Jamf After Dark: Unpacking Black Hat and the security findings report

Black Hat

Black Hat is a world-renowned cybersecurity event series attended by security professionals at all career levels. In this episode, Matt Woodruff recounts his time at the recent Black Hat conference in Las Vegas, Nevada, recalling a crowd of tens of thousands of attendees spanning the large expo hall and multiple floors of the convention center. This year’s conference heavily featured AI and machine learning (ML), particularly for use by IT and security professionals.

Jamf had a booth at Black Hat this year. To gather information, Jamf employees walked around the floor to see various organizations’ implementation of their own AI and ML models, asking the models, “Can you help build out a deployment strategy for getting our endpoint security product deployed with Jamf Pro?” The output by these models proved potentially helpful for IT professionals as they:

• Gathered various endpoint security products
• Explain what their installation process looks like
• Identified what their API endpoints and calls were
• Presented the deployment model, as suggested by Apple’s documentation
• Scripted out the necessary API calls

Jamf was represented at a number of sessions, with topics ranging from key research findings on macOS zero-days, how to become and succeed as a CISO, the Jamf Trusted Access experience and research around the MITRE attack framework and macOS.

Security 360: Annual Trends Report

Each year, Jamf Threat Labs analyzes the threat landscape affecting the modern workplace — their findings culminate in the Security 360: Annual Trends Report. This report lists these major areas of concern:

• Social engineering
• User privacy
• Novel threats
• Compliance
• Workforce distribution

Woodruff notes that the findings in this extensive report are being validated by presentations at Black Hat and other conferences like BSides and DEFCON. Social engineering is of particular interest, as it’s popular with bad actors who don’t have to bypass Apple’s intrinsic security and privacy features, and can instead let the user give them the information they need to compromise their device. AI and ML models can help defend users from such attacks by recognizing tell-tale signs of phishing that a user could glaze over.

This report states that 31% of organizations last year had at least one user fall victim to a phishing attack. Jamf can help organizations defend against this with tools like MI:RIAM, Jamf’s ML engine. Jamf can block users from accessing phishing websites, even if they click on a malicious link. This not only defends users and their organizations — it also means Jamf has insight into what threats users are clicking on.

Beyond AI and ML, implementing Zero Trust Network Access (ZTNA) in your organizations adds an additional layer of protection, separating work traffic through your organization’s network and security measures.

At Black Hat, Woodruff came into contact with multiple people interested in Jamf Executive Threat Protection, Jamf’s advanced detection and response solution for executives and other high-profile individuals. This solution addresses a number of the areas of concern mentioned in the security trends report — it protects users from malicious links or spearphishing attacks and keeps devices free from compromise, wherever the user is located.