JNUC 2021 Jamf security takeaways

It is an understatement to say that digital transformation, or the transition to hybrid or remote work environments, is a paradigm shift of epic proportions. From a logistical and project-management viewpoint, change at this scale typically occurs somewhat glacially.

And yet, here we are at the second JNUC event occurring virtually, stemming from the global pandemic and its far-reaching effects on organizations and, more to the point, how they conduct business.

By the numbers, it’s plain that not only has this shift been critical to business continuity, and we cannot overlook the overarching benefits of continuing to support hybrid/remote environments:

• More than half of businesses have adopted hybrid work as their new normal operating standard
• More than 80% of enterprises have migrated their data to the cloud
• Hybrid/remote organizations are 26 times more likely to encounter security risks
• Just under 50% of data usage registered is not business-related, leading to potential loss of productivity and possibly increased costs due to increased reliance on expensive cellular connectivity services
• More than 70% of users use unauthorized file-sharing services, which can lead to increased data loss and/or risk to mission-critical data leaks

The overview of the presentations below highlights Jamf’s commitment to security and shoring up any pain points that organizations may experience. In concert with Jamf’s mission, these demonstrations provide ways forward to both help organizations succeed with Apple and empower their users — regardless of whether they’re working from the office or from home.

A deep dive into three of Jamf’s newest security-focused products that, when combined, provide comprehensive security protection for mobile users no matter where they are:

• Jamf Threat Defense*: End-point protection for mobile users
• Jamf Data Policy*: Content filtering and usage controls
• Jamf Private Access*: Zero Trust access to business applications

As Mike Campin explains during his session exploring new Jamf security products, these new offerings are "designed specifically to deliver advanced, in-line network services.” He followed this up with a breakdown of the new products as well as a granular outline of how they work with one another to secure endpoints, end-users and their data.

Sam Allcock introduces a Windows version of the Unified Connection (UC) app in the Jamf on Windows Unified connection protection and control session. Once installed on endpoints, it allows for management and protection of the data connections used by end-users, to enable productivity. Furthermore, UC is manufacturer-agnostic, meaning it can be run on any PC running Windows 10 or newer; on any form factor; to protect any connection; whether it be Wi-Fi, wired ethernet or cellular.

Some of the benefits of using these apps are that they offer:

• Lightweight, mobile-friendly apps
• Intuitive user experience
• Real-time end-user notifications
• Policy for win32 and UWP apps
• Deployment support for (mobile device management) MDMs & package managers

Adam Boyton's presentation Threat Defense: Protect your mobile user services and organizational data from malicious intent, sums up the point in one short sentence: “The enterprise perimeter has fallen."

For those who have migrated or are migrating to a hybrid or remote work environment, you’ve likely already come to terms with this very real fact: users are no longer safely nestled behind the company firewall and other security appliances. However, for those that haven’t made the leap (yet) or are investigating the solutions that can make that pivot, take a moment to let that set in.

This doesn’t mean that the proverbial wheel must be reinvented. Rather, consider it to me choosing the right tools for the job. Jamf provides protection against phishing and other forms of mobile security threats. As outlined below, it does not simply detect these types of threats but goes further. It actively prevents several varieties of threats from infecting your devices and compromising end-user data with:

• Device Security: detect and prevent on-device threats including malware and vulnerabilities
• Internet Security: prevent web-based cyber threats including phishing, ransomware and data leaks
• Conditional access: real-time contextual policy dictates access to sensitive data resources

In his security operations center session, Milind Patel discusses how “Jamf is uniquely positioned to provide deep insights beyond simple threat detections.” Patel shows the options available to connect threat event data, such as centralized logs, with security event management software. Admins can then use this data to extend capabilities and/or design workflows to maximize the security posture of your endpoints.

Some of the risks on the device and in the network that Jamf's security products fight are:

• Risky apps: ranging from malware to data leaks to trusted apps that may need patching due to known vulnerabilities.
• Infrastructure attacks: commonly seen attacks in the wild, such as Man-in-the-Middle (MitM), SSL Stripping and the number one mobile attack: Phishing.
• Configuration vulnerabilities: misconfigured device settings that may be improperly set or have been changed by the end-user or a malicious app.
• Network-based risks: Command & Control (C2), suspicious app downloads and other forms of attacks that seek to compromise the network and/or the services it provides.

For those wanting to understand the data science behind threat hunting or those interested in learning more about detecting phishing websites, attend Pavel Krcma and Surbhi Kapoor's session Using image comparison algorithms to detect malicious 0-day apps and domains. There, they dive into how to validate a PoC using Convolutional Neural Networks to detect mimicked images of app icons.

