For those who have been watching the Mac compliance and security world, today is the day you’ve been waiting for! Today we launch Compliance Reporter, built upon the technology Jamf acquired from cmdReporter earlier this year.
Security visibility and compliance for Macs
We have long been advocating for more visibility into Mac activity for threat hunting purposes and compliance checks that help organizations maintain security standards on their Macs. As cloud usage, web-hosting platforms, complex supply chain networks, and regulations keep growing, these topics have only become more important. And they’re not just an IT consideration. Regulatory responsibilities, keeping audit logs and collecting data about device activity are a shared critical business function between IT and security that ultimately protects the confidentiality, integrity and availability of data.
For many customers, Jamf Protect helps them build out a program to meet their regulatory compliance needs and setup threat hunting efforts. However, organizations in strongly regulated environments often hit a fundamental wall: cloud native security solutions, like Jamf Protect, that have not gone through the FedRAMP certification yet are simply not feasible.
Compliance Reporter provides an auditing and compliance reporting solution for macOS that does not rely on any cloud infrastructure. It deploys from your own Jamf Pro instance to your Macs. From there it monitors endpoint security settings against some of the most common benchmarks and provides in-depth visibility into critical network, process, system and user activity. Compliance Reporter then pushes all of that data directly from your endpoints to your SIEM or other data-analytics tool of your choice.
But won't that add a lot of noise?
Let’s take that in two steps.
1. Security hardening benchmarks
Compliance Reporter has a series of security benchmarks that it validates against on the Mac: NIST 800-53, NIST 800-171, CNSSI and DISA-STIG. You can then decide which parts of those standards are relevant to you and which are not.
2. Activity data for threat hunting
If someone were to track all activity and logs from an average Mac, they would collect over 40GB of data per device per day. We imagine your security team would have some thoughts on all the new data and the new noise they would have to have to deal with. And your procurement/finance team? They’re already anticipating how much your SIEM bill will go up with all that extra data.
But we have (more) good news. Compliance Reporter is designed to filter out the useless noise and keep only that macOS data which will actually help you hunt for threats. As a result, the default configuration of Compliance Reporter only collects approximately 4-10MB of data per Mac per day. Now you can really expand your threat hunting efforts to your Macs the right way without overburdening the security team or blowing up your data ingest/retention costs.
Integrated into the Jamf Platform
Of course, we know that managing your security tool deployment is often… annoying. New consoles, complicated deployment instructions, etc. Compliance Reporter is easy to deploy and manage with Jamf Pro. Everything you need to push it to your devices and configure it to your needs can be done from the console that you’re already familiar with.
And as with Jamf Protect, Compliance Reporter is built on top of the macOS frameworks, such as the endpoint security framework, that allow us to minimize the impact to the user experience of a monitored device and support the latest software and hardware on the day of its release.
But this is just the start
We have lots of ideas on how to extend the functionality of Compliance Reporter and the rest of our Apple Enterprise Management platform for security and compliance needs. Watch this space, provide us feedback and engage with us on Jamf Nation. We’ll have more to share in the future.
In the meantime, visit our Endpoint Protection solutions page if you’re interested to learn more about Compliance Reporter and how it can help you meet your compliance and audit requirements.