"The most important IT based security standard in the world is ISO 15408, also known as Common Criteria certification. Konica Minolta has newly introduced multifunctional bizhub products validated to Common Criteria EAL3 security standards. Common Criteria (CC) is the only internationally recognized standard for IT security testing.

Printers, copiers and software with the ISO 15408 certification are security evaluated, and guarantee the security levels that companies look for today. With the CC certification users can rest assured that on Konica Minolta’s multifunctional devices their confidential data remain confidential."2

Konica security claims In addition to the Common Criteria certification (CCC) EAL3 standards, Konica focuses on the following basic security features provided by each series of Konica Minolta. This is not a differentiator for Konica, every printer/copier vendor has devices certified under CCC.

"Konica Minolta develops and provides the newest security features in order to protect customer information assets from the various threats classified in the following section.

1. Unauthorized access and information leaks via networks

2. Unauthorized use and information leaks from the direct operaion of devices

3. Tampering, copying, and deleting electronic information and analog information

Securing your printer. Protecting your business.Comparing Konica and HPIn review of Konica Minolta’s website1 (https://kmbs.konicaminolta.us/kmbs/information-management/security-services/document-data-security-solutions), one can summize that their security focus addresses the state of the data interacting with their MFP's and the related system environment. Additionally, Konica focuses on the secure management of copies with embedded MFP functions. When contrasting Konica Minolta to HP's Print Security, it is important to understand the scope of the HP embedded security features and also the uniqueness of devices featuring “self-healing” and “real-time memory scanning and outbound network inspection.”

HP security:Although many IT departments rigorously apply security measures to individual computers and the business network, printing, and imaging devices are often overlooked and left exposed. HP has taken the lead in print security by being the first and only company to deliver devices featuring “self-healing” and “real-time memory scanning and outbound network inspection.”

Device security is the true differentiator when contrasting HP and Konica MFPs and printers. HP devices are able to protect all the way down to the BIOS and firmware from attack and malware while keeping the device operational through self-healing. Konica drops off at run-time due to their lack of memory scanning and outbound network inspection.

HP Security Ecosystem

NetworkJobs can be intercepted as they travel to/from a device

ManagementUndetected security gaps put data at risk

Ports and protocolsUnsecured ports (USB or network) or protocols (FTP or Telnet) put device at risk

Control panelUsers can exploit device settingsand functions

Bios and firmwareCompromised firmware canopen a device and network attack

Input traySpecial media can be tampered withor stolen

CaptureUnsecured MFPs can be used to send scans anywhere

Mobile printingOn-the-go employees may expose data

Output trayAbandoned documents can fall into the wrong hands

Storage mediaPrinters store sensitive information that can be at risk

4. Information loss from man-made accidents and equipment failure

5. Trace feature through logs"2

Finding the HP advantages when comparing Konica against the four primary steps embedded in the HP MFP operating cycle.

How does it work?The embedded security features address four primary steps in the cycle of an HP device.

If attacked, only HP Enterprise devices can reboot and self-heal.

HP JetAdvantage Security Manager completes the check cycle.

Self-healing HP Print Security—HP vs. Konica

One. Check operating codeFour. Continuous monitoring with self-healing

Two. Check firmware

Three. Insure Security Policy Compliance

Automatic reboot

HP Sure StartChecks BIOS code and, if compromised, restarts with a safe “golden copy.”

Run-time intrusion detectionMonitors memory activity to continually detect and stop attacks.

HP Connection InspectorInspects outgoing network connections to stop suspicious requests and thwart malware.

WhitelistingChecks firmware during startup to determine if it’s authentic code—digitally signed by HP.HP JetAdvantage Security Manager

After a reboot, checks and fixes any affected device security settings.

Konica at the deviceAccording to Konica’s documentation, Konica relies purely on industry standards like code signing, hard drive encryption, closing of ports, and authentication for its security and device protection.

HP analysisKonica's focus is around industry's standard security features. Although Konica provides decent protection at bootup, they lack resiliency due to not providing self-healing. Furthermore, Konica does not provide advanced features at run-time like memory inspection and outbound network monitoring.

HP Secure Boot ProcessThe following items are aspects of a Secure Boot Process that should be included in leading security capabilities:

• At startup, the device must validate the integrity of the BIOS.

• The HP device will “self-heal” an infected BIOS by replacing it with a hardware protected “golden copy” of the BIOS.

• The HP device notifies the administrator via standard event mechanisms, including SIEMsystems, of any issues.

• The HP device recovers to a known good state after detecting an infected BIOS and replacing it with the “golden copy”.

HP response and benefitsBeing able to detect and stop threats is key in printer security—and so is the ability for printers to automatically repair themselves from attack—in order to help increase uptime while minimizing IT interventions. Again, the true differentiator with HP.

With HP’s SureStart, the BIOS code integrity is validated. If the BIOS is compromised, the HP MFP reboots the device and loads a safe “golden copy” that is digitally signed by HP.

