Leading the way

HP’s approach to industry-leading security1

Visit the HP Security Center for the definitive source of cyber-security news, updates, and information.
Visit the HP Security Center for the definitive source of cyber-security news, updates, and information.

Learn

The threat landscape is growing increasingly hostile and will only get worse. Today we see a rise in all forms of attacks, from firmware attacks that take control of an entire system, to destructive attacks designed purely to wreak havoc. In this environment of ever-growing threats, endpoint devices are the first line of defense for the data and resources we care about most. In addition, we are witnessing a proliferation of user-targeted attacks, where users are asked to make decisions affecting security, such as opening a document or clicking on a web link.

 

For more than two decades, HP has led the industry forward by investing in research and innovation to raise the bar in endpoint security. This includes studying the evolution of the cyber-threat landscape to anticipate trends, pushing the boundaries in system security and driving new standards.

In the early 1990s, HP Labs and the HP PC and Print businesses began to research the rise in cyber-attacks, and the challenges that historical computers had faced. That early work led to a rich history of HP research and innovation in device security, including the development of hardware roots of trust for cryptography, firmware updates, firmware intrusion detection, firmware self-healing, and resilience of the entire OS and software stack. Further, it was designed for secure manageability at scale.

 

Beyond our own security innovations, HP believes in working with partners across industry and academia to raise the bar for the entire ecosystem. Over the years we have continued to invest in driving security standards that protect not only our customers, but the entire industry. We are proud to be a founding member and a lead contributor to the Trusted Computing Group, helping standardize hardware roots of trust for the future of computing.

Today at HP Labs, our Security Lab2 continues to drive research for the future. From traditional IT systems, like PCs and printers, to emerging compute architectures at the edge, or digital manufacturing systems and 3D printers, we pursue cybersecurity research that aims to ensure peace of mind in the face of cyber-threats. We aim to increase assurances out of the box, with solutions anchored in hardware enforced mechanisms and, critically, to improve security management techniques that allow our customers to maintain control over their increasingly large and complex fleets and valuable data.

 

HP invests in a broad range of programs and activities to ensure that we continually strengthen the quality of our security: implementing best-in-class processes for secure lifecycle development, developing security expertise across our teams, and an industry first Printer Bug Bounty Program. We also have been driving certification requirements for key security elements of our portfolio: from helping establish the TCG certification programs over the last decade, to introducing industry leading third-party certification for HP’s Sure Start embedded controller in PCs,3 or pursuing a range of certifications for the many security capabilities in our printers.4 More recently, we took the extra step of establishing our own Security Advisory Board,5 bringing in a trio of outside security experts, all with first-hand experience in the world of hacking, to help us be the sharpest we can be about what the future holds.

This is only the beginning. Moving forward, we will continue to strive to deliver the world’s most secure and resilient devices,1 along with the solutions and services to help our customers use them securely, and to lead the entire industry forward to collectively raise the bar in endpoint security.

Disclaimers

 

  1. Most secure printers: HP’s most advanced embedded security features are available on HP Enterprise and HP Managed devices with HP FutureSmart firmware 4.5 or above. Claim based on HP review of 2019 published features of competitive in-class printers. Only HP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. For a list of compatible products, visit: hp.com/go/PrintersThatProtect. For more information, visit: hp.com/go/PrinterSecurityClaims. Most secure PCs claim based on HP’s unique and comprehensive security capabilities at no additional cost among vendors on HP Elite PCs with Windows 10 Pro or Enterprise and 8th Gen and higher Intel® or AMD Ryzen™ 4000 and higher processors; HP ProDesk 600 G6 with Intel® 10th Gen and higher processors.
  2. https://www8.hp.com/us/en/hp-labs/research/overview.html#!security
  3. https://www.ssi.gouv.fr/entreprise/certification_cspn/hp-sure-start-hardware-root-of-trust-version-a2-embarque-sur-les-puces-npce586ha2mx-npce586ha2bx-npce576ha2yx/
  4. https://www8.hp.com/us/en/services/managed-print-services/analyst-reports.html
  5. https://press.ext.hp.com/us/en/press-releases/2017/reinventing-cybersecurity-with-the-help-of-hackers.html