Jamf Protect Series: Securely welcoming macOS into your business

More and more businesses are relying on Mac for the needs of their employees. Learn how you can bring macOS on board while maintaining the security of your fleet.

September 24 2020 by

Mark Walker

In the previous blog in this series I talked about the increasing penetration of macOS into businesses of all sizes and that macOS has built-in security features aimed to prevent infection by malware. We also discussed how these tools operate quietly in the background to help keep your Mac devices safe.

That’s all well and good, but how can we get visibility into what’s going on in the Mac estate? In my earlier career I was responsible for a client estate of many thousands of machines. That’s why I know there’s no way that enterprise administrators want to be collecting log data from individual Mac devices simply to look at events or examine compliance status. If you’re in any way responsible for the security of your client computing estate, whether it be Windows, macOS or a mixture of both, you’re going to need a solution to pull together all this data and to do the analysis to demonstrate that your chosen toolsets are doing their job.

You’re probably thinking, “Wouldn’t it be best to pull everything into a central pane of glass solution and combine data from all of our endpoints, regardless of vendor?” In seeking to answer this, we really have to look at the technologies we’re managing. Though there are benefits in single pane of glass working models, the reality is that there aren’t many commonalities across ecosystems (For example: Apple vs Microsoft vs Google). This, coupled with their unique and frequent upgrade cycles means that there is actually no one-size-fits-all approach to endpoint management. Instead, I’d offer that it is better to manage by ecosystem. There’s a good article called “Shattering the Single Pane of Glass Management Model”[1], which describes this thinking in more detail. The hyperlink is in the footnote below and is definitely worth a read.

So why Jamf? As I mentioned briefly above, in my earlier career I was responsible for the smooth running of an IT estate numbering into the thousands of endpoints, including both Microsoft and Apple clients. I first discovered Jamf as a customer and it revolutionised my thinking in terms of how we could manage our estate. Until then we’d thought in the terms we were used to — those being based on our Windows experiences and expertise. Jamf changed this for our Apple team significantly and for the better. In the end, I thought so highly of it that I ultimately was lucky enough to join the company.

Jamf is the standard in Apple Enterprise Management, and trusted by IBM, SAP and 40,000+ other business and schools around the world. Jamf delivers solutions that allow businesses to connect, manage and protect Apple products, apps and corporate resources in the cloud without ever having to touch a device. In this series, I’m going to call out two solutions to show how we can efficiently prevent macOS malware, detect Mac-specific threats and monitor endpoints for compliance.

Meet Jamf Protect[2], a solution 100% focused on protecting macOS endpoints. That’s an important difference in the security market for the following reason: there’s no point scanning a Mac for Windows malware or using Windows attack vectors.

Many security solutions available at present claim to be client-agnostic, meaning the solutions work both on Windows and Mac. This is strange because we already know that Mac and Windows are very different technologies. Therefore, it follows that vulnerabilities targeted on Windows are usually harmless to Mac — and the same in reverse. Given the prevalence of Windows in the Enterprise right now, it’s highly likely that most of the security research being done by device-agnostic solution vendors is currently focused on Windows, leaving your Mac estate exposed. Either that or it’s scanning for malware that can’t affect macOS. There’s a benefit to a solution that is 100% made for Mac, quite simply because there are no distractions trying to find anything else.

Jamf Protect provides visibility into Mac devices in an enterprise environment by pulling together information about what the macOS native security tools are doing. The Mac endpoints still quietly do their thing, but we then capture all of this activity and bring it together into dashboards for your analysis. We can show what installations Gatekeeper has blocked and where XProtect transparently detects and remediates a malware attack. This means we can report on the relative patch levels of the signature databases which feed Apple’s native tools.

These functions alone bring Jamf Protect to a level of functionality not typically offered by other vendors. But we go quite a few steps further; since we’re bringing back data from Mac endpoints about security status, why don’t we look at any other data which might be useful to enterprises and businesses? macOS devices all log information into a construct called the Unified Log. It’s incredibly detailed and useful in the rights hands, but reading it natively is only possible on individual endpoints. With Jamf Protect, we can select different components of the Unified Logs and pull this data back to a SIEM solution of your choice. We see businesses using Splunk and we work really well with this SIEM, but we’re agnostic — we can get this data into any SIEM that can communicate via JSON over HTTPS. If you combine this with your security data, the result is an amazing insight into the events that occur in your Mac environment and the security implications.

The next part in this series is going to be an important one because I’m going to call out two of the most exciting features in Jamf Protect:

  1. Advanced remediation with Jamf Pro — demonstrates the true value in using Jamf software to manage the entirety of your Apple ecosystem
  2. Behaviour-based malware detection — this one is a game-changer! Jamf Protect doesn’t need to rely on malware signature hashes, because it can detect “unknown” malware simply by the way in which it acts.

Missed the first part of this series? Check out, "Jamf Protect Series: macOS quietly keeps you secure". Make sure to also stay tuned for more instalments to learn how you can best secure your Apple devices.

Want to make this solution your own?

Ensure your Apple devices are safe from threats with your trial of Jamf Protect.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.