The fascinating presentation analyzes the metadata and resources used by threat actors when creating phishing websites based on commonly accessed targets, such as online retailers and banks. Using algorithms to compare and detect which data —such as banner images and icons— are not identical at the binary level despite visually looking similar. Kapoor, a data scientist for Jamf, provides a wealth of information as he correlates data obtained from both real and phishing websites to obtain datasets and performance statistics that aid in evaluations.

In a similar vein, Zero Day phishing protections in the cloud focuses on further identifying phishing threats in the cloud through the use machine learning and data analysis to protect endpoints both locally and on the networks they communicate over.

Included in Dr. David Pryce’s presentation is a series of supporting points to the strength of the Jamf Threat Defense* application and its powerful MIRIAM advanced-threat intelligence engine to detect, prevent and mitigate risk across your entire Apple fleet:

• Data science and automation with dedicated R&D
• Multi-modal machine learning
• Dynamic content classification
• Consistent track record of threat discoveries
• Unique zero-day phishing algorithms
• Known and zero-day malware detection
• Traffic disposition and reputation
• Anomaly identification

Switching gears a bit, attendees that wish to gain a better understanding of the newest Jamf security software applications will feel right at home as they’re guided by Lucas Kemperman in this interactive lab session discussing Jamf Threat Defense*, Jamf Data Policy* and Jamf Private Access*.

The session goes hands-on with the admin portal that provides you with access and control of Jamf Data Policy*, Jamf Threat Defense* and Jamf Private Access*. Kemperman tours you through some of the basic processes involved in onboarding new customers, setting up devices and creating policies used to manage endpoint security and ensure compliance.

When rethinking how we protect the enterprise in this age of remote/hybrid work environments, we need to understand that the criteria has changed. Jamf’s security offerings address these new criteria comprehensively in a way that traditional security apps do not. Several key bullet points are touched upon to really drive the message home that not only are users working remotely (and increasingly working from mobile devices) but that the apps they’re working with are everywhere in the cloud:

• Data is moving outside the perimeter: remote work has increased by a factor of four in the last decade
• Business apps are moving to mobile: 70% of workers are not sitting at a desk in the traditional office setting
• Apps are on-premises and in clouds: 85% of workloads are migrating to the cloud
• Productivity requires connectivity: 72% of organizations seek to modernize their remote access technologies

Pivoting slightly, we present the Jamf Data Policy* enforce acceptable usage policies session. Our host Suzan Sakarya delves into implementing and managing policies through the Jamf Data Policy* solution. This can ensure acceptable usage, eliminate shadow IT and block unwanted/unauthorized content on your organization’s Apple devices.

Sakarya provides some use cases that apply to a variety of business industries. She targets some key issues that now occur in greater numbers due to the rise in remote/hybrid work environments, such as the need for:

• Content filtering: extend filtering policies from Mac devices to mobile devices
• Roaming travel: use roaming profiles to control connectivity costs
• Network usage controls: manage data pools to prevent overages
• Student safety: safe internet access over Wi-Fi and cellular connections

In addition to the policy-based controls, Sakarya also touches on the helpful admin and user alerts present within Jamf Data Policy*. They help to gain usage insights over merely usage metrics. They also enable worker choice programs while upholding data security policies, allowing organizations to customize policy enforcement to best suit their needs through flexible, yet powerful tools.

For our final presentation in this series, we join Matt Matt Vlasach for an overview of Jamf Private Access* in Deep dive Zero Trust network access. In addition, we dive into the architecture behind the software and culminate with a close look at how it works to protect endpoints that belong to your organization.

The key takeaways about Jamf Private Access* are:

• Cloud-based access is a high-performance, easy-to-use remote access platform with end-to-end layer three routing. It offers easy-to-use web-based management and is designed for global scalability + high availability.
• Zero Trust (ZTNA) is next-generation network access security architecture that adheres to the zero trust framework using managed and conditional access for real-time enforcement.

Vlasach also explores the benefits between using various Jamf technologies in the portfolio, specifically in this case referring to Threat Defense*, Private Access* and Data Policy*. They enable users to expand the capabilities of each to form integrated threat detection and response workflows to actively monitor, detect, prevent, mitigate and report security threats in real time.

This is a good place to mention that Vlasach does a superb job of extensively investigating Jamf Private Access* with a wealth of information regarding its capabilities and underpinnings that speak to the heart of how exactly it achieves its aim of protecting your endpoints from modern threats. Furthermore, an extensive real-time demonstration rounds out the visual representation of what admins and users can expect when using Jamf Private Access* to secure endpoints, manage remote communications and gather detailed event logs that provide granular data relating to application usage, network traffic analysis, internet connection metering and security protocol use.

*As of February 2023, Jamf Data Policy and Jamf Threat Defense capabilities are included with Jamf Protect. Jamf Private Access capabilities are included with Jamf Connect.