PRODUCT Security

Epson Security Manifesto

With the increasing diversification of working environments and the growing complexity of network environments, printers and multifunction printers that handle important information assets require the implementation of stringent security protocols. To ensure security for all its customers, Epson uses unified security frameworks and consistent methodologies throughout the design and delivery of all its products, from office/home devices to commercial/industrial receipt printers and large format printers (LFPs).

To protect the information assets of our customers from increasingly sophisticated security threats, we do not simply install protective features on all our devices but also collect information about the latest vulnerabilities in order to address them in a timely manner.

Furthermore, to protect our customers’ information assets from any threat surrounding printers and multifunction printers, Epson ensures the safety of its products by implementing optimal security measures on both the software and hardware levels throughout the entire cycle from product design to its development, production, distribution, and maintenance.

Concept of security at
each stage of the product life cycle

To provide more security for our customers, at Epson, we closely examine different usage conditions for each product category and implement endpoint security throughout the entire cycle from product design to its development, assessment, manufacturing, distribution, and maintenance.

  • Planning
    At the product planning stage, we continuously monitor the newest security trends and potential vulnerabilities. We also listen to our customers’ requests, identifying and analyzing security-related requirements. This way, we eliminate potential problems in our products before any risks can materialize.
  • Development
    Using our original common platforms and technologies cultivated throughout the development of a wide range of products, from office/home printers to commercial/industrial small and large format printers, we strive to enhance the protection against security risks.
  • Assessment
    In addition to thorough in-house testing, we also involve third-party organizations for objective security assessment. With our strict security verification system, we conduct the assessment from different angles to ensure high security for our products.
  • Manufacturing
    To ensure the highest quality of our manufacturing operation, we have implemented a thorough information asset management system at our factories, where we install software that enables the functionality of our products.
  • Distribution
    We are committed to supporting our customers by proposing and implementing solutions to minimize security risks depending on the use environment and operational conditions. We also make sure to quickly address any vulnerabilities that may arise after the installation of our products.
    When products need to be replaced and disposed of, we make sure to reset the devices to the factory default settings to prevent confidential information leaks.
  • Maintenance
    We quickly respond to security-related issues and concerns reported by clients who purchase our products.
“Epson’s original platform technologies and security features constantly evolve to protect its products from all kinds of threats.”
Security threats and
the corresponding
countermeasures
01
02
03
04
05
06
Security threats and
the corresponding
countermeasures
01
02
03
04
05
06
01
Threat
Manipulation of the control panel by a malicious third party
Countermeasure

・Restricted access to print, scan, copy, and fax functions You can limit the scope of functions (such as print, scan, copy, fax) accessible by each user.
Allowing access only to the functions minimally necessary to the user’s duties helps minimize the risks of unauthorized browsing and leaks of document data.

・User authentication in conjunction with access restriction to certain functions User authentication can be carried out by password input or by using authentication devices such as ID card readers. You can limit which user can access each of these functions.

・Logging and auditing You can keep a record of print, copy, scan, fax transition/reception, and configuration changes, which can all be stored in an audit log on the device.
Regular review of the audit log allows for early detection of any unauthorized use and follow-up investigation after occurrence of any security-related incidents.

02
Threat
The product is unusable or does not function properly
Countermeasure

・Firmware signature verification The use of digital signature technology prevents unauthorized firmware updates. When the device is prompted for a firmware update, this feature checks the attached digital signature and only executes the update if the firmware is authorized.

・Secure boot This feature checks the program code upon the device startup and only allows its operation after successful confirmation of the code.

03
Threat
Data theft from the memory modules installed inside the device
Countermeasure

・Password encryption and password policies Passwords saved in the device are encrypted to protect them from leaks.
Complex rules can be added for selected passwords to prevent the creation of easy-to-guess passwords.

・TPM(Trusted Platform Module: security chip) Critically important information (such as private keys) used for encryption is stored on a dedicated security chip (TPM) installed on the device.

・Encryption and mirroring of HDD/SSD data When data is recorded to the HDD/SSD within the device, the same content is encrypted and saved in a separate location. This way, all the important customer data is protected from data leaks, tampering, and accidental loss due to issues such as hard drive failure.

・Initialization of user data and erasing stored data from the HDD/SSD When disposing of or transferring the device to another party, all the configurations and data stored in the device (including the data saved on the internal HDD/SDD) are reset to factory defaults (initialized) in order to prevent leaks of any confidential information.

04
Threat
Important printed documents seen by a third party
Countermeasure

・Password-protected printing When this feature is enabled, it only allows printing after entering a password directly on the device. This prevents data leaks that result from the unauthorized browsing of the documents in the printer output bin.

・Authenticated printing and authenticated scanning With the Epson Print Admin or Epson Print Admin Serverless option, you can require printing authentication using an IC card or another authentication device to ensure that the authorized person is present to pick up the printed materials. This helps prevent the misplacement of important documents and leaks of confidential information.

05
Threat
Unauthorized device operation and configuration changes by intrusive programs
Countermeasure

・Run-time intrusion detection This function monitors control programs running on the device and terminates unauthorized invasive programs.

