A one-of-a-kind technology called Symbiote Hewlett-Packard (HP) recently licensed from Red Balloon Security to protect its printers from cyber attacks was supported by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) when it caught the attention of a small group of university researchers working on securing embedded devices in 2011, DHS 
announced this past week.
The Symbiote technology will be integrated into HP’s LaserJet Enterprise printers and multi-function printers. This new partnership between Red Balloon Security and HP is anticipated to secure technology in the mass market and increase security for a great number of devices.
“What makes the Symbiote technology unique is the protection it offers for devices most organizations don’t think to protect, like Voice over IP (VoIP) phones and printers,” said S&T Cyber Security Division (CSD) Internet Measurement and Attack Modeling Program Manager Dr. Ann Cox.
According to DHS, “The work was initially developed by researchers at Columbia University, who subsequently formed Red Balloon Security and continued developing the Symbiote technology. CSD’s Broad Agency Announcement (BAA) 11-02 sought proposals in 14 technical topic areas aimed at improving security in both federal networks and the larger Internet, and developing new and enhanced technologies for detecting, preventing, and responding to cyber-attacks on the nation’s critical systems. S&T funded the Symbiote BAA proposal.”
Symbiote is designed to detect intentional interference on many types of embedded system devices, such as routers, VoIP phones, point-of-sale devices, and so on. Red Balloon attracted the attention of HP after it decided to use a common HP printer for its research, completed a proof of concept, and published the results academically through Columbia University. HP has incorporated the Symbiote technology into their printer product line, providing protection to devices worldwide.
“The Symbiote technology is leading cybersecurity innovation,” Cox said, adding, “This technology is still developing new features to even the playing field between the attackers and defenders, allowing the defenders to pull ahead.”
DHS said, “The technology features new capabilities that enable it to determine where the firmware has been penetrated and to lock down other devices on the same network to shield them from the attack. The technology was developed using some of the same techniques used by hackers, in effect, turning their own techniques against them. By leveraging these techniques, Symbiote is implemented with unique code every time it is placed in a new system. Each device has a different arrangement of Symbiote, making it hard for hackers to break into the device.”
“The hacker must put the same level of effort into breaking into subsequent devices as they did to hack the first device,” DHS S&T said.
The Symbiote technology is best used when incorporated into products during the manufacturing process. By design, this technology is appropriate for organizations that have a dedicated cybersecurity staff, but some sophisticated home users may be able to take advantage of the full benefit of the product.
The Symbiote technology will make a significant positive impact on the cyber landscape, said Cox.
To learn more about CSD’s research and development projects, visit www.dhs.gov/cyber-research.
Illustration: Diagram representing Symbiote Defense: SCADA/industrial controls; critical infrastructure; networking equipment; unified controls; vehicle controls; enterprise equipment.
