criminals and underscores the ongoing quest to lock down security vulnerabilities. That Xerox\u2019s security mechanisms have not fallen to a breach to date provides little solace, and it\u2019s what keeps the manufacturer awake at night\u2026or at least thinking about future threats.<\/p>\n<p>In the wake of the Summit, Feldman has received positive feedback from attendees who weren\u2019t conscious of the full range of security implications, and that the presentation signaled a call to action on their behalf. Even industry representatives from verticals that traffic in heightened security, such as health care and financial services, garnered takeaways they felt worthy of acting upon in the immediate future.<\/p>\n<p>\u201cYou have to have constant vigilance in this space,\u201d Feldman said. \u201cAs new technologies come out and new vulnerabilities open up, you have to be constantly evolving that capability. There are\u001b other things we\u2019re interested in doing in this space as well. Content security is another aspect that takes security to the next level, where we have intellectual rights on a document that is tied to certain users that can limit what they can do specifically with that document. That\u2019s an area of interest from users and within Xerox as well. We\u2019ve been testing and piloting this type of software solution with some of our customers. We believe that\u2019s where security solutions are heading next.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There\u2019s no dearth of talk surrounding the need for enhanced security for businesses when it comes to protecting the sanctity of their servers, data, storage and personal computers. But it was the desire to channel that awareness and focus it on one of the most often-overlooked elements, the printer\u2019s infrastructure, that brought more than 200 attendees to the Xerox Security Summit, held Jan. 23 at the New York Stock Exchange. The event featured a number of guest speakers, led by noted computer security consultant, author and hacker (!) Kevin Mitnick. From the Xerox side, presentations were given by Dr. Alissa Johnson, chief information security officer; Steve Hoover, senior vice president and chief technology officer; Ersin Uzun, vice president and director of system sciences laboratory for PARC (a Xerox Company) and Mike Feldman, executive vice president and president, North American operations. &nbsp; Feldman opened the event by delivering the keynote speech on security, then took the attendees to the floor of the NYSE, where he had the privilege of ringing the opening bell. That paved the way to a series of presentations given by a number of Xerox\u2019s key partners, including Candace Worley, chief technical strategist for McAfee; Dov Yoran, senior director of strategy and business development for Cisco; and Sergio Caltagirone, director of threat intelligence and analytics for Drago. \u201cOur main message was, you need to be diligent around your print infrastructure,\u201d Feldman noted. \u201cYour printers and multifunction devices are connected to your network; they are storing important information and will have access to the network, where you could have issues with malware, viruses or hacking attacks. This could create major problems if you\u2019re not thinking about things holistically.\u201d Feldman guided attendees through Xerox\u2019s four-pillar, multilayered approach to security, particularly in regards to printers. The points encompass: Intrusion prevention. The use of proper authentication to control access to the devices and its features enables safeguarding data and preventing malicious misuse. Device detection. Xerox uses verification tests to alert against harmful changes to systems firmware, employing McAfee\u2019s whitelisting technology to prevent unauthorized changes to the system firmware. Cisco\u2019s Identity Service Engine also comes into play here. Xerox has profiled more than 200 Xerox devices into the engine, which prevents non-approved printers from connecting to the network. Document and data protection. These capabilities include protecting printed output with a simple pin code or a card release system, such as a badge, up to the highest encryption standards to protect stored data using encrypted, password-protected styles to safeguard scans as well. External partnerships and certifications. Acknowledging that optimal security requires a best-in-class amalgamation of technology providers such as the aforementioned McAfee and Cisco, Xerox is using these partnerships and standards, both domestic and international (such as the NIAP common criteria certification standard), to develop an optimal security suite. So why have printers and MFDs lagged behind their systems counterparts in security awareness? Feldman believes the natural tendency is for businesses to focus on their servers and data centers foremost, and rightly so. After all, for the longest time copiers were not connected to the network, and the single-function printers did not have hard drives or data. That has changed considerably in the last 5-10 years. \u201cThere are now multifunction devices that are connected directly to the network and connected in many cases to the cloud,\u201d Feldman said. \u201cWe\u2019re using things like the Internet of Things to monitor our devices and make sure they\u2019re functioning and have toner. Getting customers to recognize that these devices are hanging right off of their network, just like a server, and should be taken seriously has been something that we have worked hard to educate our customers on. A lot of them recognize this, but not at the same level as servers and data centers. That could be a vulnerability we need to guard against.\u201d The evolution of security standards walks hand-in-hand (or ideally, one step ahead of) the advancements and loopholes discovered and penetrated by cyberattackers. The Wannacry attack perpetrated at the onset of 2018 illustrates the ingenuity and savvy demonstrated by tech criminals and underscores the ongoing quest to lock down security vulnerabilities. That Xerox\u2019s security mechanisms have not fallen to a breach to date provides little solace, and it\u2019s what keeps the manufacturer awake at night\u2026or at least thinking about future threats. In the wake of the Summit, Feldman has received positive feedback from attendees who weren\u2019t conscious of the full range of security implications, and that the presentation signaled a call to action on their behalf. Even industry representatives from verticals that traffic in heightened security, such as health care and financial services, garnered takeaways they felt worthy of acting upon in the immediate future. \u201cYou have to have constant vigilance in this space,\u201d Feldman said. \u201cAs new technologies come out and new vulnerabilities open up, you have to be constantly evolving that capability. There are\u001b other things we\u2019re interested in doing in this space as well. Content security is another aspect that takes security to the next level, where we have intellectual rights on a document that is tied to certain users that can limit what they can do specifically with that document. That\u2019s an area of interest from users and within Xerox as well. We\u2019ve been testing and piloting this type of software solution with some of our customers. We believe that\u2019s where security solutions are heading next.\u201d<\/p>\n","protected":false},"author":166,"featured_media":28436,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1650,82,88,3371,1638],"tags":[],"_links":{"self":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/28435"}],"collection":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/users\/166"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/comments?post=28435"}],"version-history":[{"count":4,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/28435\/revisions"}],"predecessor-version":[{"id":28452,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/28435\/revisions\/28452"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media\/28436"}],"wp:attachment":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media?parent=28435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/categories?post=28435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/tags?post=28435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}