If a manufacturer plans on introducing a new connected document imaging device in 2022, it should be equipped with security features to protect against cybersecurity threats. That seems to be the mantra of most device manufacturers of late, and who can blame them? Security is an excellent talking point for dealer sales reps. Most would find it difficult to find a client or prospect unwilling to listen to a pitch focused on making their organization more secure against cyber threats. And for those who don’t care, as my daughter used to say when someone did something foolish that led to a bad outcome, “that’s what you get.”
Recently, I spoke with George Grafanakis, associate director of product management, Sharp Imaging and Information Company of America, about the latest security features on the Sharp BP Series of MFPs. The company announced 11 new Color Advanced and Essential Series with speeds from 26-65 ppm earlier this year. The monochrome counterparts to those machines are scheduled for release this fall. All are built on a common platform and include the same security features.
During our conversation, Grafanakis provided detailed descriptions of the new features. Without getting too technical, here is a summary of the security features on the latest and upcoming Sharp devices.
- BIOS integrity check at startup. This feature prevents the machine from starting when malicious or corrupt startup files are detected. The MFP verifies the integrity of the startup files by comparing known reference data. Once it passes the BIOS integrity check, it launches the operating system. The operating system then verifies the integrity of the main unit firmware using a coded version of the firmware–a hash value stored on the device when the firmware was installed. If the hash values originally installed match, the machine will start. If they do not match, the device will proceed to restore a backup version of the firmware hidden on the solid-state drive.
- Application whitelisting. This only lets in known file types for embedded applications and the main unit’s firmware. Whenever new application data or firmware tries to load, it passes through a security module, which checks the whitelist. If the source data in that file is on the whitelist, it allows the data in. If not, it rejects it and won’t execute the file.
- Real-time intrusion detection. This feature helps prevent malicious attacks through wired or wireless networks, such as a distributed denial of service (DDoS). “These attacks, typically represent themselves as a flood of incoming communication requests,” explained Grafanakis. “The attacker floods the system to overwhelm it, making it unable to respond to real requests. This is a great feature because this is a common technique used by hackers.” When this feature identifies a potential attack, it places the source IP address into a denied list, so it won’t accept connection requests from that IP address.
- Trusted platform module, TPM version 2.0. This feature was an option on the previous generation of Sharp devices. In highly security conscious environments, such as government installations, the administrator can activate an additional security layer to protect access to the solid-state drive encrypted data. “When in this mode, there is an option to back up the encryption key data to a USB drive so that if the main board ever needs to be replaced, encryption key data can be transferred to the new main PCB (Printed Circuit Board),” said Grafanakis. “In this case, only the encrypted solid-state drive with the data can be used with the backed-up encryption key data. This added protection can only be enabled when you activate the security mode.”
The above are standard security features. Sharp also offers the optional BP-VD10L Virus Detection Kit powered by Bitdefender. This provides anti-malware protection against an array of cyber threats. The Bitdefender engine uses multiple scan techniques to ensure accurate detection. It looks at data characteristics, and uses pattern matching, digital signatures, and other methods to identify existing and unknown malware threats, including viruses, trojans, worms, ransomware, and others. The cost for this is nominal, according to Grafanakis, and it provides a higher level of protection that compliments the other security features offered by Sharp for their devices.
“When you combine all these security features, and some overlap each other, such as application whitelisting and firmware attack prevention, we have very strong security offerings, certainly as standard features,” said Grafanakis. “The level of protection that we offer with these different techniques combined with the optional virus detection kit gives the customer peace of mind that their device is protected.”