06
Threat
Theft or alteration of confidential information during data transmission
Countermeasure

・IPsec/IP filtering (Security Architecture for Internet Protocol/Internet Protocol filtering) IPsec protocol encrypts communications between the printer and a computer or user, protecting the data from leaking.
IP filtering approves the transmitted data by their IP address and prevents unauthorized access by filtering out the transmitted data from unauthorized terminal devices.

・HTTPS/TLS connection (Hypertext Transfer Protocol Secure/Transport Layer Security connection) These protocols encrypt the transmitted data when they access the internal Web server (WebConfig), helping prevent data leaks.
Epson uses TLS1.3, the latest encryption technology.

・IEEE 802.1X, WPA3 (Wi-Fi Protected Access 3) IEEE 802.1X is an authentication standard that prevents unauthorized devices from being able to connect to a LAN network. It allows using the device in a network environment requiring high security.
WPA3 is the latest standard for wireless local network security. All devices with the Wi-Fi function use WPA3, protecting important customer information assets from data leaks and tampering.

・SNMPv3 (Simple Network Management Protocol version 3) SNMPv3 is a protocol for monitoring and controlling information on devices that supports encryption and authentication. SNMPv3 protects the device from unauthorized configuration changes and data leaks.

・S/MIME(Secure/Multipurpose Internet Mail Extensions) When using functions such as Scan to Mail or fax forwarding, this protocol encrypts and adds digital signatures to electronic messages protecting them from tampering and leaks.

Initiatives inthird-party evaluation of product security

At Epson, we involve independent third-party organizations in the product security assessment to objectively verify the security functions of our products. At the same time, we also strive to predict potential future risks and introduce improvements to prevent them.

ISO15408/IEEE2600.2™
ISO/IEC 15408-certified products comply with IEEE Std.2600.2™-2900, the international standard for information security. The CCRA certification mark indicates that the product assessment was conducted in accordance with the “Japan Information Technology Security Evaluation and Certification Scheme” and that the assessment results were verified. This certification mark does not guarantee that the product has no vulnerabilities and is equipped with all security features necessary to operate within a particular operational environment.
IoT Security Validation Testing Program
This means that the product has passed the “Device Penetration” testing under the “IoT Security Validation Testing Program” conducted by Keypoint Intelligence - BLI (Buyers Lab), an independent assessment agency in the United States.
BMSec (only within Japan)
This means that the product security complies with the “Business Machine Security Program” (BMSec) scheme developed by the JBMIA (Japan Business Machine and Information System Industries Association).

To ensure security when using our products

Before using the device, you must change the default factory configuration settings to suit your environment. Especially, make sure to implement the appropriate security measures related to the administrator passwords, internet connection, and wireless LAN network connection settings.
Please refer to the Security Guidebook for more details.

Administrator passwords

We highly recommend configuring individual passwords for each administrator user during the initial device set-up. If you keep the default factory settings or do not set the administrator passwords, there will be a risk of unauthorized access and modification of the configurations and data stored in the device. There will also be a risk of leaking IDs, passwords, personal information from the address book, and confidential information.

Connecting to the internet

Do not connect printers and multifunctional printers directly to the internet. Instead, install them within a firewall-protected network. We also recommend setting up a private IP address. If you connect to the internet directly, your networks may become subject to unexpected security risks, such as unauthorized data manipulation and leaks.

Wireless LAN networks

When using wireless LAN networks, make sure to implement the appropriate security measures.
Wireless LAN allows you to receive transmitted data from computers and smartphones using radio waves, so you can freely access the network within reach of the radio waves. However, if you do not properly configure the security settings, the transmitted data may be intercepted and accessed without authorization by a malicious third party.  

Security software

Reduces the security risks associated with leaving printed documents unattended.
01
Issue

Printed documents were accidentally left unattended next to the printer. As a result, important information was exposed to a third party.

icon
02
Proposed solution

Epson Print Admin /
Epson Print Admin Serverless

Require authentication using an IC card to ensure the printing is done in the presence of an authorized person

icon
03
Implementation
results

Because the print command is performed after the authentication has been carried out in front of the multi-functional printer (MFP), this helps prevent leaving the printed documents unattended.

Since an authorized person is present during printing, this prevents the documents from being mistakenly taken away by a third party.

icon
Authenticated printing flow
Reduce security risks
by limiting access to a selected number of users.
01
Issue

There is a risk of information leaks when people use functions unrelated to their duties.

Having employees on different types of contracts risks internal documentation leaks.

icon
02
Proposed solution

Epson Print Admin /
Epson Print Admin Serverless

Limit the operation of multi-functional printers (MFPs) to registered users

icon
03
Implementation
results

Limiting access to selected MFP functions for registered users can prevent leaks by reducing inappropriate MFP operations.

icon

Bulk firmware update

Use the latest firmware versions for the safety and security of your devices.

01
Issue

Concerns related to device security risks and vulnerabilities. How to make sure that the device firmware is up to date to prevent security threats.

icon
02
Proposed solution

Epson Device Admin

Whenever there is a need for a firmware update for any Epson printers and MFPs, it can be done automatically.

icon
03
Solution

You can remotely check and update the firmware on all devices. We offer an environment that allows you to identify the devices that require an update, keeping all your device firmware up to date so that you can safely use your devices and be protected from security threats.

icon