Jamf Blog
February 17, 2022 by Jesus Vigo

New product series: Getting to know Jamf Threat Defense

Detect and remediate a broad range of security threats including vulnerabilities, malware and questionable applications while continually assessing mobile endpoint and network risks. By combining security policies and sophisticated network protection with the detection of risky configurations, you can enforce comprehensive protection of your devices, users and apps, keeping them all safe in real-time.

Apple users, namely those who regularly use iOS and iPadOS-based endpoints, are no doubt familiar with the industry-leading security and privacy protections Apple builds into their mobile devices. And while no one is arguing that these devices aren’t inherently designed to safeguard your data, you should not view security as a singular product or practice that will address all your needs.

The reason for this is quite simple: No single tool can possibly protect against all types of threats — both out in the wild and those coming down the pike. As Apple’s popularity continues to grow, translating into more iOS/iPadOS devices in the hands of users, threats against the Apple ecosystem will only continue to grow in complexity and intensity.

Many organizations rely on the versatile iPhone and iPad lineup to maintain business continuity, communicate with employees and perform work from the office, remote or hybrid environments, so there’s a lot of data always flowing to and from these mobile devices. Additionally, many of these organizations have adopted mobile device models based on BYOD/CYOD/COPE that permit access to organizational resources alongside access to apps and services for personal use, which can introduce as much additional risk as it does flexibility.

What can be done to manage these mobile threats? How about the ones you aren’t aware of just yet? Jamf has an answer for that in Mobile Threat Defense tool, the cloud-based solution that works simultaneously on your device and in-network, providing a complete purpose-built solution to protect Apple users from malicious intent while keeping the impact on device performance minimal.

Among the features included in Jamf Threat Defense, some of the key takeaways for enterprise protection are:

  • Powerful endpoint security that detects and remediates the broadest range of threats.
  • In-network mobile threat defense that stops attacks before they begin, including zero-day phishing sites, data exfiltration and command-and-control (C2) attacks.
  • Privacy protection blocks access to malicious sites through content filtering and secure connectivity that automatically safeguards data from man-in-the-middle (MitM) threats.
  • Approval for only secure and trusted device access to organizational resources with adaptive access, which monitors device health for telemetry and contextual inputs and is enforced through adaptive access policies.
  • Real-time assessments of endpoint risk that provide your organization the insight needed to identify vulnerable devices, OS and software, in addition to those out of compliance for remediation.
  • Unified policy engine that allows admins real-time access to these reports for customized policy enforcement or export to third-party tools for expanded remediation workflows.
  • Always-on endpoint protection that works in conjunction with the mobile app and cloud-based network protection service to protect users, software and data from a variety of threats, including malware prevention, vulnerable configurations and risky network connections before threats lead to a data breach.

Mi:RIAM Mobile Threat Defense Engine - Who’s that girl?

Armed with an advanced machine learning engine code-named MI:RIAM (Machine Intelligence: Real-time Insights and Analytics Machine), Jamf Threat Defense is able to identify and prevent unknown threats such as fake mobile applications, utilizing 425 million sensors across a global network to stay a step ahead of the ever-evolving threat landscape.

25% of compromised devices accessed email services (such as Gmail and Outlook) and 34% accessed conferencing services (such as Zoom, Skype and Microsoft Teams) in 2021. Those numbers increased to 48% and 64% respectively when including the vulnerable device indicators above.” – Jamf Security 360 Annual Trends Report

In fact, a recent Verizon Mobile Security Report identified malware contained within legitimate apps, stemming either directly from poor coding practices and unmanaged applications or, as 21% of security incidents, because “a rogue or unapproved application had contributed to the incident.” These circumstances make it even more critical to have endpoint protection that not only looks at your device but at the code, processes, apps and communications that run on them in real-time to identify threats before they can become incidents.

Wax on, wax off

As uttered by the Miyagi-Do karate sensei in “The Karate Kid”, this famous line went on to be quotable long before memes became a modern-day phenomenon. Essentially, the phrase served to teach the protagonist the art of defending oneself from attacks through a relatable teaching method, in this case waxing the teacher’s car.

