Liste des News

New Vendor Certification, Enterprise Assessment Offerings Help Companies Protect Against Often Overlooked Risks From Network-Attached Devices

MECHANICSBURG, Pa. – Responding to an often overlooked security risk, ICSA Labs, an independent division of Verizon Business, today introduced a new program to help enterprises safeguard against intrusions through network-connected devices such as printers, faxes and point-of-sale systems, as well as help device manufacturers ensure that their products are secure.

The new capabilities offered by ICSA Labs -- a vendor certification program and a comprehensive enterprise assessment -- are designed to protect these typically stand-alone, unattended devices, which connect directly to a network but are not part of the network infrastructure itself. Also included in this product class of network-attached devices are copiers, ATM machines, digital signs, proximity readers, security cameras, and facility management systems for power, lighting and HVAC systems.

ICSA Labs has found that unprotected devices such as these can allow hackers easy access to corporate networks. According to the Verizon Business 2009 Data Breach Investigations Report, many breaches occur through what is called “unknown, unknowns,” which can involve systems such as printers and faxes. The report also points out that attackers choose the path of least resistance, targeting vulnerable systems.

ICSA Labs´ first new offering, Network Attached Peripheral Security (NAPS) certification, provides manufacturers an opportunity to work with ICSA Labs to help identify and remediate existing and potential vulnerabilities in the devices the manufacturers sell. The NAPS certification program service also applies to manufacturers whose products are still under development and are seeking recommendations to make their products safer.

The NAPS certification program includes rigorous testing that examines several different aspects of a device and how each impacts its overall security, including its core functionality, administrative interface and logging capabilities. The ICSA Labs´ certification enables manufacturers to verify that their devices are secure and assures enterprises that the certified products have passed rigorous testing and validation for security protection.

Under the second new offering, NAPS assessment, the network devices are tested and evaluated to help ensure that they are installed securely and protected from exploitation. ICSA Labs can tailor the assessment to evaluate either installed devices or ones that the enterprise plans to deploy. After the devices have been thoroughly reviewed, ICSA Labs delivers a comprehensive report that details how an enterprise can safely and effectively install these products.

“Although people usually don´t think of these devices as a potential point of vulnerability, the risk is very real,” said Amy DeCarlo, principal analyst, Managed IT Services at Current Analysis. “This is particularly true as devices become ‘smarter´ and increasingly more network-enabled. Through its new program, the ICSA Labs can help customers ensure that their network devices are protected from potential exploitation.”

Both offerings are immediately available to companies around the world.

(NOTE: A new white paper from ICSA Labs, “Living on the Edge,” which examines network-attached peripherals and the security risks they pose, is available at

“There is a large class of devices that are overlooked when it comes to security — even though these devices rely on network access to function properly,” said George Japak, managing director, ICSA Labs. “The new ICSA Labs´ certification and assessment programs address a very real area of concern for enterprises by helping protect enterprises from the security risks associated with network-attached devices at a time when enterprises are rapidly adding intelligent devices to their networks to help grow their business.”

Noter cet article (de 1 = Nul à 5 = Excellent) Valider

Bann MR



Droit d’accès et comptes à privilèges

Jacques Cheminat 0 145464
Equifax, Deloitte, Uber, les récentes violations de données ont souvent des techniques de piratages différentes, mais un élément commun, obtenir l’accès à des applications critiques comme les bases de données, les bases clients, les informations bancaires. En général ces programmes sont soumis à habilitation et rattachés à des comptes à privilèges. leur protection est donc une nécessité dans un monde de plus en plus ouvert et insécurisé. Dossier publié avec le concours de Kleverware.

Mag-Securs n°57


Opé Malwarebytes




Événements SSI