HP supports on-device Intrusion Detection which continuously monitors memory for malicious malware. Konica makes no claim to possess memory scanning for injection attacks during runtime. Konica currently detects the load of malicious firmware (aka whitelisting).

In addition, HP Connection Inspector works to stop malware from “calling home” to malicious servers, stealing data, and compromising your network. HP Connection Inspector evaluates outgoing network connections to determine what’s normal, stop suspicious requests, and automatically trigger a self-healing reboot.

Document protectionKonica relies primarily on a Copy Protect print feature. A pattern can be embedded to the copy or original print document. Also, the serial number or output time of the MFP used for document output can be set as the pattern.

Konica also provides a Copy Guard feature that uses a special security pattern added during copying or printing that doesn't allow for additional copying,

Konica device detection features and claims vs. HP

Konica document and data

In 2017, HP added Data Loss Prevention capabilities to HPAC and HPCR to extend security to the physical document.

HP analysisHP provides a much more robust solutions offering with HP Access Control (HPAC), HP Capture and Route (HPCR) along with cloud based offerings like HP JetAdvantage Secure Print and HP JetAdvantage Private Print.

HP also partners with 3rd-party providers like SafeCom and PaperCut to broaden our Print Management offering.

HP response

Document protection:• HP Access Control Secure Pull Printing• HP JetAdvantage Secure Print• HP JetAdvantage Private Print• Locking input trays• Counterfeit deterrent solutions• Anti-fraud features

Data protection:• Utilize 802.1x or IPsec• HP AES256 encryption• FIPS 140• Protocol over TLS (IPPS)• HP Trusted Platform Module (TPM)• Certificates• HP JetAdvantage Security Manager• Native authentication (PIN, LDAP,

or Kerberos)• Active Directory• Proximity cards• HP Access Control Secure Authentication• HP Access Control Rights Management• HP Access Control Job Accounting

HP pull printing solutions help organizations meet confidential printing needs and help reduce print costs. Each business is unique—and some are subject to regulatory or privacy requirements that mandate where a print job is held. That’s why HP offers several pull printing solutions: cloud-based, on premise, and hybrid.

Protect sensitive documents from packetsniffing, with end-to-end encryption thatsafeguards your company’s most valuableinformation—in transit and at rest.Notable to the industry is that HP providesadditional protection with comprehensivesecurity on the device from startup to

Konica explains their security approach

HP analysis takeaway

After analyzing the Konica security documentation, it is clear to see that there are differentiators in HP’s embedded security offering. HP's outstanding approach is seen when contrasting their complete, end-to-end HP security umbrella giving the additional protections. Furthermore, Konica has pointed out that their Common Criteria certification is a leading security feature, which is actually a standard for the industry.

Newest embedded security: HP Connection InspectorThe latest HP security differentiator stops malware from calling home.

• Monitors outbound networkconnections (packets)

• Learns what’s normal, then inspects and stops suspiciouspackets

• Triggers a reboot to initiate self-healing procedures without IT intervention

• Creates security events that can be integrated with a SIEM tool like Splunk

• No competitor offers these features

Data protection:

Hard disk password protection Data encryption (hard disk) Hard disk data overwriteTemporary data deletion.Data auto deletion IP filteringPort and protocol access control SSL/TLS encryption (https)IPsec support

Document protection:

•••••••••

Copy/print accounting.User authentication (ID and password) Finger vein scannerIC card readerAuto logoffFunction restrictionsSecure print (lock job)Touch & print / ID & print User box password protection Event/Audit log Driver user data encryptionPassword for non-business hoursPOP before SMTPSMTP authentication (SASL) S/MIMEEncrypted PDFPDF encryption via digital ID PDF digital signature Manual destination blocking Address book access control

••••••••••••••••••••

As referenced in KM Security Policy - Technical Support PDF 3

shutdown with self-healing to minimizebusiness disruption backed by solidenterprise solutions.

Taking this closer look, Konica does not say they are leading in the market with their overall security set. But they do their best to meet industry standards.

3..

© Copyright 2019 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

4AA7-4447ENA , Rev. 2, January 2019

Assessment tools How secure are your printers? Assess the security of your print environment with these helpful HP online tools:

• HP Secure Print Analysis survey—onlineself-assessment to determine if you are following best practices in print security: hp.com/go/SPA

• HP Quick Assess—free technicalevaluation of top 13 settings on up to 20 HP printers (phone consultation available in U.S.): hp.com/go/quickassess

• Learn more about HP’s embeddedsecurity features by watching the Printer Security Features video.

Noted Konica January 10, 2019, https://www.biz.konicaminolta.com/product_security_policy/pdf/security_technical_support_paper_ver9_0_0_e-2nc_20161124.pdf As

Noted Konica January 10, 2019: https://www.konicaminolta.pl/fileadmin/content/pl/Download_box-_miniatury/Broszury/SECURITY_WHITEPAPER.pdf

Noted by Konica January 10, 2019, https://www.biz.konicaminolta.com/product_security_policy/pdf/security_technical_support_paper_ver9_0_ 0_e-2nc_20161124.pdf

1.

2.