Instant activation for vulnerability management

Viewing vulnerable applications or operating systems is a need for any InfoSec team. Instant activation in the Jamf Security Cloud (JSC) allows organizations to automatically create device records without having to deploy additional security capabilities to the device.

Vulnerability management in Jamf for Mac

Vulnerability management data refers to the process of identifying, evaluating, prioritizing and remediating security weaknesses in systems and applications. Part of Jamf for Mac, the vulnerability management report provides a dashboard view of an organization's Mac devices and any vulnerabilities in their OS or in UEM-supported apps. It scans for Common Vulnerabilities and Exposures (CVEs) published in the National Vulnerability Database or discovered by the Jamf Threat Labs team. These devices are then assigned a device score based on the Common Vulnerability Scoring System (CVSS).

With this report, Mac admins get clear, deep insights into any vulnerabilities in their Mac applications or operating systems.

Mac or security admins can also push vulnerability management data to their Security Information and Event Management (SIEM) software. Centralizing data with a SIEM enhances a security team's ability to detect, investigate and remediate security gaps before they lead to serious incidents. Forwarding this data to an organization's SIEM means organizations:

• Gain insights to track vulnerabilities across the network
• Correlate vulnerability data with other security events
• Detect potential exploitation attempts.

Instant activation

For organizations without devices in the Jamf Security Cloud, Jamf for Mac's capabilities allow them to pull vulnerability management data without having to deploy an agent, configuration profile or gateway to the Mac. If you already have devices in the Jamf Security Cloud, read on to learn more or reach out to the Jamf support team to learn how to turn on the feature.

Here is how it works for new accounts:

Step 1: When configuring a Unified Endpoint Management Connector (UEMC) for Jamf Pro, there is a checkbox to auto-populate Jamf Pro devices for vulnerability checking. (The box is checked by default.)

Step 2: Upon saving the UEMC integration, you will be asked to select which device groups from Jamf Pro should be auto-populated, and an activation profile with a “Vulnerability Management” capability will be automatically created.

Step 3: Once UEMC contacts Jamf Pro, it requests a list of all the devices in the groups that were selected. These devices will then have records generated for them in JSC and automatically assigned to the “Vulnerability Management” activation profile.

Step 4: Once records are created, JSC will make an additional request for device app inventory and OS version and will then run these results against the JSC vulnerability engine, giving the devices a risk score without requiring any configuration profile to be pushed down to the device.

What if I already have devices in JSC?

If you are already using web protection or another Jamf Security Cloud capability, great! You can still use instant activation, but for now it will have to be configured in a new JSC tenant. This is free and can be quickly provided by contacting Jamf's support team and letting them know you want to try out instant activation for Vulnerability Management.

What's next

We are excited to bring this update to our customers and provide a better experience for vulnerability management. With only one agent on the device (whether that is Jamf Trust or another tool), organizations can get a full view of their vulnerability management for every managed device. Now, with instant activation, organizations can do this without causing any conflicts with gateways, configuration profiles or other agents installed on their devices.

Get started with Jamf

For over 20 years, Jamf has been the leader in Apple-first management and security, helping organizations with an Apple-first platform have a full understanding of any vulnerabilities in their applications or operating systems. With this updated release, organizations can more easily view, act on and remediate vulnerabilities across their ecosystem.