Responding to an often overlooked security risk, ICSA Labs, an independent division of Verizon Business, introduced a new program on Monday (Sept. 21) to help enterprises safeguard against intrusions through network-connected devices such as printers, faxes and point-of-sale systems, as well as help device manufacturers ensure that their products are secure.
The new capabilities offered by ICSA Labs - a vendor certification program and a comprehensive enterprise assessment - are designed to protect these typically stand-alone, unattended devices, which connect directly to a network but are not part of the network infrastructure itself. Also included in this product class of network-attached devices are copiers, ATM machines, digital signs, proximity readers, security cameras, and facility management systems for power, lighting and HVAC systems.
ICSA Labs has found that unprotected devices such as these can allow hackers easy access to corporate networks. According to the Verizon Business 2009 Data Breach Investigations Report, many breaches occur through what is called "unknown, unknowns," which can involve systems such as printers and faxes. The report also points out that attackers choose the path of least resistance, targeting vulnerable systems.
ICSA Labs' first new offering, Network Attached Peripheral Security (NAPS) certification, provides manufacturers an opportunity to work with ICSA Labs to help identify and remediate existing and potential vulnerabilities in the devices the manufacturers sell. The NAPS certification program service also applies to manufacturers whose products are still under development and are seeking recommendations to make their products safer.
The NAPS certification program includes rigorous testing that examines several different aspects of a device and how each impacts its overall security, including its core functionality, administrative interface and logging capabilities. The ICSA Labs' certification enables manufacturers to verify that their devices are secure and assures enterprises that the certified products have passed rigorous testing and validation for security protection.
Under the second new offering, NAPS assessment, the network devices are tested and evaluated to help ensure that they are installed securely and protected from exploitation. ICSA Labs can tailor the assessment to evaluate either installed devices or ones that the enterprise plans to deploy. After the devices have been thoroughly reviewed, ICSA Labs delivers a comprehensive report that details how an enterprise can safely and effectively install these products.
"Although people usually don't think of these devices as a potential point of vulnerability, the risk is very real," said Amy DeCarlo, principal analyst, managed IT services at Current Analysis. "This is particularly true as devices become smarter and increasingly more network-enabled. Through its new program, the ICSA Labs can help customers ensure that their network devices are protected from potential exploitation."
Both offerings are immediately available to companies around the world.
(NOTE: A new white paper from ICSA Labs, "Living on the Edge," which examines network-attached peripherals and the security risks they pose, is available at www.icsalabs.com/whitepaper/NAPS.)
"There is a large class of devices that are overlooked when it comes to security - even though these devices rely on network access to function properly," said George Japak, managing director, ICSA Labs. "The new ICSA Labs' certification and assessment programs address a very real area of concern for enterprises by helping protect enterprises from the security risks associated with network-attached devices at a time when enterprises are rapidly adding intelligent devices to their networks to help grow their business."
About ICSA Labs
ICSA Labs, an independent division of Verizon Business, offers vendor-neutral testing and certification of security products. Many of the world's top security vendors submit their products for testing and certification at ICSA Labs. Businesses rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. For more information about ICSA Labs, please visit: http://www.icsalabs.com.
About Verizon Business
Verizon Business, a unit of Verizon Communications (NYSE: VZ), is a global leader in communications and IT solutions. We combine professional expertise with one of the world's most connected IP networks to deliver award-winning communications, IT, information security and network solutions. We securely connect today's extended enterprises of widespread and mobile customers, partners, suppliers and employees - enabling them to increase productivity and efficiency and help preserve the environment. Many of the world's largest businesses and governments - including 96 percent of the Fortune 1000 and thousands of government agencies and educational institutions - rely on our professional and managed services and network technologies to accelerate their business. Find out more at www.verizonbusiness.com.