With purpose-built, in-network protection against a variety of zero-day threats and malicious sites, now is the time for more security — not less. Unlike the 43% of companies that sacrificed security, reported by the Verizon Mobile Security Index 2020 Report, Jamf Threat Defense takes security a step further by monitoring network communications for signs of threats — known and unknown — blocking access to identified threats to maintain the integrity, confidentiality and privacy of your data.

It also protects against spyware, like that of the recent Pegasus surveillance software that became weaponized against journalists, activists and dissidents to monitor and capture privacy data without their consent.

36% of organizations encountered malicious network traffic indicators on a remote device in 2021,” according to the Jamf Security 360 Annual Trends Report.

Never has this feature been more necessary than in the current space, what with the reliance on mobile technologies to help users do more with less. With access from anywhere in the world, traditional business practices leaned heavily into technology, as with the increased use of mobile banking. So much so, that a Dark Reading post stated the FBI warns that a noted 50% increase in mobile banking has heightened risk for users, with app-based Trojans and fake banking apps leading the pack in posing the greatest threats to mobile defense.

Do you know if any of your organizational devices are part of the four percent?

I always feel like somebody’s watching me

Fun fact: The number of devices that had a third-party app store installed increased from 1% to 4%, according to the Jamf Security 360 Annual Trends Report. While that percentage may be relatively small at first glance, current estimates place global usage of mobile devices at 5.9 million. One percent of that is 59,000 devices; extrapolated to four percent and now that number approaches almost a quarter million.

If your answer to the question asked previously is “no” or “I don’t know”, then any or all of your company’s devices could be at risk. After all, if one device is compromised, one should assume that all devices are potentially compromised until verified. And depending on your fleet’s size, that could be a lot of work. So, isn’t it better to implement endpoint threat protection that works to minimize risk instead?

For example, sideloading applications such as those that are cracked or have had their internal security broken, allowing for users to download apps without having to pay the licensing fee, pose a significant threat to device and data security. (Not to mention that this is illegal and poses some steep fines for copyright violation if your organization is found liable.) The same goes for fake or third-party app stores. Simply put, while these do have the potential to install legitimate applications, the frequency with which they are abused by threat actors to host illegal software that has had its internal code modified to deliver malicious payloads unknown to the user often renders this a riskier proposition, with threats to security far outweighing its perceived usefulness.

With that said, even legitimate apps sometimes don’t get it right either. This is not to say these apps are malicious per se, but rather may be used to impersonate identities as part of a larger, more elaborate phishing scam. In other cases, apps may have bugs in their code that expose sensitive information through data leaks or by committing privacy violations after a user has explicitly selected the do not track option within an app. Jamf Threat Defense keeps tabs on this too, providing app insights and reporting on their behaviors, allowing admins to automate remediations through policy or manually, as needed.

“5% of devices or 20% of organizations were impacted by risky device configurations.”

Jamf Security 360 Annual Trends Report

The Puppet Master

Couple this information with the statistic that “there were 79 billion visits to piracy websites between January and September 2021,” as reported by Akamai’s State of the Internet Report: Pirates in the Outfield, and it should come as no surprise that there is a risk to data, users and organizations at every turn and pass.

A few of the ways in which Jamf Threat Defense helps to stifle the onslaught of attacks is through a combined effort of safeguarding online privacy with encryption and protection against sensitive data phishing, regulatory compliance with advanced privacy features and its unified policy engine.

The latter gives administrators the tools necessary to quickly design, deploy and enforce security policies that are customized to meet the needs (and requirements) of your organization, by leveraging conditional access policies and maintaining the flexibility to be tailored further as needs inevitably change. Also, the unified operations and management infrastructure expand services, such as integrating with tools like Jamf Connect for enhanced, cloud endpoint security using IdP, simplifying event monitoring and/or extending reporting to security teams for the purposes of threat hunting.

Knowing the health of your devices and what the apps are really doing on them is only half the battle!

Jamf Threat Defense identifies risk in real time and includes the features needed to remedy it. It mitigates security threats while bringing devices into compliance with machine learning and policy automation, strengthening your security posture.

Photo of Jesus Vigo
Jesus Vigo
Jamf
Jesus is a Copywriter, Security focused on expanding the knowledge base of IT, Security Admins - generally anyone with an interest in securing their Apple devices - with Apple Enterprise Management and the Jamf solutions that will aid them in hardening the devices in the Apple ecosystem.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.