November 10, 2023 by Jesus Vigo

Defending the Digital Frontier: Safeguarding Against Malware in a Globally Connected World

For our November edition of the Jamf Security Lounge, our host Aaron Webb, Senior Product Marketing Manager, Security, is joined by guest Harald Bosman, Senior macOS Engineer and Endpoint Security Expert at Amsterdam Internet Exchange (AMS-IX) where they discuss:

How managing and securing mobile devices minimizes the risk of attack
and how Jamf plays a critical role in the defense strategy at AMS-IX

After a brief introduction by guest Bosman on his extensive experience in various roles within IT across a variety of industries, Webb and Bosman dive right into this session’s topic and how using the right set of tooling helps MacAdmins in Defending the Digital Frontier: Safeguarding Against Smart Malware in a Globally Connected World

…and how Jamf solutions play a significant role in aiding IT and Security professionals to balance identity, management and security as part of a holistic approach to security.

Apple security and the evolving threat landscape

According to Bosman, the key ingredient to maintaining endpoint security in light of the modern threat landscape is “it’s mostly visibility.” He goes on to discuss the relative ease of managing security on laptops compared to mobile devices where the process is notably a bit harder, especially when considering that threat actors are increasingly targeting mobile devices given several factors, such as distributed workforces and the rise of varying ownership models, like BYOD that impact security efficacy. Put another way, the bar is set higher for mobile devices in order “to maintain safety for all the users.”

Security risks and threat mitigation

Visibility is a critical component of endpoint security, but as Bosman points out, once you’ve gained this insight into your Apple fleet only then can you pivot over to policies to enforce configurations and execute mitigations to address security risks.

During the fireside chat, Webb asks about some of the ways that Jamf has helped AMS-IX address risk and mitigate threats. Alongside Jamf Pro and Jamf Protect for MDM and endpoint security respectively, Bosman explains how Microsoft Sentinel is integrated with Jamf Protect “to process all the logs and create a better environment.” Citing an example workflow he dubs “admin on demand”, he explains how a managed elevation of admin permissions for user accounts allows them to effectively perform admin-level tasks (when needed) for a short burst of time before the rights are rolled back. According to Bosman, this mitigates risk by narrowing the attack factor quite considerably compared to provisioning admin-level credentials to users as part of the permissions process, widening the attack factor more permanently.

Jamf solutions + AMS-IX

During the chat, Webb and Bosman discuss how Jamf solutions plays a role in strengthening the security posture of the organization. As a classic example of the power and flexibility of Jamf’s solutions, the content filtering capability built into Jamf Protect allows the blocking of web content based on a series of categories that effectively prevent users from accessing potentially risky or illegal content from devices used for work. Bosman notes the ease of use in wholesale blocking of content while waxing poetic about the ability to customize subsets of filters that provide granular blocking of specific content. He uses the example of the gambling category to highlight how a national gambling site (operated legitimately by a country’s government) could be allow-listed whereas other, more questionable gambling sites could be block-listed more categorically.