Jamf After Dark: get to know Jamf Threat Labs
Get an inside look at Jamf Threat Labs in this episode of Jamf After Dark.
Our favorite co-hosts Kat Garbis and Sean Rabbitt welcome Jaron Bradley, Director of Jamf Threat Labs, who talks about his team’s operations.
What is Jamf Threat Labs?
Years ago, there was a general feeling that if you’re on an Apple device, you’re safe from cyber threats. When Apple devices had a smaller market share, this was somewhat true. But as more organizations adopt Mac and other devices into their device fleets, Apple devices are increasingly targeted. To respond to these growing threats, Jamf Threat Labs was born.
Bradley explains the aim of Jamf Threat Labs: to find threats in the Apple ecosystem and to make sure our customers are protected from those threats. Jamf Threat Labs looks at various products, with different teams working on different threat types.
A day in the life
To quote Bradley, “When you’re on a research-heavy team, options are not limited.” Jamf Threat Labs focuses on the most pressing needs, as determined by their team. Their tasks could be:
- Keeping an eye on pirated apps to identify malware
- Referencing VirusTotal for malware in the wild
- Running malware rule sets in databases
- Developing tools
Research is conducted on Mac minis that are isolation from the corporate environment. The team uses APFS snapshots, or as Bradley says, they are “running malware on bare metal.”
VirusTotal proves a useful tool for Jamf Threat Labs and many other threat hunting teams. Researchers are able to determine how well-known potential threats are to the cyber community by running it through VirusTotal.
Upon identifying a threat, Jamf Threat Labs categorizes it using the MITRE ATT&CK framework. They also inform the community with blog posts detailing their analysis of certain discoveries.
Browse blog posts from Jamf Threat Labs.
How Jamf Threat Labs impacts customers
Bradley draws a comparison to a car and its fuel: you can have a really nice, high-end car — but it’s not going to do anything without fuel. Similarly, Jamf products are well-built, but need to be fed detection indicators to know what threats to look for. Jamf Threat Labs manages these indicators, and the product uses them.
Both Jamf Threat Labs and Jamf products like Jamf Protect and Jamf Executive Threat Protection are unique in the industry. By being (almost) entirely Apple-based, Jamf is able to hone in on Mac-specific threats. Not only does this help with identifying threats, it cuts down on the noise — it’s not generally useful to look for Windows threats on a Mac, for example.
Kernels of wisdom
In the spirit of cybersecurity awareness month, the group gives some advice.
- Compliance Reporter, built into Jamf Protect, is a useful tool to see what devices are complying with best practices — so check your compliance benchmarks!
- Compliance Editor is built into Jamf Pro, making it easy to define your security standards.
- There are a number of threats to look out for on Mac: pirated apps, infostealers and various tactics from DPRK threat actors.
Gain access to all the Jamf After Dark podcasts today!